Microsoft added BYOD security policy to Windows8.1

In the new Windows 8.1 version, Microsoft provides the "Start" button and boot-to-desktop mode. However, these two features are not the only highlight of Microsoft's use to attract enterprises. At the recently held Black Hat conference, Microsoft launched the enterprise-friendly Windows 8.1 enterprise preview version. Microsoft announced that it had added the security enhancement software component to the coming windows 8.1 version. Now Microsoft is focusing on Windows security.

Microsoft is strengthening the defensive power of its operating system to help enterprises cope with the ever-changing security environment in the BYOD era and the challenge of protecting data security. Windows security and identity Project Manager Dustin ingils said that Windows 8.1 will provide new protection for administrators, which can go beyond the Enterprise Firewall and address the risk of accessing enterprise data on personal devices.

"The new Windows 8.1 provides comprehensive enhanced security features that not only allow IT to completely lock devices, but also provide Remote Security Options for BYOD devices, to protect the security of personal devices that require access to enterprise resources from home."

Some of these features come from the Trusted Platform Module (TPM). Microsoft is using TPM 2.0 chip-based security to provide advanced encryption functions, including "Key Authentication-allow you to ensure that your private key is securely bound to hardware, rather than malware, there is also the virtual Smart Card Management WinRT API to ensure the setting and management of the Windows Store application ".

TPM 2.0 is also a prerequisite for InstantGo (Connected Standby, connection status Standby), allowing Windows 8.1 to extend device encryption to all versions of the operating system. "If the device supports InstantGo, device encryption is automatically enabled. As InstantGo is gradually popularized among the vast majority of devices, I believe this device will spread across the entire enterprise ."

Microsoft is still committed to making TPM support a standard within a few years, so that consumers can enjoy the Data Protection advantage of enterprise-level devices, because consumption-level devices often lack TPM components. "We expect to support TPM 2015 on all devices by 2.0," ingils explained ."

Microsoft is solving the problem of multi-factor authentication in the BYOD environment. Its initiatives include continuing to "simplify virtual Smart Cards (VSC) management process and extend the recruitment and management functions of this technology to modern windows applications through the updated WinRT API.

By introducing the remote data deletion function, Windows 8.1 can easily control enterprise data. This tool can remotely clear enterprise data, including emails and other data from the work folder, so that the personal data on the BYOD device is "non-destructive ".

Finally, Microsoft also updated its free Windows Defender software to prevent malware attempting to circumvent checks. The new behavior monitoring technology can detect some bad behaviors in the memory, registry, or file system-even before being created.