To be available "in the second quarter of 2008," Mobile Device Manager naturally requires an enterprise to have a Microsoft-based infrastructure. It leverages existing Microsoft products and services, such as Active Directory, Certificate Authorities, SQL Server, Internet Information Services 6.0 (IIS), and .NET Framework 2.0, the company says.

Mobile Device Manager requires a Microsoft-based infrastructure

The product also must be installed on servers running Windows Server 2003 SP2 64-bit editions, Microsoft notes. It is said to employ Windows Software Update Services (WSUS) 3.0 with Service Pack 1 to allow applications to be distributed to managed devices.

Provisioning

Microsoft claims that Mobile Device Manager makes it easy to provision smartphones. An IT department simply hands out the devices; users then log in via the Web to an Active Directory server, receiving a password that lets them access their devices.

At that point, according to the company, software and settings can be pushed to the device over the air. Making use of Active Directory Group Policy settings, administrators can selectively disable the following smartphone functions:

• Bluetooth
  
• SMS/MMS
  
• Wireless LAN
  
• Infrared
  
• POP/IMAP e-mail
  
• Camera

More than 125 security policies can be applied to devices, Microsoft says. "Allow" and "deny" functionality is said to give enterprises control over which applications employees may subsequently try to install on their devices.

Security

Also part of Mobile Device Manager is what Microsoft calls a "cutting-edge VPN, optimized for the mobile environment." The company claims its VPN offers "seamless connectivity across different wireless environments with inter-network roaming capabilities and fast reconnect for session persistence."

A "double envelope security" architecture in Mobile Device Manager authenticates both the device and user, allowing for a single security-enhanced point of access for mobile application traffic. The VPN link secures wireless access between a device and corporate servers using an SSL-encrypted tunnel, according to Microsoft.

Microsoft expects this always-on VPN access to encourage users to keep valuable data on corporate servers instead of on their phones. In addition, Mobile Device Manager can erase all data on a phone in case of loss or theft via its remote device wipe feature, according to the company.

Finally, Mobile Device Manager is said to provide inventory data for all mobile devices in an enterprise via a single console. Administrators can also employ the console to push software and firmware updates to devices.

Compatibility

Mobile Device Manager will require brand-new Windows Mobile phones, or updates to selected older devices. Microsoft says by the time the product is released, it will be supported by a wide variety of recent phones, including the AT&T Blackjack II, AT&T Tilt, HTC Advantage, HTC Mogul, HTC Touch, Motorola Q Music 9m, Palm Treo 750, Samsung SCH i760, T-Mobile Wing, Verizon SMT5800, and Verizon XV6800.

Microsoft's announcement did not specify pricing details. For more information on Mobile Device Manager, see the company's Web site, here.

For a "first take" on the product from eWEEK.com columnist Andrew Garcia, go here.

---

Related stories:

• Intel and ARM collaborate on device security
  
• Webcast to highlight Windows Mobile security
  
• Whitepaper warns of Windows Mobile malware
  
• Virus expert warns of Windows CE malware vulnerability
  
• Anti-malware defends Windows XP Embedded
  
• Software blocks malware on the wireless network level
  
• "Stand-alone" security app protects Windows Mobile devices
  
• Kaspersky aims antivirus products at smartphones
  
• Mobile malware to get worse, McAfee predicts
  
• Microsoft deflects push email security concerns
  
• Anti-virus software guards Windows Mobile 5.0 devices
  
• Asset-discovery app gets updated Windows CE support
  
• Sync software enhances Windows Mobile device support