Windows 8.1 Security: Enterprise Features and Tools

Microsoft has released the Windows 8.1 Enterprise Preview for a few months, so what are the security concerns?

Perhaps the most attractive security feature for Windows 8.1 for businesses It simplifies data encryption and the process of remotely erasing employees' own devices. In addition, biometrics and multi-factor authentication are also included. In fact, Microsoft has always attached great importance to security. Many of the new features in the 8.1 release are very focused on supporting BYOD, which is very happy for many IT administrators because it alleviates their long-standing trade-offs between BYOD and enterprise security. Let's take a look at the enterprise features and related tools of Windows 8.1 in terms of security.

Although password authentication has been eliminated for some time, users seem to have not found a good alternative. To give users the benefit of two-factor authentication, the security features of Windows 8.1 support virtual smart cards that convert devices to a second layer of security. And with two-factor authentication, the device can take full advantage of the Workplace Join feature. In this way, the user does not have to completely join a domain, and does not have to completely control the device to the IT department. In addition, Windows Server R2 ensures that only registered and trusted devices can access corporate data.

Windows 8.1 Enterprise Edition also improves biometric authorization support by embedding fingerprint sensors on the keyboard, laptop case or tablet panel, which greatly reduces the user's reliance on passwords. Users should be aware that once they encounter a Windows credentials prompt, they can use biometric authentication.

In addition, we manage users who connect to corporate resources via VPN to become simpler. With DirectAccess technology, access to enterprise resources can be set to automatically trigger a VPN connection. DirectAccess also tracks security policies and automatically updates security software and policy upgrades for remote computers.

Windows 8.1 Enterprise also enhances anti-malware functionality. Windows Defender now supports network behavior monitoring, which scans for malware and malicious behavior in memory, registry, or file systems before they are executed. Moreover, Internet Explorer 11 also has binary extensions, such as ActiveX, that scan for malware before the code is executed. There is also Selective Wipe, a remote data erasure management software that removes corporate data from employees' own devices and retains personal data. In addition, if the device is lost, the administrator can also revoke the encryption key for a particular file or remotely revoke all keys that block user access.

Windows 8.1 enhances application security: Device Lockdown allows users to access only applications in the app store, while the Assigned Access feature restricts access to specific applications for a certain period of time. Such as special sales activities. In addition, OMA-DM is built into Windows 8.1 so that devices can be managed either through Microsoft or through third-party management tools like MobileIron or AirWatch, without the need for additional client agents.

However, Microsoft does not provide direct storage access on mobile devices, which may also be a security vulnerability