Microsoft has been publishing Windows 8.1 corporate previews for months, so what are some of the security concerns?
Perhaps the most compelling security feature of Windows 8.1 is that it simplifies data encryption and the process of remote erasure of employees ' own devices. In addition, biometric identification and multifactor identity authentication are included. In fact, Microsoft has always attached great importance to security. Many of the new features of the 8.1 release are also focused on supporting BYOD, which is great for many IT administrators, as it eases their long-standing trade-offs between BYOD and enterprise security. Here's a look at the security aspects of Windows 8.1 enterprise features and related tools.
Although password authentication has been eliminated for some time, users still do not seem to have found a good alternative. To allow users to see the advantages of dual-factor authentication, the security features of Windows 8.1 support virtual smart cards that switch devices to a second-tier security factor. And through the dual-factor identity authentication, the equipment can take full advantage of the workplace join function. In this way, users do not have to fully join a domain, and do not fully control the device to the IT department. In addition, Windows Server R2 ensures that only registered and trusted devices can access enterprise data.
Windows 8.1 Enterprise Edition also improves biometric authorization support by embedding fingerprint sensors in the keyboard, laptop shell, or tablet panel, which greatly reduces user reliance on passwords. Users should know that they can use biometric authentication once they encounter Windows credential prompts.
In addition, it is simpler for us to manage users who connect enterprise resources through the VPN. With DirectAccess technology, access to enterprise resources can be set up to automatically trigger a VPN connection. DirectAccess can also track security policies and automatically update security software and policy upgrades for remote computers.
The Windows 8.1 Enterprise Edition also enhances the ability to prevent malicious software. Windows defender can now support network behavior monitoring that can scan memory, registry, or file system malware and malicious behavior before it is executed. Also, Internet Explorer 11 has binary extensions, such as ActiveX, that can scan malware before code executes. and selective Wipe, which is a remote data erasure management software that allows employees to keep their personal data clean with the enterprise data on their own devices. In addition, if the device is lost, the administrator can also revoke the encryption key for a particular file or remotely revoke all keys that prevent user access.
Windows 8.1 Enhances Application security: Device lockdown makes it possible for users to access only applications in the application store, while assigned access functionality is restricted to specific applications for a certain period of time, such as special sales activities. In addition, OMA-DM is built into Windows 8.1 so that devices can be managed either through Microsoft or through Third-party management tools such as MobileIron or AirWatch, without the need for additional client-side proxies.
However, Microsoft does not provide direct storage access on mobile devices, which may also be a security vulnerability point