Windows Phone 8.1: The ugly
Where Windows 8.1 shows its ugly side is in the enterprise. Microsoft continues to give short shrift to enterprise needs, remaining behind what Apple provides and needlessly complexifying its use.
If your business' needs are small, you can use Windows Phone without much worry. It does support password requirements and encryption, so you can use Exchange ActiveSync policies to force such basic measures, as well as use -- finally! -- Exchange's remote wipe and lock features when necessary. Windows Phone 8.1 also adds support for S/MIME email encryption, the ability to block access to cloud storage (including Microsoft's OneDrive), certificate- and payload-based management, APIs that let mobile-device-management tools do their thing better, single-app use, app blacklisting and whitelisting, preconfigured workplace accounts, and private enterprise app store support -- all features that the iPhone already has. It also adds IT-initiated PIN reset, a feature I've not seen on other mobile platforms.
With those additions, you might think that Windows is now enterprise-ready. It's certainly much better than before, but it continues to have the kinds of holes that Microsoft keeps implementing when it comes to Windows Phone.
For example, consider the new VPN compatibility that Microsoft has finally added in Windows Phone 8.1. Yes, it works per-app, something iOS only added last year. But the built-in VPN support is restricted to IKEv2 IPSec, which means Windows Phone 8.1 won't work with most existing VPNs. If you want to use an SSL-based VPN, you'll need an app from your VPN vendor -- of which there are barely a handful. And forget about using it with the widely used Cisco IPSec VPN that doesn't yet use IKEv2 -- there's no Cisco Anywhere client for Windows Phone as there is for Android, and support for the pre-IKEv2 IPSec is not baked in to Windows Phone as it is in iOS. Per-app VPN functionality means nothing if it can't actually connect to a VPN.
And security is not the only issue that enterprises (should) care about.
The Office suite for Windows Phone is very weak, with a barely functional text editor masquerading as Word and a basically functional spreadsheet editor sporting the Excel name. There is no PowerPoint app. And there are no third-party apps that come anywhere close to the office apps available for iOS or even Android. The good news, such as it is, is that Office for Windows Phone can connect to SharePoint and OneDrive for Business, much like how Office for iPad does -- and it can share documents with other apps, unlike Office for iPad.
In a pinch, an iPhone can create and edit Office documents with the attributes most users need. An Android smartphone might be able to. A Windows Phone can't.
Finally, there's the oddity of how Windows Phone handles Microsoft accounts, the mechanism that ties users not only to the Window Store for purchases but also to other Microsoft services they may use, such as OneDrive and Windows 8 syncing. If your business uses one of the Office 365 enterprise versions, your Office 365 credentials can't be used as the Microsoft account tied to the Windows Phone. You can use those credentials for Exchange access, of course, and to enable access to the Office suite.
In other words, Windows Phone essentially forces users to mix personal and business credentials, which some enterprises can't accept. Worse, once a user enters his or her Microsoft account information, he or she can't change it without resetting the smartphone, wiping it out completely in the process. (iOS, by contrast, can be set to disable iCloud, its equivalent to a Microsoft account.) This issue extends to other Microsoft services and is bedeviling IT support staff everywhere, because no one understands that, in enterprise settings, an Office 365 account is not the same as a Microsoft account -- but it is in personal settings.
The good news is that via an MDM tool, you can use a new API in Windows Phone 8.1 to configure a Windows Phone to not allow a user to enter Microsoft account credentials. Just be sure to do that before you hand the smartphone over to the employee. Yes, I know that, on an iPhone or an Android device, the model assumes a mix of personal and business (the use of iCloud and Google accounts are heavily encouraged), but there's no confusion that those are business accounts; the fact that Office 365 accounts are sometimes the same as Microsoft accounts and sometimes not creates confusion, especially among business users for whom the difference matters most.
So, even though Windows Phone's security now rises well above that of Android (if it's still below that of iOS), its implementation is still rough. It by no means fulfills the System Center-fueled fantasies of IT guys who cry when they see yet another Apple-logged device in users' hands. If anything, Microsoft is cloning the core of Apple's approach and treating IT as an obstacle to neutralize, not a client to please. Now that's ugly!
All in all, Windows Phone 8.1 is a major step for Windows Phone, making it finally worth considering. It's still more limited than its competitors, but, for people whose needs aren't ambitious, it has a lot going for it.
This article, "Windows Phone 8.1 hands-on: The good, the bad, and the ugly," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.