Windows RT tablets to gain some management after all

A new tool accessed via System Center 2012 will allow for policy-based access and software delivery

Microsoft will offer a type of network access control (NAC) on Windows RT devices -- that is, ARM-bases Windows 8 tablets -- as a way to protect corporate networks from harm these devices might inflict if put to corporate use. This would provide more capabilities for managing Windows RT devices from Microsoft's System Center 2012 management too, than Microsoft plans to  enable for iPads and Android tablets. (Third-party mobile data management [MDM] tools bring those capabilities and more to iOS and Android.)

The newly announced capability will be able to check the devices for compliance with corporate policies surrounding passwords, encrypting data, antivirus, anti-spyware, and auto updates, according to Microsoft's Building Windows 8 blog. This is similar but less comprehensive than what some NAC schemes do to keep devices that don't comply from connecting to networks.

[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

BACKGROUND: Windows RT tablets will add to the BYOD nightmare

TEST YOURSELF: The Windows 8 Quiz

Windows RT devices don't support applications that run on standard x86/64 machines, and until now, would accept Metro-style applications designed for Windows 8 only directly from Microsoft.

None of this made Windows RT seem any more BYOD-friendly than Android tablets or iPads. Previously, Microsoft had announced four flavors of Windows 8 -- Windows 8, Windows 8 Pro, Windows 8 Enterprise, and Windows RT -- with Windows RT lacking many of the features included in the Enterprise edition that might make the devices more palatable to businesses.

But the new client announced by Microsoft will monitor the security posture of the devices and enable downloading proprietary business applications to them. The client will communicate with an undefined cloud-based management platform that will be announced later by the team working on Microsoft's System Center.

The client's main function is to download and install Windows 8 Metro-style applications that are designed to work on both x86/64 and ARM devices. Without the agent, owners of Windows RT devices can only download applications that are stocked in the Windows Store or via Windows Update or Microsoft Update.

But Microsoft recognizes that businesses will create their own Windows 8 Metro apps that they want to deploy to personal Windows RT devices that employees might want to use for work, according to the blog.

The client will make this possible by connecting to the corporate management infrastructure and to a self-service portal, which displays applications that are available for each user to download. This provides a mechanism to download proprietary line-of-business Metro apps to employees without placing them in the public Windows Store. As the blog says, "there is no reason to broadcast these applications to others or to have their application deployment managed through the Windows Store process."

If the business or the owner of the device decides to remove it from corporate management, the client will wipe out the proprietary apps.

Before users can connect their Windows RT devices to the management service, their Active Directory settings must be changed to allow it and to specify how many devices they are allowed to connect via SSL authentication. The process involves registering the device with the network.

Each user authorized to use the management service must be specified within Active Directory as someone allowed to connect devices. Once connected, the client makes daily maintenance reports about the hardware, applies changes to settings policies on the devices, reports on compliance with those policies and updates the proprietary apps as needed.

The client also will inform the management platform whenever users initiate application installation from the self-service portal, the blog says.

Administrators will be able to set security parameters the devices must comply with such as maximum failed logins, lockout after a maximum period of inactivity, requiring passwords of specified length and complexity, imposing enabled and expired dates on passwords and maintaining password history.

The agent will also be able to set up VPN connections automatically to the management infrastructure so users don't have to do it manually. The client also will report the status of drive encryption, auto-update, antivirus, and antispyware.

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter!/Tim_Greene.

Read more about software in Network World's Software section.

This story, "Windows RT tablets to gain some management after all" was originally published by Network World.