Microsoft Corporation30 Jan 2013 - Windows RTin the Enterprise
Copyright (c)2013 Microsoft Corporation.All rights reserved.This document is provided "as-is." Information and viewsexpres...
Table of ContentsIntroduction ...............................................................................................
WebDAV Access ...............................................................................................................
IntroductionWindows-based tablet devices are now available from a variety of manufacturers, offering a variety ofcapabilit...
already have Windows-based PCs, or as special-purpose devices running custom line-of-business appsused by some job roles (...
As a result of these optimizations in Windows RT, these devices typically will never be turned off.Instead,they will opera...
keyboard, printer, camera, scanner, smartcard, Bluetooth, and storage devices, with a Windows RTcertification process avai...
Office Home & Student 2013 RTWindows RT includes Office Home & Student 2013 RT, which consists of cloud-enabled versions o...
No support for S/MIME signed e-mail communication.        No support for POP3 e-mail services.For more information, see Us...
LyncFor organizations that use Lync as their communication platform, an app supporting Windows RT isavailable in the Windo...
For maximum security as well as auditing, wireless routers can often be configured to use ActiveDirectory or certificates ...
To support the establishment of a VPN connection, a standard VPN client is included by default inWindows RT.This VPN clien...
Note that Windows RT does not support the Connection Manager Administration Kit (CMAK), so thatcannot be used for configur...
To configure a Windows RT device to access the RemoteApp server, some simple configuration stepsneed to be performed on th...
When using VDI sessions (either directly or through an Internet-connected Remote Desktop gateway),Windows RT devices can l...
SkyDriveWindows RT devices can utilize SkyDrive cloud storage for synchronizing personalization andconfiguration settings ...
All Windows RT devices also include support for virtual smart cards, which provide the same multi-factorauthentication ben...
The recovery key can be obtained from the SkyDrive associated with any Microsoft account that loggedonto the Windows RT de...
These convenience password mechanisms can be disabled (either through Exchange ActiveSync policy,Windows Intune, or local ...
Enterprise Systems ManagementWindows RT includes a management client that enables devices to be connected to the Windows I...
Inbound remoting is disabled by default, but can be enabled if needed by startingthe Windows         Remote Management (Wi...
Windows UpdateTo keep Windows RT up-to-date, it will be serviced through Windows Update for all operating systemcomponents...
SummaryWindows RT devices are primarily designed as consumer devices, but can be used in corporateenvironments as well, ei...
GlossaryBring Your Own Device.A policy adopted by many organizations that allows users to use personaldevices (smart phone...
Windows 8 or Windows RT-based devices.Typically Windows Store apps are installed from the onlineWindows Store, but they ca...
For Additional InformationWhich tablet should you choose for your business?http://blogs.windows.com/windows/b/business/arc...
Upcoming SlideShare
Loading in...5
×

Windows RT in the Enterprise - whitepaper

5,432

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,432
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
114
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Windows RT in the Enterprise - whitepaper"

  1. 1. Microsoft Corporation30 Jan 2013 - Windows RTin the Enterprise
  2. 2. Copyright (c)2013 Microsoft Corporation.All rights reserved.This document is provided "as-is." Information and viewsexpressed in this document, including URL and other Internet Web site references, may change without notice. You bear therisk of using it.This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You maycopy and use this document for your internal, reference purposes. You may modify this document for your internal,reference purposes.Last updated January 30th, 2013. 1|Page
  3. 3. Table of ContentsIntroduction .................................................................................................................................................. 4Why Companion Devices? ............................................................................................................................ 5User Experience ............................................................................................................................................ 5Peripheral Devices ........................................................................................................................................ 6Applications and Features............................................................................................................................. 7 Deploying Line of Business Applications ................................................................................................... 7 Office Home & Student 2013 RT ............................................................................................................... 8 Mail, Calendar, People, and Messaging .................................................................................................... 8 Internet Explorer ....................................................................................................................................... 9 Video ......................................................................................................................................................... 9 Lync ......................................................................................................................................................... 10 Skype ....................................................................................................................................................... 10 Additional Applications ........................................................................................................................... 10Connectivity ................................................................................................................................................ 10 Directly Connected to the Corporate Network....................................................................................... 10 Wireless Networks .............................................................................................................................. 10 Wired Networks .................................................................................................................................. 11 Proxy Servers....................................................................................................................................... 11 IPSec Domain Isolation........................................................................................................................ 11 VPN Connectivity .................................................................................................................................... 11 Printing .................................................................................................................................................... 13Remote Application Access ......................................................................................................................... 13 RemoteApp ............................................................................................................................................. 13 Virtual Desktop Infrastructure ................................................................................................................ 14 Remote Desktop Services ....................................................................................................................... 15 Remote Assistance .................................................................................................................................. 15 Third-Party Apps ..................................................................................................................................... 15Data Access ................................................................................................................................................. 15 SkyDrive .................................................................................................................................................. 16 SkyDrive Pro ............................................................................................................................................ 16 Network Share Access............................................................................................................................. 16 2|Page
