Windows 8.1: Microsoft Bakes In BYOD Security

More than a nip and tuck, the update's new security features enable admins to safeguard data on Windows devices, whether or not they’re corporate-owned.


The Start button's reappearance and boot-to-desktop options aren't the only features in Windows 8.1 that Microsoft is using to lure in business users.

On the heels of the Windows 8.1 Enterprise Preview, Microsoft is touting some of the security-enhancing software components that the company is baking into the upcoming Windows 8.1 update. Now, the Redmond, Wash.-based software behemoth is turning its attention to Windows security.

Microsoft is tightening the operating system's defenses to help enterprises cope with the challenges of an ever-changing security landscape and keeping data safe in the bring-your-own-device (BYOD) era. According to Dustin Ingalls, group program manager for Windows Security and Identity, Windows 8.1 will offer administrators new protections that reach beyond corporate firewalls and address the sometimes-risky practice of accessing business data on personal devices.

"The Windows 8.1 update offers a full spectrum of new and improved security capabilities—from features that enable devices to be fully locked down by IT, to remote security options for BYOD devices, to safeguards for personal devices that need to access business resources from home," wrote Ingalls in an Aug. 2, Windows for Your Business blog post.

Among those capabilities are mechanisms that "take away the guesswork" from the Trusted Platform Module (TPM). Microsoft is leveraging TPM 2.0 chip-based security to provide advanced encryption features, including "key attestation, which allows you to ensure your private key is safely bound to hardware instead of malware, and virtual smart card management WinRT APIs to enable Windows Store apps to set up and manage virtual smart cards," Ingalls wrote.

TPM 2.0 is also an InstantGo (Connected Standby) prerequisite, thereby allowing Windows 8.1 to extend device encryption to all editions of the OS. "If the device supports InstantGo, device encryption can be automatically enabled. As InstantGo will be available on the vast majority of devices, this functionality will be pervasive throughout the enterprise," Ingalls said.

The software maker is also working toward making TPM support standard within a few short years, allowing owners of consumer devices, which generally lack TPM-capable components, to enjoy the data-protection benefits of their enterprise-grade counterparts. "We are working towards requiring TPM 2.0 on all devices by January 2015," explained Ingalls.

Microsoft is tackling multi-factor authentication in BYOD environments by continuing to "streamline the Virtual Smart Card (VSC) management process" and extending the technology's enrollment and management capabilities to modern Windows apps via updated WinRT APIs.

Windows 8.1 will make it easier to rein in corporate data with the introduction of Remote Data Removal. The tool wipes corporate data, including emails and other data from Work Folders, leaving personal data unscathed on BYOD devices.

Finally, the company is updating its free Windows Defender software to stamp out malware that flies under the radar. New behavior-monitoring technology detects "certain bad behaviors in memory, the registry or the file system—even before signatures have been created," added Ingalls.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...