Morning,
Can someone please tell me how to enable secureboot and bitlocker on WP8? How does it work? Is it manageable?
We're planning on using WP8 devices for our company and want to make sure our devices are absolutely secure before releasing them to employees?
thanks
SecureBoot should always be enabled, given that it is on Windows RT devices. Bitlocker it seems can only be enabled by using company policies along with Mobile device management software. For more information I would suggest you check this link: http://www.windowsphone.com/en-US/business/phone-management
StevieBallz said:
SecureBoot should always be enabled, given that it is on Windows RT devices. Bitlocker it seems can only be enabled by using company policies along with Mobile device management software. For more information I would suggest you check this link: http://www.windowsphone.com/en-US/business/phone-management
Click to expand...
Click to collapse
So you need sccm 2012 to turn on bitlocker? That sucks.
Honestly I can't tell you wether you need SCCM/inTune or if you can enable it using regular Exchange Policies. As far as I remember you can require Device Encryption using EAS but I have not tried it out yet (given that I'm still waiting for my device to arrive).
Exchange Active Sync policies set on an Exchange server can enable device encryption. I tested this with the 2007 and 2010 version.
WP8 does not encrypt SD cards though as they can only be used to store media files (pictures, videos, music) afaik. This can result in conflicts with EAS policies if they require storage card encryption.
Related
Hi all, long time lurker. Have a few questions on how the Incredible handles Active Sync 2007 policies.
Until now I have not seen an Android phone that will natively implement password protection, remote wipe and encryption settings. In fact, if you do not allow non provisionable devices, most Androids will not sync natively.
The Incredible will accept a remote wipe and a implement a device password. This has not been documented anywhere by HTC, Google, or VZW that I can find, but I have tested this and it works well.
The sole question I have left is with encryption. How can I verify if the handset is encrypting data, both messages and any attachments that are downloaded and/or viewed on the handset? I'm unsure of how the Incredible will do this as OS does not support full device encryption such as the iphone or windows mobile devices, at least not that I have found documented anywhere.
What would be the best way to test to see if the data at rest on the phone is indeed being encrypted instead of Android simply reporting to Exchange that it is doing so?
Thanks in advance...
My company requires certain security policies to be enabled on a phone for us to be able to access our exchange server. I have listed them below. Is it possible to enable extra features on the nexus s?
numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devices.
Remote wipe: Exchange administrators can remotely reset the device to factory defaults to secure data in case device is lost or stolen.
Exchange Calendars are now supported in the Calendar application.
Auto-discovery: you just need to know your user-name and password to easily set up and sync an Exchange account (available for Exchange 2007 and higher).
Global Address Lists look-up in the Email application, enabling users to auto-complete recipient names from the directory.
I'm pretty sure all those features are already supported with the Nexus S. My brother's company has the same requirements, and his Nexus S works fine with their Exchange.
My Company also request for same requirements, my android device is Froyo 2.2 and it hasn't fully compatibility. My system administrator request for Touchdown tool instead of system OS capabilities.
It might be nice to have security features included in gingerbread OS, i don't known if it includes or not now.
Thanks
Sent from my GT-P1000 using XDA App
I am pretty sure all those features are already supported as well. I work with Exchange and my Evo worked with all of those options. I imagine my Nexus S will also.
Sent from my Nexus S using XDA App
My company which uses lotus traveler to enable access to corporate mail and calendar on WM devices. I installed this on my HTC HD running WM6.5 (Dutty Leo ROM). The installation has forcing us to use strong alphanumeric passwords and also greyed out the "prompt if unused for" radio button where you would typically turn off the phone password locking. This has rendering the phone virtually unusable as it takes 3 mins to enter a strong alpha password each time you use the phone...brilliant!
Is there a hack/registry edit that I can use to un-grey this button so I can turn it off and start using my phone normally again.
Any suggestions would be appreciated...
It's probably not related to the Lotus Traveller itself, but with the company enforced policies included in the CAB file - I presume You got the CAB from the company, not the Lotus/IBM website. At least that was the case in our company, that they forced to use the simple PIN lock with Exchange sync - I was already bothered by the simple PIN, so I dropped the whole idea. But I suggest You take a look in the CAB file, if You can still get it and see what changes does it make in the registry. Or You can also ask from Your company IT guys about the WM policies they have to enforce, they should know.
Anyway, hope You have some directions to go now.
Thanks for the suggestions....
1) I tried removing the lotus traveler application - this had the effect of removing the security enforcement. I reinstalled it and it was enforced again.
2) The traveler application launches automatically when the phone boots up. So I removed it from the startup sequence. Unfortunately this did not solve the problem. So I think there must be a registry setting somewhere that is set and monitored by the application.
3) I also looked in the setup.xml file that was in the traveler.cab installation file. I could not find any registry mods that were related to security.
4) The traveler release notes say the following: Customizable device password strength enforcement rules!
Traveler provides a built-in set of default device preferences and security settings that an administrator can modify for use when a device initially registers with Lotus Notes Traveler. The default device settings for users come from the Traveler administration database default device settings document. Users can change their device preference settings from their devices, but only an Traveler administrator can change device security settings.
Suggestions?
