Jeremy Chapman discusses strengths and weaknesses of various approaches to providing access to Office applications and files from different devices. Remote access options like Office Web Apps and platform-specific apps allow access from any device but with less functionality. Locally installed options have full functionality but require managed, trusted devices. Identity-based protection and rights management can help secure access and limit data sharing based on device trust levels. There is no single best solution, and security involves balancing access with manageability.

1. Jeremy Chapman
Office and Office 365 STPM
Microsoft Office Division

8. Strengths
No footprint on device
Works on most common browsers
(IE, Safari, Chrome, Firefox)
Files are rendered remotely in full fidelity*
Multiple paths in - SharePoint, Office 365 and Windows Live
Weaknesses
Much less functionality compared to native apps
Fidelity loss in edit mode
Requires SharePoint access in managed
environments.
*except, OneNote and OWA. They do not use remote rendering

9. Office Web Apps

10. Worker Processes
Functionality
Word Viewing [or PowerPoint] Service Highly sandboxed
6 Workers processes
Application Converts document or
Functionality presentation to series
of images or XAML
Services conversion
Temporarily stores
Application requests for
output locally on disk
Manager documents
Creates and manages Web Application
workers
Stores output to Web
Apps Cache Proxy Group
Home
Sites Functionality
Word Viewing Provides
[or PowerPoint]
G location of
Service service
Application applications in
5 Proxy farm.
4
3
7
Functionality - ASPX
Provides HTML
WordViewer.aspx Checks cache for
Layouts renditions
(& handlers)
Request renditions
2 from service app.
8 Functionality - Cache
Office Web Apps Cache
Stores rendered
documents
1

11. 3 Web Application
Functionality
Home Provides HTML
Sites Translates .DOCX
Layouts and .ONE files to
OneNote.aspx /
lightweight HTML / JS
WordEditor.aspx Caches updates on
2 server
OneNote only – auto
saves notebook
1

12. Excel Calculation Service Proxy Group
Functionality Functionality
Manages editing Excel Provides
Excel
Calculation
sessions G
Calculation
location of
Autosaves workbook service
Service Service applications in
Responsible for re-
calc
Proxy farm.
Connects to external Web Application
data sources (if
applicable)
Home
Sites
3 2
4
6
Functionality - EWA
Provides HTML
Layouts Excel Web Load-balances
sessions between
Access (EWA)
Excel Calculation
Services
Dispatches requests
to the ECS
5
1

13. Strengths
Offline capability
Tailored to device UI and usage
Weaknesses
Self-Provisioning via App Store & Android Market
May not have access to central and secure storage
User needs to apply updates
Files may be cached or saved to the device.

14. Platform-Specific Apps

15. Strengths
No footprint on device
Manageable configuration
Citrix ica clients available for most common device types
Uses remote resources to render and compute
Enables core platform deficiencies, such as printing
Weaknesses
User experience
Hard to get and keep running
Multiple points of failure.

16. Remoting Into Windows

20. Control file traffic to
trusted devices & users
How to define and enforce what “trusted”
means?
Can you enforce enough configuration?
How good is device crypto?
How are untrusted devices connecting to
network resources?

21. Exchange ActiveSync on the Server

23. http://www.apple.com/ipad/business/integration
/

24. Limiting Access to Data and Network Resources
The Traditional Management
vs. Consumerization Tug of
War
Rights Management
Reduce what untrusted devices can see and connect
to
Limit the amount of data kept on devices
(for example, mailbox sizes)
Allow doc reading, but not editing or local saving on
untrusted devices
Keep data central with secure remote access

25. http://mac2.microsoft.com/help/office/14/en-
us/admin/item/846e1b28-0ae8-40fa-adba-
http://go.microsoft.com/fwlink/?LinkId=201940
1ea5d96fd656

26. Configuring Remote Office Installs for
RDS/Citrix

27. Identity-based protection
Controls access to information across the information
lifecycle
Authorized access based on trusted identity
Secures transmission and storage of sensitive information
Embeds digital usage policies (print, view, edit, expiration
etc. ) in to the content to help prevent misuse after delivery

28. View Protected attachments in OWA
IRM in Exchange Active Sync
Enhanced collaboration using Microsoft Federation
Gateway
Cross Premises IRM support for Exchange Online
Transport Protection Rule
Outlook Protection Rule
Journal Report Decryption
Transport Pipeline Decryption
IRM in OWA
Exchange
Protected Voice Message
Exchange
2010 SP1
2010 RTM
Exchange
2007

29. Keep Everything in the Data Center
Deliver Cloud Services
Remote Desktop Solutions
Host data in your private cloud
You don’t need to say “no”, but you will need to ask for
resources
The end user experience may not be ideal, but both
parties get what they want

30. Controlling File Access Based on Device Type

32. There is no one-size fits all solution here
Security is a sliding scale; lock down as needed
To be “policy-managed” is not a checkbox; it varies
dramatically from vendor to vendor
You can limit access to documents without completely cutting
unmanageable devices off
You can give people access to restricted resources, but it
can be expensive
This is a catalyst to get more resources and cement IT as
thought leaders in your organization!

33. thank you