  4. 4. WebDAV Access ...................................................................................................................................... 16Security ....................................................................................................................................................... 16 Smart Cards ............................................................................................................................................. 16 Boot Security ........................................................................................................................................... 17 Device Encryption ................................................................................................................................... 17 BitLocker To Go ....................................................................................................................................... 18 Accounts.................................................................................................................................................. 18 Convenience Passwords.......................................................................................................................... 18 Credential Locker .................................................................................................................................... 19 SmartScreen ............................................................................................................................................ 19 Windows Defender ................................................................................................................................. 19 Windows Firewall.................................................................................................................................... 19 Network Access Protection ..................................................................................................................... 19Manageability ............................................................................................................................................. 19 Enterprise Systems Management ........................................................................................................... 20 PowerShell .............................................................................................................................................. 20 Governance Through Exchange ActiveSync ............................................................................................ 21 Windows Update .................................................................................................................................... 22 Data Backup ............................................................................................................................................ 22 Local Policy .............................................................................................................................................. 22Support ....................................................................................................................................................... 22Summary ..................................................................................................................................................... 23Glossary ....................................................................................................................................................... 24For Additional Information ......................................................................................................................... 26 3|Page
  5. 5. IntroductionWindows-based tablet devices are now available from a variety of manufacturers, offering a variety ofcapabilities.Deciding which device is best for a particular scenario requires considering the keycapabilities: Mobility.People who carry their devices, whether for travel to different cities or for routine meetings in their office building, appreciate tablets that are lightweight and have long battery life, which allowsthem to operate from wherever they are at that moment. Workload. Some people are casual users, primarily reading e-mail, browsing the web, and running a variety of other apps that do not require much computing power. Others may be manipulating large spreadsheets, analyzing datasets, developing line-of-business software, or performing other more intensive operations. Apps. For some employees, new immersive Windows 8 line-of-business apps and Windows Store apps will allow them to perform the majority of their work, while others may require access to existing line-of-business desktop apps. These desktop apps can be run either natively on Windows 8 tablets or accessed remotely using the RemoteApp technology, as long as appropriate connectivity is available. Corporate Access. Some people may need access to the corporate network for their jobs, typically for using line-of-business apps. This can be accomplishedusing DirectAccess or a VPN connection when away from the office but on the Internet. Others need occasional online access, but frequently work offline and synchronize their files with the cloud or other remote computers. Always On. Other users may need the constant connectivity provided by the “Connected Standby” feature so that apps can continue receiving information from networks even while the device is turned off. These apps can even notify people by playing notification sounds in cases of important events. Manageability. Organizations may need to actively manage the devices used by employees.Depending on which of these capabilities are most important, enterprises might choose devices runningWindows 8 Enterprise or Windows 8 Pro, or they might choose devices running Windows RT.(Seehttp://blogs.windows.com/windows/b/business/archive/2012/12/14/which-tablet-should-you-choose-for-your-business.aspx for additional information.)Devices that run Windows RT excel at mobility, and are instantly on and always connected.They can alsorun newly-developed Windows Store apps.Butthey are not designed for heavy workloads; they cannotrun existing desktop applications; they cannot join Active Directory domains or be managed using GroupPolicy; and they have more limited corporate network access capabilities.As a result, Windows RTdevices typically will not be used in enterprises in the same broad scenarios as Windows 8 devices whichhave robust enterprise capabilities.Even with these trade-offs, there are use cases where Windows RT devices may be a good choice forenterprise customers.For example, these devices may be good as companion devices for those who 4|Page
  6. 6. already have Windows-based PCs, or as special-purpose devices running custom line-of-business appsused by some job roles (for example, sales).The remainder of this document describes the specific capabilities and considerations of Windows RTfrom the enterprise perspective.Understanding these capabilities and trade-offs is key to making aninformed decision as to what types of devices are right for your organization.Why Companion Devices?Companion devices (such as Windows-based tablets, iPads, and Android devices) are becomingpervasive in work environments.People like these devices because they are lightweight, have longbattery life, and bring improved user experiences with touch interfaces and “instant on”performance.While some can use these companion devices to meet all of their needs, in enterpriseenvironments many use these in conjunction with existing work PCs. These devices are also enablingnew categories of cloud-connected applications, while also providing the business productivitycapabilities that organizations have come to expect from existing PC form factors.From an enterprise perspective, these companion devices will impact your organizations in at least twoways.First, many organizations are choosing to embrace the “bring your own device” (BYOD) strategythat allows employees to bring consumer-oriented devices into a corporate environment.To make thesedevices most productive, your organization can take proactive steps to ensure that these devices aresupported by your enterprise infrastructure.Second, many organizations will also start adopting companion devices for specific use cases, somedriven by the capabilities of the