Windows 10 Mobile: Not Bad, but Not Likely
Windows 10 Mobile: Not Bad, but Not Likely by Michael F. Finneran
Windows 10 Mobile is Microsoft’s best effort thus far, but its chances of success are slim. The good news is that Microsoft doesn’t really need a mobile OS to be successful.
The one part of Microsoft’s Windows 10 and the Universal Widows Platform initiative that is not getting much play is Windows 10 Mobile. In fact, it didn’t even make an appearance in Satya Nadella’s keynote at the Microsoft Build conference recently. However, I have been doing some research on it, and it really does have some very good features, particularly on the security side. In the meantime the company seems to have come to grips with the reality that it’s too late to erase all of its mistakes in mobile and a Microsoft mobile OS will never score any meaningful market share. The good news is that Microsoft doesn’t really need a mobile OS to be successful.
I got a feel for Microsoft’s new attitude toward its mobile operating system in the “Apple in the Enterprise” panel I moderated at Enterprise Connect in March. Among the panelists was Jared Goralnick, Principal Group Program Manager from Microsoft – Jared brought his iPad along with him. Jared is part of the Skype for Business team, and he made the point quite clearly that his job was to make sure that Microsoft’s software would work well on whatever device the user chooses to run it on. And, it’s not going to give any special status to Windows phones. Even Windows Phone user J. Peter Bruzzese lamented that sad fact in his piece, Office for iOS is a Slap in the Face for Windows Phone Users.
Something for the Enterprise
While the entire mobile industry is unabashedly consumer focused, Windows 10 Mobile has incorporated some solid enterprise capabilities, and most of them are included even in the consumer version of the OS. There is a Windows 10 Mobile Enterprise addition in the works, but it only adds a few features like the ability to support more than 20 self-signed applications on the device.
On the security front, Windows 10 mobile will feature a secure booting function based on the Unified Extensible Firmware Interface (UEFI) that is tied to the device hardware. Tying security to hardware is a key advantage, but only available if you control both the hardware and the software. Apple has it and Samsung has incorporated it in its KNOX security product.
Windows 10 Mobile uses the Microsoft BitLocker encryption technology that is on by default. Google had promised default encryption in Android 6 (Marshmallow), but had to back off that commitment due to the number of low cost Android phones on the market that don’t include crypto chips, which would have slowed to a crawl using software-based encryption.
For authentication, Windows 10 Mobile supports Microsoft Hello for biometric authentication using fingerprints, facial recognition or iris scanning. In the future the company plans to use the authenticated Windows 10 Mobile smartphone as a token to authenticate a nearby PC. As on the iPhone, the biometric image is converted to an algorithmic form and the original image is destroyed to prevent tampering.
All Windows 10 devices, both desktop and mobile, include a built in mobile device management (MDM) client and support the Open Mobile Alliance’s Device Management Protocol 1.2.1. As a result, they are compatible with almost all of the major MDM platforms including VMWare AirWatch, MobileIron, Symantec and even BlackBerry as well as Microsoft’s own Intune MDM platform.
Probably the most interesting capability is the soon to be released Enterprise Data Protection (EDP) capability, Microsoft’s approach to data loss prevention (DLP). The standard approach to DLP that we have seen from the MDM providers involves implementing a secure container on the device, essentially a separate encrypted region on the device for corporate applications and files. IT can then define policies for how data in the container is treated. That would include restricting printing, copy & paste, or prohibiting data from being forwarded to personal email accounts or non-secure cloud storage. Besides the inconvenience of having to log into the container to do any work functions, the Android for Work version requires you to have two copies of any application you want to use for both business and personal tasks.
In Microsoft’s EDP, apps are merely identified as business (called “trusted”) or personal (called “untrusted”), and data for business apps is automatically encrypted and the appropriate DLP policies applied. You can also have what are called “enlightened” apps that support both business and personal use. For example, you could have Outlook email with both business and personal accounts, and DLP policies would automatically be applied to any business emails.
You can also configure it so that if a user attempts to forward business emails to a personal account or to any storage location not specifically identified as “trusted,” the action could be blocked outright, or the user could be given a prompt that what they are about to do is outside of policy and give them the opportunity to cancel or proceed with the action. If they proceed, an audit trail is created. EDP is also compatible with Microsoft Rights Management Services (RMS) so those controls can be extended down to the file level.
There are also few more technical but decidedly leading-edge capabilities like Control Flow Guard and Remote Attestation that add up to tighter security but done in a manner that is essentially fully transparent to the user.
Where Are the Apps?
At the end of the day however, the success of a mobile OS hinges on the availability of apps, an area where Microsoft remains sorely lacking. Part of the plan with the Universal Windows Platform (UWP) initiative where any Windows 10 app can run on any Windows 10 desktop, laptop or mobile device (or an X-Box controller for that matter); UWP apps will automatically adjust to a touch interface versus a keyboard-mouse interface. How effectively that works remains to be seen.
Some see this as a strategy to address the paucity of mobile apps, however, at this point it appears that Microsoft has all but abandoned Steve Ballmer’s "devices and apps" strategy and moved on – wise move on Microsoft’s part.
No doubt the abortive Nokia acquisition that occasioned a $7.6 billion write down last year has been a thorn in Mr. Nadella’s side; the additional 1,850 layoffs and additional $950 million write-off announced last month are simply “after-bleed.” However, now that Mr. Ballmer’s “devices and services” anthem has been put out to pasture, the company appears to be redirecting its focus. So in the end, even if Windows 10 Mobile does turn out to be yet another Microsoft failure in mobile, Microsoft still has a lot of bigger fish to fry.