Security Features in MDM Client

11/11/2008

Windows Mobile devices that are running Windows Mobile 6.1 contain the System Center Mobile Device Manager (MDM) client application that lets you manage the device through MDM. This application is not included in earlier versions of Windows Mobile. Windows Mobile 6.1 supports the necessary standards to enable the client to establish an authenticated and encrypted communications channel to MDM Gateway Server.

Note:
Mobile Operators may have access to device settings to configure settings for their network and services even after enrollment in MDM. During enrollment, existing references to the Mobile Operator Open Mobile Alliance (OMA) device management (DM) servers are preserved. Therefore, in principle, those servers can access the device. However, the OMA DM servers are typically not exposed to the Internet, and therefore cannot update a device when Mobile VPN is active.

Note:

Mobile Operators may have access to device settings to configure settings for their network and services even after enrollment in MDM. During enrollment, existing references to the Mobile Operator Open Mobile Alliance (OMA) device management (DM) servers are preserved. Therefore, in principle, those servers can access the device. However, the OMA DM servers are typically not exposed to the Internet, and therefore cannot update a device when Mobile VPN is active.

The Windows Mobile 6.1 client contains the following security-related features specific to MDM:

Enrollment Client, which is responsible for enrolling the device into the managed MDM environment. During the enrollment process, the device is bootstrapped with the necessary VPN connectivity settings, and the certificates and certificate chain are installed. The device will then use these certificates to authenticate on the company network.
Mobile VPN client, which is based on IPsec and has the logic, rules, policies, and settings for the VPN tunnel. After the enrollment process configures the Mobile VPN client, there is a sustained, always-on connection to MDM Gateway Server.

For more information about MDM client architecture, see MDM Client Architecturein the MDM Architecture Guide.

To configure devices, IT administrators use Group Policy to deliver and apply policy settings to targeted users and computers in an Active Directory environment. For information about security policies that you can apply to a device, see Security Policies in MDM.

For information about applying Group Policy, see the following topics in MDM Operations at this Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=112415

See Also

Concepts