new types of applications, some driven by the new device form factorsnow available.In either case, different categories of users may benefit from these companion devicecapabilities.Organizations should study these capabilities to determine which groups of users will benefitmost and begin working on pilot projects to confirm these benefits, taking into account the tablet devicechoices described above.As with BYOD scenarios, this also requires taking proactive steps to ensure thatthese devices are supported by your enterprise infrastructure.User ExperienceWindows RT devices are designed for long battery life, while at the same time being thin, light, and sleek,regardless of form factor.This is enabled by the use of low-powered ARM processors designed from theground up for energy efficiency, paired with additional power-saving hardware components, and thepower-optimized Windows RT operating system.The degree to which Windows RT has been optimized can only be achieved through the closecooperation between Microsoft and the OEM and silicon partners producing the Windows RT devices,the firmware that drives them, and the components that go into them.To ensure the best possibleexperience, a Windows RT device is always shipped as a preconfigured, optimized system; enterprisescannot load their own customized Windows image on the devices as they can with Windows 8. 5|Page
  7. 7. As a result of these optimizations in Windows RT, these devices typically will never be turned off.Instead,they will operate in a newly-designed Connected Standby power mode, similar to what is currently usedfor mobile phones.While the screen is on, you have access to the full capabilities of the device; when thescreen goes dark, the device enters Connected Standby mode.(Even while the screen is on, Windows RTwill dynamically adjust the power consumption for unused parts of the system, as you would expect.)Byusing this Connected Standby mode, Windows RT devices are always instantly ready for use.Even though Windows RT is a distinctly separate operating systemfrom Windows 8, it does share muchof the same functionality.As a result, you can be assured that the experience of using Windows RT willbe very similar to Windows 8.Some examples include: Both natively support touch operation, while also supporting mouse and keyboard operation. Both provide the new “Start” screen experience for launching and organizing apps. Both support the new Windows Store application experience. o The Storeapp is used with both operating systems to install and update Windows Store apps. o The same Windows runtime (WinRT) APIs are used in both Windows 8 and Windows RT so that Windows Store applications can run on both operating systems. Both support a desktop environment. o File Explorer can be used to manage files and folders, connect to network shares, and access external storage devices. o You will have access to the Control Panel and its deep array of settings to give you a finer-grained level of control over your system. o The command shell and various utilities (such as Notepad and Regedit) are available on both Windows 8 and Windows RT. o Note that Windows RT only supports the desktop applications included with the device, while Windows 8 supports the installation of additional desktop applications. Both support multiple user accounts. o You can use local computer accounts or Microsoft accounts to log on to both Windows 8 and Windows RT.(Note that Windows 8 also supports Active Directory accounts, while Windows RT does not.) o You can use picture passwords and PINs(as convenience passwords) with both operating systems. o You can have multiple Administrator accounts as well as multiple standard user accounts.Peripheral DevicesWindows RT adopts a new model for supporting a large variety of peripherals out of the box byleveraging standardized protocols and class drivers, which eliminates the need for specific drivers foreach peripheral device.Class drivers are included in the operating system to support most mouse, 6|Page
  8. 8. keyboard, printer, camera, scanner, smartcard, Bluetooth, and storage devices, with a Windows RTcertification process available to provide assurances that specific devices will work.Seewww.microsoft.com/en-us/windows/compatibility/winrt/CompatCenter/Home for information aboutthe devices that have been certified.Applications and FeaturesWith both Windows 8 and Windows RT, a new application model has been created to create touch-enabled, immersive applications which we commonly refer to as “Windows Store apps.” In most cases,the applications created using this application model can be used on both Windows 8 and Windows RToperating systems, as they implement the same underlying programming API (called WinRT).This makesit easy to support both Windows 8 and Windows RT in your organization from a single application.This application model is distinctly different from what is used to create desktop applications, althoughthe same Visual Studio toolset and programming languages can be used to create them.The fullfunctionality of this new application model is exposed to all programming languages, including C#, XAML,JavaScript, HTML5, Visual Basic.NET, C++, and C, so your developers can use languages and technologiesthat they already know when creating these applications.Deploying Line of Business ApplicationsMost organizations will want to deploy their internal line of business apps themselves (rather thanmaking these apps publicly available to everyone through the online Windows Store for anyone torequest and install).To support this, Windows RT (like Windows 8 Pro and Windows 8 Enterprise)supports the installation of applications through a process called “sideloading.”After a Windows RTcomputer has been enabled for sideloading, line-of-business Windows Store apps can be installed.Enabling sideloading for Windows RT devices requires the installation of a special “EnterpriseSideloading” product key on each device.For many customers (including those with enterpriseagreements or Select+ agreements), these product keys will be provided at no charge as part of theSoftware Assurance benefits for Windows.In other cases, these keys can be purchased.For moreinformation, see How to Add and Remove Apps,the “Windows 8 Enterprise Sideloading” section of theMicrosoft Product List document, andthe Volume Licensing Guide for Windows 8 and Windows RT.In most cases, enterprises will want to provide an “enterprise app store” where users of Windows RTdevices can select from available line-of-business apps that will then be installed on the device.Thisenterprise app store can also be used to install organization-selected third-party apps, as well as webshortcuts. Windows Intune provides this functionality; see the “Cloud-Based Management” sectionbelow for more information.These sideloading functions can also be performed using simple PowerShell commands, or throughother Windows Store apps that implement similar functionality (through the WinRT APIs for appinstallation). 7|Page
  9. 9. Office Home & Student 2013 RTWindows RT includes Office Home & Student 2013 RT, which consists of cloud-enabled versions of theExcel, Word, PowerPoint, and OneNote desktop applications that have been optimized to run onWindows RT hardware, and ensures they are power-efficient and touch-friendly, while maintainingdocument compatibility.Some functionality has been removed; see http://blogs.office.com/b/office-next/archive/2012/09/13/building-office-for-windows-rt.aspx for more details.After the final edition ofOffice Home & Student 2013 RT is released in a customer’s language, their Windows RT device will beautomatically updated with the final edition for free throughWindows Update (Wi-Fi connectionrequired; ISP fees may apply).Office Home & Student 2013 RT is licensed for non-commercial use.Commercial use rights are providedautomatically when the Windows RT device is used as a companion device by the primary user of adevice licensed for Office 2013 volume license or qualifying Office 365 offerings which includes Office365 ProPlus, Office 365 Small Business Premium, Office 365 Midsize Business, and Office 365 EnterpriseE3/E4.For more information,seehttp://office.com/officeRTandwww.microsoftvolumelicensing.com/userights/DocumentSearch.aspx?Mode=3&DocumentTypeId=1.In addition to the in-box Office Home & Student 2013 RT components, additional OneNote and Lyncapps are available through the Windows Store.These apps have been designed and optimized to takeadvantage of the unique capabilities of Windows 8 and Windows RT.Mail, Calendar, People, and MessagingWindows RT includes a set of core communication apps that work together with both ExchangeActiveSync (which is the protocol used by Exchange and Outlook.com) and IMAP-based e-mail services(such as those provided by many ISPs), as well as various social networks.Together, these apps providekey productivity functionality, especially when combined with Office Home & Student 2013 RT.Seehttp://windows.microsoft.com/en-US/windows-8/mail-calendar for additional information.To use Mail and other core communication apps, a Microsoft account must be provided.After thisaccount has been added, additional Exchange ActiveSync and IMAP accounts can be added.Note that the communication apps provide basic mail, contact, and calendar functionality compared tothe full-featured Outlook desktop application, which is not available on Windows RT as it is not part ofOffice Home & Student 2013 RT.Examples of functionality not present in the Mail and Calendar appsinclude: No support for information rights management (IRM) protected e-mail messages.