In the last few days I have browsed the registry quite thoroughly and there doesn't appear to be key that controls whether radio buttons are active or not (greyed out). I was hoping to make the "prompt if unused for" radio button active again so I could manually switch it off.
I'm out of ideas....any suggestions pls
i have lotus traveler installed on my tp 2 i have flashed my phone many times and reinstalled lotus and have had no problems. can you post a screen shot.
Security Policy
Hi
I am a Notes admin and can confirm this is a polcy that has been set to secure company data on mobile devices. Most companies have a policy that requires company information/access be secured especially on things like mobile devices.
Think about it, your company email system would be available to anyone stealing or finding your phone. While this may not worry you, it could be a cause for concern for your company executives or auditors - and could be a compliance issue in many industries.
The policy is set on the email server itself and pushed down and enforced on the device so it cannot be bypassed.
To remove it or get a less secure PIN you will need to speak to your company Lotus Notes admin.
This is an issue I have seen before and can cause conflicts between employees who use their own phones and resent the way they use them being changed and those concerned with securing and protecting their company.
Hope that helps but the long and short is speak to your email admins. The security policy is not default so someone must have set it up that way for a reason.
MIUI used to have an option to disable the password option even when it is enabled/enforced by Notes Traveler. However the new versions of miui do not have this.
Check this link
http://miuiandroid.com/community/th...en-security-has-been-removed-fro-1-7-29.8941/
why not have the security measures focus on the app?
paulbenwell said:
Hi
I am a Notes admin and can confirm this is a polcy that has been set to secure company data on mobile devices. Most companies have a policy that requires company information/access be secured especially on things like mobile devices.
Think about it, your company email system would be available to anyone stealing or finding your phone. While this may not worry you, it could be a cause for concern for your company executives or auditors - and could be a compliance issue in many industries.
The policy is set on the email server itself and pushed down and enforced on the device so it cannot be bypassed.
To remove it or get a less secure PIN you will need to speak to your company Lotus Notes admin.
This is an issue I have seen before and can cause conflicts between employees who use their own phones and resent the way they use them being changed and those concerned with securing and protecting their company.
Hope that helps but the long and short is speak to your email admins. The security policy is not default so someone must have set it up that way for a reason.
Click to expand...
Click to collapse
so why not have the security measures focus on securing the app and the app data? personally, I don't mind the 24/7 emails...but making me lock my phone so the company can blow up my phone at 7pm on a sunday...LAME.
Are there any news? I would like to remove the LockScreen security and want to use ibm verse.
Hi,
I configured our exchange server for corporate push mail on my Galaxy Note with March 2012 firmware. There's "optional encryption" requirement in the policy, where Exchange server ask for encryption if the device supports it.
Since Galaxy Note supports encryption, it enabled the encryption and asked me for a password.
Now, each time the screen locks, I have to enter a complicated password (consisting of characters, digits & a special character!) to unlock it! The phone became very unusable!
I understood from the post of "Eviip" in the page below that this is actually a requirement from Samsung side when you enable encryption, since my Exchange policy definitely does not require this. All other colleagues with Androids that can't do encryption or using iPhone's can just type a 4-digit pin code and use their phones.
http://www.google.com/support/forum/p/Google+Mobile/thread?tid=6355566b726a0932&hl=en
Is there anything I can do for this, except buying a 3rd party mail application?
Weird, because as far add I understand it GB doesn't support device encryption, only ICS does...
What ROM are you running?
Also, did the exchange policy configure the encryption or did you do it? Because as I understand it the exchange policies don't demand device encryption, just mail stream encryption (but I'll look into that further) and that is pretty innocuous stuff...
Sent from my GT-N7000 using Tapatalk
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
thomas_d_j said:
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
Click to expand...
Click to collapse
touchdown is no option for me, because it supports 2 different exchange accounts at a time only with "profiles", which is unusable for me!
regarding your problem: i know for sure that there were some hacks for this (a modified apk which doesn't incorporate the lock requirements. the downside is: with every rom upgrade you would have to redo this hack, as the mentioned apk may change in the system itself to a newer version...
Yeah, same to me
I 've update to 4.0.3 ICS but now I want to no use password or PIN for unlock screen mean that can I not use my exchange policy? (cause my GN haven't any privacy data to secure
so can you show for me? thanks!
I finally gave up with this and used the patch that I found in the forums (for rooted phones). It works pretty well!
http://forum.xda-developers.com/showthread.php?t=1117452
I am creating a new type of security application that sits at OSI Layer 2/3 and encrypts packets of data flowing between devices. With this proven technology, I can create apps such as Secure Skype, Private Messenger and so forth and I can do things such as blend Triple DES and AES 256 bit encryption (this will eventually be an open source encryption platform) on the same communication channel. We run underneath higher level, more limited, options such as SSL and VPN and we have been working on desktops for years.
The problem is that I cannot figure out how to port my Linux version over to Android due to the need to have admin rights for my app. I do NOT want to try to force people to root their phone and I am looking for some legal option.
In Windows and Apple, you can get your code verified - in Windows it is called Windows Logo verification. In those case, your code is run through a whole series of tests, the source code is signed and that cert is then authorized for admin rights.
Given how Android works, it would seem that a similar option should exist but I cannot find anything.
Can somebody please point me in the right direction?
Thank you very much for your time.
You can give your app administrator permission only for rooted devices.