Build 2013 Much of the hype around Windows 8 has focused on consumers so far, but Microsoft took the opportunity of its Windows 8.1 Preview launch to show off some of the ways it's been improving the OS for enterprise customers, too.
In a late session at the Build developer conference in San Francisco on Wednesday, Microsoft senior program manager John Vintzel demoed some of the new features designed to make IT admins less leery of welcoming tablets and other devices onto their networks.
More ReadingMicrosoft: Hey, small biz devs – Windows Store apps are for you, tooNo plans for Friday night? There's a pile o' Windows Server ISOs feeling lonelyMicrosoft holds nose, shoves Windows into Android, iOS boxesWindows 8.1: Read this BEFORE updating - especially you, IT adminsMicrosoft watches iPads flood into world's offices: Right, remote desktop clients. It's time
One biggie for some organizations will be that Windows 8.1 tablets can now be managed as mobile devices using Microsoft's Windows Intune management service, out of the box. Previously this capability was only available with Windows RT, but the 8.1 update extends it to every edition of the OS.
In addition, Windows 8.1 now includes built-in support for device management via any software that supports the Open Mobile Alliance Device Management (OMA-DM) protocol, giving IT managers multiple ways to enforce policies.
A new feature called Workplace Join allows users to register their devices on a corporate network without going all the way and joining a Windows domain. It's a kind of compromise, Vintzel said, allowing admins to offer some devices limited access to the network while still enforcing security policies for more sensitive resources.
Windows 8.1 users can also access their files on the corporate network using Work Folders, a new technology that syncs files between clients and servers without requiring the client to be domain-joined. (Admins can optionally require a device to be Workplace Joined, however.)
Microsoft has given Remote Desktop a bit of polish, reducing the amount of bandwidth needed so that remote applications seem snappier. And according to Vintzel, reconnect times for flaky connections have been much improved, so that a connection that might have once taken more than 70 seconds to resume can now be re-established in less than 10 seconds.
Even printing has been given some love in the new upgrade, with support for upcoming technologies such as NFC tap-to-connect printing and printing using Wi-Fi Direct.
Battening down the hatches
But perhaps the bulk of Windows 8.1's enterprise upgrades are designed with data security in mind. For example, one new management capability IT admins have with Windows 8.1 is remote data removal. Data can be marked as belonging to a company, encrypted, and then selectively wiped remotely, leaving the user's own data intact.
That's not the only way user data is encrypted in the latest Windows, though. In fact, every flavor of Windows 8.1 will now include pervasive encryption – another feature previously reserved for Windows RT – where all data on the device is automatically protected using an encryption key that's associated with the user's Microsoft account.
This encryption is enabled by default, is invisible to the user, and there are no management settings for it. But companies that want more control still have the option of disabling it and using Microsoft's more full-featured BitLocker encryption, provided they're running the Window 8.1 Pro or Enterprise editions.
Another major improvement is that Windows 8.1 now comes with built-in support for creating VPN connections from the new Network control panel under PC Settings.
New PC Settings options allow Windows 8.1 users to create VPN connections right out of the box
As of the Windows 8.1 Preview, the client supports VPNs from CheckPoint, F5, SonicWall, and Microsoft, although support for other vendors may be added in the future. And because this VPN code is baked right into the OS, Vintzel said, the connections will be more efficient and stable than when using third-party clients.
Applications can also be set to auto-trigger VPNs connections in Windows 8.1, and that's true whether you're using Microsoft's built-in VPN client or a third-party one.
Also baked into Windows 8.1 is native support for fingerprint scanners. Logging in with a fingerprint reader is now more seamless and doesn't rely on third-party software, and fingerprint support is automatically available to Windows Store apps, as well.
The Windows 8.1 update also makes it easy to add two-factor authentication to many security events, for example by calling a user's mobile phone or sending a text message. Workplace Join supports two-factor, and Windows 8's virtual smart card feature has been beefed up to support it, as well.
Here at Vulture Annex, we think these are all welcome improvements and could go a long way to making the new types of devices Microsoft CEO Steve Ballmer mentioned in his Wednesday Build keynote more welcome on corporate networks.
The catch, however, is that many of these features also require Windows Server 2012 R2, which itself has only just been released in preview. MSDN and TechNet subscribers can download the preview version now, but you certainly won't be able to deploy the final version for free.
As we mentioned on Wednesday, the Windows 8.1 Preview is available to all Windows 8 users via the Windows Store, and ISO images for those running other operating systems (or who simply want to do a clean install) were made available on Thursday.
Fair warning, though: as a preview edition, this version of Windows is unfinished and you're liable to mess up your system if you install it. Microsoft has warned that anyone who installs the Windows 8.1 Preview will need to reinstall all of their applications when they upgrade to the final version, and that goes for desktop applications as well as Windows Store ones. As such, we don't recommend you install the preview on any system you use heavily. ®