(Office Home & Student 2013 RT does support reading but not creating IRM-protected documents, including those provided through e-mail attachments.The workaround for IRM-protected mail is to access the mail in the web browser through Exchange’s Outlook Web App.) No free/busy search capabilities to see other people’s calendars when scheduling new meetings. No support for client-side or server-side e-mail rules. 8|Page
  10. 10. No support for S/MIME signed e-mail communication. No support for POP3 e-mail services.For more information, see Using email accounts over POP on Windows 8 and Windows RT.The communication apps do provide support for “remote wipe” capabilities of Exchange ActiveSync.Thisenables enterprise administrators to ensure that e-mail, calendar, and contact information is removedfrom lost devices or devices belonging to departed employees.Note that data that is not directlymanaged by the communication apps (for example, documents, photos, music, and so on, on the filesystem) will not be removed.To help protect this data, the built-in automatic device encryption ofWindows RTis used to ensure that only authorized users can access these files.For more information onthese capabilities, see the “Device Encryption” and “Governance Through ActiveSync” sections later inthis document.(Note that Windows RT itself does not offer a system-level “remote wipe” capability.)For more information about the Mail application, see the followingblog posting:http://blogs.technet.com/b/exchange/archive/2012/11/26/supporting-windows-8-mail-in-your-organization.aspx.The Windows Store apps and features included in Windows RT will be enhanced and updated overtime.Updates for included Windows Store apps can be installed using the built-in Windows Store app;users will be notified when updates are available and can install these when they choose.Another option available to those using Exchange 2013 or Office 365 is the Outlook Web App.Whenused on Windows RT with Internet Explorer 10, Outlook Web App can enable offline access to amailbox.See http://office.microsoft.com/en-us/support/using-outlook-web-app-offline-HA102828007.aspxfor more information.Internet ExplorerWindows RT includes Internet Explorer 10, a completely new web browser that’s fast, fluid, and perfectfor touch.Internet Explorer 10 has two different browsing experiences:a full-screen, immersive browserthat’s ideal for tablets, and a traditional desktop version for legacy web browsing.Although Internet Explorer 10 in Windows RT supports Adobe Flash for a limited list of websites, there isno support for additional plug-ins.For more information about how site developers can have their AdobeFlash site added to the list of sites, see http://msdn.microsoft.com/library/ie/jj193557.aspx.VideoWindows RT includes an application to play a variety of media file formats.Seehttp://msdn.microsoft.com/library/windows/apps/hh986969.aspx for a full list of the formatssupported.These formats can be used from any Windows Store app, including custom line-of-businessWindows Store apps.Note that additional types of media files may be playable on Windows RT devices, but these couldrequire additional Windows Store apps. 9|Page
  11. 11. LyncFor organizations that use Lync as their communication platform, an app supporting Windows RT isavailable in the Windows Store. This app provides the core voice and video calling capabilities, instantmessaging, and meeting support. See http://apps.microsoft.com/windows/en-us/app/lync/ba4b9485-8712-41ff-a9ea-6243a3e07682 for more details. (Note that the Lync app will allow viewing shareddesktops, but the user Windows RT desktop cannot be shared using the app.)SkypeA Skype app is available in the Windows Store. This app provides voice and video calling, as well asinstant messaging capabilities. See http://apps.microsoft.com/windows/en-US/app/skype/5e19cc61-8994-4797-bdc7-c21263f6282b for more details.Additional ApplicationsWindows RT also includes a variety of additional apps, such as Finance, SkyDrive, Sports, Travel, News,and Games.Like all of the in-box Windows Store apps, these can be uninstalled through the Start screenor through PowerShell if they are not desired.See http://technet.microsoft.com/library/hh852635.aspxfor details on how to remove Windows Store apps.(Note that users can reinstall them from theWindows Store if needed.)ConnectivityWhen using a Windows RT device to access enterprise resources, it is important to recognize that thesedevices may be used while connected to the corporate network or while connected to the Internet.Ineach case, it may be necessary to put in place specific configurations to enable these devices (or anyBYOD devices) to access secured resources.Note that Windows RT does not include support for DirectAccess, because this enterprise-targetedfunctionality is only present in Windows 8 Enterprise.Directly Connected to the Corporate NetworkMost Windows RT devices will be able to connect to a corporate network with either wireless or wirednetworking.However, because these devices cannot be joined to Active Directory, there may be someadditional configuration necessary, or restrictions put in place that prevent full network access, asexplained below.Wireless NetworksBecause no group policies are processed by Windows RT, settings such as preconfigured wirelessnetwork SSIDs will not be available on these devices.This configuration can be performed manuallythough by providing instructions to the users telling them the SSID to which they need to connect, alongwith the security details for that connection.This is typically a one-time operation, as Windows RT willremember the details for future connections. 10 | P a g e
  12. 12. For maximum security as well as auditing, wireless routers can often be configured to use ActiveDirectory or certificates (often using smart cards) to authenticate users, as an alternative to using apreconfigured (and therefore public) connection key.Windows RT fully supports these 802.1xauthentication options, as well as the built-in extensible authentication protocol (EAP) options describedat http://technet.microsoft.com/library/hh945104.aspx.(Note that Windows RT may not support 802.1xconnections if additional third-party software needs to be installed on the device, as this software willnot be available for Windows RT.)Wired NetworksWired network access will also be supported by many Windows RT devicesbecause devicemanufacturers may optionally include a physical Ethernet port in their hardware designs.Typically,configuration is not required for wired network connections, but in cases where this is needed theControl Panel or PowerShell can be used to configure the needed settings.The same 802.1x authentication capabilities described in the “Wireless Networks” section above are alsosupported for wired connections.Proxy ServersAgain, because no group policies are processed by Windows RT, settings for proxy servers may need tobe either configured manually or through other means.The simplest way to enable Windows RT todetect the presence of an internal proxy server that must be used when accessing the Internet is toenable the Web Proxy Autodiscovery Protocol (WPAD) on your corporate network.This involvesconfiguring specific DHCP options, as well as a web server that can provide configuration details to eachcomputer.For more information, consult the documentation provided by your web proxy productvendor.For Forefront TMG, see http://technet.microsoft.com/library/cc995261.aspx.Note that Windows Store apps do not use the same proxy settings that are being used with InternetExplorer.For more information about proxy configurations, troubleshooting, and issues that you mayencounter, see http://support.microsoft.com/kb/2778122 andhttp://support.microsoft.com/kb/2777643.IPSec Domain IsolationIf using IPSec for domain isolation, devices that are not joined to an Active Directory domain (such asWindows RT devices) may not be able to access some network servers.If access to these is required,they may need to be excluded from default IPSec isolation rules, which turns them into boundaryservers.This can be done selectively to allow access to a limited number of servers.Alternatively, aRemote Desktop Gateway could be leveraged to provide “proxy” access to these isolated systems.VPN ConnectivityWhen Windows RT devices are connected to the Internet, they may need to connect to enterpriseresources.This is often done by establishing a virtual private network (VPN) connection into thecorporate network.Once connected through VPN, the Windows RT device behaves like it is directlyconnected to the corporate network, which allows access to internal applications and servers asappropriate. 11 | P a g e
  13. 13. To support the establishment of a VPN connection, a standard VPN client is included by default inWindows RT.This VPN client can interoperate with Windows Server 2012 VPN servers, as well asadditional third-party VPN servers through the supported PPTP, L2TP, and IKEv2 protocols with a varietyof authentication methods as described in the documentation posted athttp://technet.microsoft.com/library/jj613765.Third-party OS Tunnels Authentication Crypto Suites supportedVPN server version supported methodssolution supportedCISCO IOS PPTP CHAP IPSec: 15.1.4 L2TP / IPSec PSK (over v4 AH auth: HMAC_SHA_1_96,(2951 VPN with PSK and v6) HMAC_MD5_96Server) L2TP / IPSec Machine ESP Encryption: AES_128, with Cert Certificate CBC_3DES, CBC_DES, None IPSec (IKEv2) EAP1Juniper 6.2.0r5.0 L2TP / IPSec CHAP IKEv2: with PSK PSK (over v4 Encryption: 3DES, AES_128,(SSG series) L2TP / IPSec and v6) AES_192, AES_256 with Cert Machine Integrity:SHA1, SHA_256, SHA_384 IPSec (IKEv2) Certificate EAP1 DH Group: DH2The VPN client configuration details necessary for connecting into a corporate network can be manuallyconfigured through the standard networking user interface.The VPN client can also be configured usinga simple PowerShell script.This PowerShell script could be provided directly to the end user, to simplifythe configuration steps they need to provide, or it could even be leveraged as part of a Windows Intunemanagement infrastructure to automate the configuration entirely.Seehttp://technet.microsoft.com/library/jj613766.aspx for additional details.(Note that Windows Intune byitself does not provide a means to configure VPN connections.To do this configuration, Windows Intuneneeds to be integrated with a System Center 2012 Configuration Manager SP1 infrastructure.)In some VPN authentication configurations, it may also be necessary to install additional securitycertificates, which can be done using PowerShell, the Certutil.exe command-line utility, or the“Certificates” control panel.Smart cards can also be used for authenticating VPN connections.See the “Smart Card” topic later in thisdocument for additional details on the types of smart cards supported by Windows RT.For organizations using RSA SecurID tokens, these can be used with the standard VPN client. Forinformation about this configuration, see http://technet.microsoft.com/library/jj900206.aspx. 12 | P a g e
  14. 14. Note that Windows RT does not support the Connection Manager Administration Kit (CMAK), so thatcannot be used for configuring VPN connections.Also, the built-in VPN client does not support third-party SSL VPNs.Additional third-party VPN client software cannot be installed on Windows RT.PrintingAs previously mentioned, Windows RT includes a class driver that enables printing directly to thousandsof different printer models.See www.microsoft.com/en-us/windows/compatibility/winrt/CompatCenter/Home for more details.Note that some devices mayrequire firmware updates to support this capability.Windows RT will also support printing to network printers shared from a Windows 8 or Windows Server2012 print server through enhancements to the printer driver architecture implemented in thosereleases.See http://msdn.microsoft.com/library/windows/hardware/Hh706306(v=vs.85).aspx for moreinformation about this new printer driver architecture (referred to as “v4 printer drivers”).Remote Application AccessIn some scenarios, certain applications may not be available for Windows RT.This could be because theyare existing desktop applications that cannot be installed on Windows RT, those that cannot be usedoutside of the corporate network, those that are isolated using IPSec domain isolation,or any otherapplications that have special requirements that cannot be directly met by Windows RT.Fortunately,there are multiple options for solving these issues.RemoteAppBy leveraging the Remote Desktop Services features in Windows Server 2008 R2 or Windows Server2012, traditional desktop applications can be run on the server with the user interface presented on theWindows RT device.Additionally, with Windows Server 2012, Windows Store apps can also be run in thisway.With Windows Server 2012, additional improvements have been made to the RemoteAppexperience.These improvements include: Multi-touch support, which enables the best experience for accessing Windows Store apps remotely. Better network bandwidth awareness for WAN-connected clients. RemoteFX improvements, which offers support for streaming video and other multimedia applications, as well as USB redirection support, which allows some types of local peripherals to be used by applications running remotely. Simplified configuration support that enables devices to automatically discover available RemoteApp servers and applications.Seehttp://technet.microsoft.com/library/hh831447.aspx for more information on these newimprovements. 13 | P a g e
  15. 15. To configure a Windows RT device to access the RemoteApp server, some simple configuration stepsneed to be performed on the Windows RT device to specify the URL of the server, for example,“https://contoso.com/RDWeb/Feed/webfeed.aspx”To leverage the automatic discovery capability mentioned above, an additional DNS entry must becreated so that the URL can be determined based on an e-mail address entered on that same screen.Seehttp://technet.microsoft.com/library/hh831442.aspx for instructions on how to configure this DNS entry.Once configured with the URL of the Remote Desktop server or gateway, the RemoteApp programspublished by that server can be launched from the Start screen like any locallyinstalled application.Thefirst time the application launches, it will take several seconds for a session to be established with theRemote Desktop Services server, but subsequent application launches will be quicker.When these applications run, they typically leverage the user’s Active Directory account, which allowsthe application to access enterprise data within the corporate network – no data related to theapplications ever needs to be stored on the Windows RT device, which helps to ensure compliance withenterprise security and control policies.Virtual Desktop InfrastructureAnother option that can be used from Windows RT is a virtual desktop infrastructure, or VDI.As with thepreviously-discussed remote desktop capability, VDI presents an image of a full remote desktop runningin an enterprise datacenter.But unlike with remote desktop, this image represents an entire virtualmachine dedicated to the current Windows RT user.These virtual machines can be pooled (shared between multiple users) or dedicated to a particular useras required.In either case, all enterprise data remains within the corporate network and is not stored onthe Windows RT device; only the user experience is remotely presented to the device. 14 | P a g e
  16. 16. When using VDI sessions (either directly or through an Internet-connected Remote Desktop gateway),Windows RT devices can leverage RemoteFX to provide a rich multimedia experience, leveraging eithera built-in software GPU or the server’s own hardware GPU.Full multipoint touch capabilities are alsosupported.Also new with VDI on Windows Server 2012 is support for USB redirection.Users can make any USBperipheral attached to the Windows RT device available directly to the VDI session, enabling it to beused with applications running in that session.The primary challenge with VDI scenarios is making them cost effective, as each concurrent VDI sessioncan require significant server resources (CPU, disk, memory, and network).With enhancements made inWindows Server 2012, these resources have been reduced making this a practical solution for scenarioswhere isolated or dedicated Windows instances are required.For other scenarios, consider RemoteDesktop scenarios as these have lower resource requirements.Remote Desktop ServicesWindows RT can also be used to establish a full remote desktop connection to a Remote DesktopServices server, as well as to any other Windows 7 Professional, Windows 7 Enterprise, Windows 8 Pro,Windows 8 Enterprise, Windows Server 2008 R2, or Windows Server 2012 computer.When usedthrough the Remote Desktop gateway, this can even be done across the Internet, without using a VPNconnection (the same as can be done with RemoteApp programs).To enable this, Windows RT includesthe desktop Remote Desktop Connection application (Mstsc.exe), or you can install the small “RemoteDesktop” app from the Windows Store to provide an even better experience.(Note that Windows RTdoes not provide support for making a remote desktop connection into the device; only outboundconnections are possible.)Remote AssistanceWindows RT does support Remote Assistance, so users of the device could request help from remotesupport personal.With that invitation, the remote support personnel could connect to the user’s sessionto help troubleshoot any problems the user may be encountering.Third-Party AppsSoftware vendors can also provide Windows Store apps for Windows RT that enable remote applicationpresentation, remote desktop connections, and remote data access.For example, the Citrix Receiver appis available to access a variety of Citrix virtualization solutions.Data AccessWindows RT devices provide local storage for documents and settings, just like any version ofWindows.Many devices will also support storage devices such as microSDXC cards, and will also supportUSB storage devices, including USB keys and USB hard drives. 15 | P a g e
  17. 17. SkyDriveWindows RT devices can utilize SkyDrive cloud storage for synchronizing personalization andconfiguration settings between devices, even between Windows RT and Windows 8 devices.To go beyond just personalization and configuration, SkyDrive can also be used for storing and retrievingdocuments, pictures, or any other data files.These can be created or edited using Office Home &Student 2013 RT or other Windows Store apps.Although the full contents of a particular SkyDrive are not synchronized to the Windows RT device,documents that were used while connected to the Internet will continue to be accessible offlinebecause they are automatically cached on the Windows RT device.SkyDrive ProAlthough there is currently no SkyDrive Pro client application for Windows RT, files stored in a user’sSharePoint personal site document library can be directly accessed through Internet Explorer providedthe appropriate network connectivity is available.Using Office Home & Student 2013 RT, users will also be able to easily access SharePoint librariesdirectly from the Office desktop applications just as they can from other Windows-based PCs, as long asnetwork connectivity and security allows (as discussed above).Network Share AccessWindows RT devices can access file shares on other Windows-based devices using standard Windowsnetworking protocols to make a connection to these file shares.Because users of these devices will notbe logged on using domain-based credentials, it will typically be necessary to specify an alternate user IDand password (or use a smart card) to access these file shares.Note that Windows RT does not include support for offline files, folder redirection, or other client-sidecaching (CSC) functionality found in Windows 8 Pro and Windows 8 Enterprise.WebDAV AccessWindows RT devices can access files and folders through the WebDAV protocol, which leverages thebuilt-in “WebClient” service capabilities.SecurityWindows RT is designed to leverage all of the security technologies present in Windows 8, several ofwhich are new.Not only does Windows RT support these technologies, many of them are required for allWindows RT devices to help ensure that the devices are protected from the first time they are turned on.Smart CardsIn situations where multi-factor authentication using smart cards is required, Windows RT does includeclass drivers that support smart cards that follow either the Generic Identity Device Specification (GIDS)or the Personal Identity Verification (PIV) standards. 16 | P a g e
  18. 18. All Windows RT devices also include support for virtual smart cards, which provide the same multi-factorauthentication benefits of smart cards without the need for any extra hardware by storing theassociated certificates in the device’s Trusted Platform Module (TPM).As described in WindowsHardware Certification Requirements for Client and Server Systems, TPM capability must be present inall Windows RT devices.Therefore, these virtual smart cards could be considered as an alternative tousing physical smart cards and readers.After a virtual smart card has been created (which can be doneusing the Tpmvscmgr.exe command-line utility), certificates can be loaded onto it using PowerShell, theCertutil.exe command-line utility, or the “Certificates” control panel.Boot SecurityAll Windows RT devices use the Unified Extensible Firmware Interface (UEFI), a modern replacement forthe previous PC BIOS that PCs have used since they were first created.While the most noticeableimprovement with UEFI is faster startup and resumption from hibernation (“instant on”), it also providessome key security benefits to help ensure that malware cannot insert itself into the startupprocess.Through the use of Secure Boot, which ensures that only properly signed and certified boot filesare loaded, and Trusted Boot, which makes sure that the checksums of these boot files do not change,Windows RT can help ensure that no rootkits or other tampering are present.Device EncryptionAt the next level, Windows RT offers Device Encryption, a capability based on the same BitLocker driveencryption technology that is available in Windows 8 Pro and Windows 8 Enterprise. Device Encryptionhas been optimized for Windows RT devices to provide full volume encryption, which leverages AESencryption with 128-bit keys with a TPM protector.All Windows RT devices are encrypted when the computer first starts, but it is not protected with anencryption key until someone logs onto the computer using a Microsoft account that is an Administratorof the computer.After this happens, the encryption key is applied and a recovery key will beautomatically uploaded into the SkyDrive associated with the account.The recovery key will also bebacked up into SkyDrive for each subsequent Microsoft account that logs on with Administrator rights.Because the device is not protected with an encryption key until an administrative Microsoft accountlogs on, it is very important that this is performed at least once on every Windows RT device.Windows RT can be configured so that Device Encryption automatically forces the device to ask for therecovery key if tampering (for example, trying to log on multiple times with an incorrect password) isdetected.This must be enabled through local policy by setting the “Interactive logon: Machine accountlockout threshold” setting under “Computer ConfigurationWindows SettingsSecurity SettingsLocalPoliciesSecurity Options,” or by using the “MaxFailedPasswordAttempts” policy of Exchange ActiveSync(also configurable through Windows Intune), to specify the number of failed password attempts beforethe device will request a recovery key. 17 | P a g e
  19. 19. The recovery key can be obtained from the SkyDrive associated with any Microsoft account that loggedonto the Windows RT device with administrator rights.This can be retrieved by accessing thehttp://windows.microsoft.com/recoverykey website.Device Encryption in Windows RT does not provide the full functionality of BitLocker.Some of thefeatures that are specific to BitLocker and not included in Windows RT Device Encryption include: An extended set of protectors (for example, network, PIN, TPM, password). Management capabilities enabled through Active Directory, such as recovery key escrow and support for Microsoft BitLocker Administration and Monitoring (MBAM).Note that Device Encryption is not FIPS-compliant due to the storage of a non-compliant recovery keyon SkyDrive.BitLocker To GoAlthough Windows RT cannot create encrypted BitLocker To Go USB drives or SD cards, it is able to usethese drives or cards once they have been encrypted from Windows 8 Pro or Windows 8 Enterprise (oreven Windows 7) computers.When inserting the BitLocker To Go USB drive or SD card, the user will beprompted to provide the required password before they can access or update the data on the USB driveor SD card.AccountsWindows RT supports the use of multiple user accounts.These accounts can have full Administratoraccess or can be set up as “standard” users with limited configuration capabilities.(Even standard userscan install Windows Store apps from the Windows Store, unless the Windows Store has been disabled.)Windows RT supports using either local accounts or Microsoft accounts.Note that some operations suchas installing applications from the Windows Store, as well as some applications including Mail, Calendar,and Contacts, require the use of a Microsoft account.The synchronization of Windows RT settings andencryption key backups also require the use of a Microsoft account.As a result, it is recommended thatMicrosoft accounts be used for most Windows RT devices.Note that Windows RT and Windows 8do not support using Active Directory federated IDs in place ofMicrosoft accounts to access the Windows Store. See http://windows.microsoft.com/en-US/windows-live/sign-in-what-is-microsoft-account for more information on Microsoft accounts.Convenience PasswordsWindows RT provides support for leveraging two new types of convenience passwords: Picture passwords, where a series of three user-defined gestures can be used with a custom lock screen picture to unlock the device PINs, where the user enters the correct four-digit value to unlock the deviceThe user account still has a traditional password assigned to it, so these just make it easier to log on,especially on touch devices, by not requiring that the full password be entered. 18 | P a g e
  20. 20. These convenience password mechanisms can be disabled (either through Exchange ActiveSync policy,Windows Intune, or local computer policy) in situations where they are not desirable.Credential LockerWindows RT includes the Credential Locker, a service that stores user accounts and passwords fromWindows Store apps and websites so that they can be automatically presented back to the app orwebsite the next time they are needed.For more information on Credential Locker, seehttp://technet.microsoft.com/library/jj554668.aspx.SmartScreenWindows RT includes SmartScreen capabilities that check all downloaded files to help ensure that theyare safe.SmartScreen leverages application reputations to determine which files may be dangerous andwhich files are not; for those that are not, no prompt would be displayed.For files that do not have aknown reputation, or for those that have a bad reputation, SmartScreen will prompt the user forconfirmation before continuing.Windows DefenderWindows Defender provides real-time protection on Windows RT from malware, including viruses,worms, bots, and rootkits by using the latestset of malware signatures from the Microsoft MalwareProtection Center, which Windows Update will deliver regularly along with the latest Microsoftantimalware engine. This expanded set of signatures is a significant improvement over previous versions,which only included signatures for spyware, adware, and potentially unwanted software.Windows FirewallThe Windows Firewall is also included in Windows RT and enabled by default, to ensure that thenetwork attack surface is minimized.Configuration of the firewall is more limited though, because GroupPolicy— only available for Active Directory-joined computers— cannot be used to push out a specificconfiguration.Scripted configuration using Netsh can be performed.Network Access ProtectionWindows RT does support Network Access Protection (NAP), which can be used to control access tocorporate network resources based on the device’s compliance with corporate controls.Note thatWindows RT does not support third-party system health agents (SHA).ManageabilityWhile Windows RT does not support Active Directory, Group Policy, and related managementtechnologies, it does provide some management capabilities that are useful for enterprises.Thesecapabilities are useful in different scenarios, ranging from governance for employee-owned computersto full management of enterprise-owned computers. 19 | P a g e
  21. 21. Enterprise Systems ManagementWindows RT includes a management client that enables devices to be connected to the Windows Intunecloud-based management infrastructure.Once connected, a variety of management tasks are possible,including software publishing, inventory collection, configuration management, and software updatedeployment.Windows Intune also integrates with System Center 2012 Configuration Manager Service Pack 1 (SP1) sothat all administrative tasks, for Windows Intune-managed clients as well as Configuration Managerclients, can be performed through Configuration Manager.This single pane-of-glass administrationsimplifies the management of Windows 8, Windows RT, and previous versions of Windows.Windows Intune can be used to create an enterprise app store that enables users of Windows RTdevices to request line-of-business apps; Windows Intune will take care of performing the necessarysideloading operations to install those applications on the device.Windows Intune will also manage thenecessary sideloading product keys needed for each Windows RT device, as well as the enterprisecertificate used to sign the line-of-business applications.Windows Intune can also be used to push out specific configurations such as VPN definitions (whenintegrated with Configuration Manager), governance policy settings, and even custom scripts toconfigure Windows RT as required.It can also monitor those settings to ensure compliance withcorporate policies.See www.windowsintune.comfor more information about Windows Intune.PowerShellWindows PowerShell is supported on Windows RT, and provides key functionality for managing andconfiguring Windows RT.As previously mentioned, this includes many useful capabilities, including:sideloading applications, configuring VPN connections, Windows Firewall configuration, certificatemanagement, and more.While PowerShells scripting language, in-box cmdlets, providers, and management capabilitiesfundamentally act as they do on other platforms, there are some differences on Windows RT, whichfocuses PowerShell on direct management scenarios.Differences include: Binary PowerShell modules (other than the ones provided as part of Windows RT) are not supported on Windows RT, although script modules can be used. Scripting access to the .NET Framework, as well as access through the Add-Type cmdlet,is not supported on Windows RT. The PowerShell Integrated Scripting Environment (ISE) is not included in Windows RT, so the PowerShell command line-based host must be used for running scripts. Windows Store apps cannot programmatically run PowerShell commands as the interfaces for those commands are not exposed through the WinRT API set.(In some situations, the WinRT HttpClient class could be used to manage remote computers through PowerShell web services, but loopback connections to the local computers are not possible.) 20 | P a g e
  22. 22. Inbound remoting is disabled by default, but can be enabled if needed by startingthe Windows Remote Management (WinRM) service and configuring WinRM on the device. Implicit remoting is not supported by PowerShell on Windows RT because of constraints in place in Windows RT.GovernanceThrough Exchange ActiveSyncWhen connecting a Windows RT device to a mailbox hosted on an Exchange Server, the ExchangeActiveSync (EAS) protocol is used.This protocol provides support for configuring specific security-relatedpolicies on a Windows RT device to ensure that corporate e-mail stored on the device is protectedappropriately, while also providing a mechanism for remotely removing an e-mail (as well as calendarand contact information) in case the device is lost or if the user’s Exchange account is removed ordisabled.The specific policies that can be set on Windows RT, as documented athttp://msdn.microsoft.com/library/windows/apps/windows.security.exchangeactivesyncprovisioning.easclientsecuritypolicy.aspx, are: DisallowConvenienceLogon Read/write Gets or sets the ability to prevent convenience logons.When set, picture passwords will not be allowed. MaxInactivityTimeLock Read/write Gets or sets the maximum length of time the computer can remain inactive before it is locked. MaxPasswordFailedAttempts Read/write Gets or sets the maximum number of failed password attempts for logging on.After the failed attempt threshold has been exceeded, the Windows RT device will be put into encryption recovery mode, requiring that the recovery key be provided to unlock the device. MinPasswordComplexCharacters Read/write Gets or sets the minimum number of complex characters that are required for a password. MinPasswordLength Read/write Gets or set the minimum length of password allowed. PasswordExpiration Read/write Gets or set the length of time that a password is valid. PasswordHistory Read/write Gets or set the password information previously used. RequireEncryption Read/write Gets or sets whether device encryption is required. 21 | P a g e
  23. 23. Windows UpdateTo keep Windows RT up-to-date, it will be serviced through Windows Update for all operating systemcomponents, including Office Home & Student 2013 RT, as well as drivers and firmware updates.For Windows Store appsthat come with Windows RT, as well as any additional apps installed from theWindows Store, notification of new versions will be provided through the Store app, with installation ofthe new versions initiated by the user when convenient for them.These will not be automaticallyinstalled.Note that Windows RT can only be updated by using Windows Update; Windows Server Update Services(WSUS) cannot be used to deploy updates to Windows RT.Data BackupAs mentioned previously, Windows RT can use SkyDrive as a backup mechanism, in case the device isdamaged or lost. Windows RT also supports the File History feature which can be used to back up userdata from a Windows RT device to an external storage device.See http://windows.microsoft.com/en-US/windows-8/how-use-file-history for more information on how to use File History for data backup.Local PolicyAlthough Windows RT does not include support for Group Policy (because this requires joining an ActiveDirectory domain), it does include support for local policy configuration by using the standard localpolicy editor MMC snap-in.This enables accounts with administrative rights to configure computer andlocal policies that apply to all users of the Windows RT device.To enable local policy on Windows RT, the “Group Policy Client” service must be manually enabled usingan Administrator account.See http://technet.microsoft.com/library/jj574108.aspx#BKMK_WinRTformore information.SupportConsumer support for Windows RT will be provided by the manufacturer of the device.For commercialsupport, organizations may leverage a Professional support contract, Professional pay-per-incident (PPI)support, or a Premier support contract.To help ensure a safe and secure ecosystem, Windows RT will provide full support for both securityupdates as well as non-security updates (for example, to ensure performance and reliability).Hotfixes ordesign change requests will not be available.Note that Windows RT is not classified as a business or developer product as outlined in the definitionsdescribed in the Microsoft Support Lifecycle.As a result, Windows RT will not have the same extendedlifecycle as these other products.See http://support.microsoft.com/gp/lifecycle-windows-rt-faq formore information. 22 | P a g e
  24. 24. SummaryWindows RT devices are primarily designed as consumer devices, but can be used in corporateenvironments as well, either using employee-owned devices or company-owned devices depending onthe situation.To properly support Windows RT devices in the workplace, enterprises should understandthe capabilities provided in and restrictions imposed by Windows RT, as well as the specificinfrastructure requirements for supporting Windows RT devices within their organization.Enterprises are encouraged to consider Windows RT devices when appropriate, given the capabilitiesand restrictions described above.In some situations, using Windows 8-based (x86) devices may be mostappropriate. 23 | P a g e
  25. 25. GlossaryBring Your Own Device.A policy adopted by many organizations that allows users to use personaldevices (smart phones, tablets, laptops, and so on) in their work environment.These devices are typicallyowned by the individual, so they are not managed by the organization.However, the organization oftenwants to establish requirements on the usage of these devices in a work environment throughgovernance: requiring certain minimum settings or software versions before the devices can be used orsupported.Desktop Application.A traditional Windows application that runs in the desktop environment.These mayrun on Windows 8 or Windows 7 (and typically even earlier versions of Windows), but are not typicallyoptimized for use in a full screen, touch environment.These are typically installed using the WindowsInstaller (MSI), App-V, or a variety of other Setup.exe-style installation programs.While theseapplications may be listed in the Windows Store, they cannot be installed from the WindowsStore.Although most desktop applications will run on Windows 8-based devices, only the desktopapplications that are included with Windows RT (Office, Notepad, Regedit, Calc, and so on) can run onWindows RT; it is not possible to install additional desktop applications on Windows RT.(Compare toWindows Store App.)Device Encryption.The built-in disk encryption technology used to protect data stored on a Windows RTdevice.This technology is based on the BitLocker feature of Windows 8.Enterprise App Store.A private app store managed by enterprises to enable the deployment of line-of-business apps and other third-party apps.For Windows Store apps, this enterprise app store wouldleverage sideloading in order to install the apps on the Windows device.Sideloading.The process of installing a Windows Store app onto a Windows 8 or Windows RT computerwithout using the Windows Store.To do this, the computer must be enabled for sideloading.In the caseof Windows RT, this means you must install an enterprise sideloading key on the device.System Center 2012 Configuration Manager.A comprehensive enterprise systems management productused to manage Windows computers.Configuration Manager provides the Enterprise App Storefunctionality described above.Unified Extensible Firmware Interface (UEFI).The firmware used to start all Windows RT devices.Thisfirmware supports Secure Boot and Measured Boot to protect the operating system from malware thatmight try to interfere with the startup process.See www.uefi.org for more information.Windows Store App.A new style of application introduced with Windows 8 and Windows RT.These appsare designed for full-screen touch usage, while also supporting mouse and keyboardinteraction.Developers can create these applications in .NET languages (C#, Visual Basic) as well as inC++ or JavaScript/HTML.In most cases, these applications are platform-neutral, so they can run on 24 | P a g e
  26. 26. Windows 8 or Windows RT-based devices.Typically Windows Store apps are installed from the onlineWindows Store, but they can also be installed though sideloading.(Compare to Desktop Application.)Windows 8 App.Another term for a Windows Store app.(Note that this does not necessarily mean thatthe app only runs on Windows 8; most Windows Store apps will run on Windows 8 and Windows RT.)Windows 8.The latest version of the Windows operating system that runs on x86 or x64 processors fromIntel and AMD.Windows Intune.A public cloud-based enterprise systems management tool that supports themanagement of Windows 8 and Windows RT devices (and others).This subscription-based serviceprovides software publishing, inventory collection, configuration management, and software updatedeployment capabilities.It can also be integrated with System Center 2012 Configuration Manager tosupport management from a single console.Windows Intune also provides the Enterprise App Storefunctionality described above. See www.windowsintune.com for more information.Windows RT.A new member of the Windows family that runs on ARM processors.WinRT.The application programming interface (API) for creating Windows Store apps.WinRT App.Another term for a Windows Store App. 25 | P a g e
  27. 27. For Additional InformationWhich tablet should you choose for your business?http://blogs.windows.com/windows/b/business/archive/2012/12/14/which-tablet-should-you-choose-for-your-business.aspxExchange ActiveSync: Frequently-Asked Questionshttp://technet.microsoft.com/exchange/bb288524.aspxOffice Home & Student 2013 RThttp://office.com/officeRTSpringboard Series for Windows 8http://technet.microsoft.com/windows/hh771457.aspxSystem Center 2012 Configuration Managerhttp://technet.microsoft.com/systemcenter/hh285244.aspxWindows Intunehttp://technet.microsoft.com/windows/intuneWindows RThttp://windows.microsoft.com/en-US/windows/rt-welcomeWindows RT Device Compatibility List (USB peripherals that work with Windows RT)www.microsoft.com/en-us/windows/compatibility/winrt/CompatCenter/HomeWindows Store App Developmenthttp://msdn.microsoft.com/windows/apps/br229512.aspx 26 | P a g e

×