Six myths of Windows RT revealed! There has been a lot of (mis)information being circulated about capabilities of Windows® RT, the new for ARM tablets. This discussion should dispel a number of those myths and will highlight the robust capabilities of this new and exciting operating system powering the next generation of tablets.

Myth # 1 – Windows RT is not manageable • Maximum inactivity lock Although Windows RT is not as openly manageable • Minimum device password complex characters as a Pro or Windows 8 Enterprise PC, IT • Minimum password length Administrators will still be able to remotely manage many • Password enabled aspects of a Windows RT device. • Password expiration SCCM and InTune • Password history Microsoft System Center Configuration Manager (SCCM) It also has the ability to query and report back: and Microsoft’s SaaS product, InTune, are widely adopted • Drive status systems management solutions. • Auto update status Utilizing Exchange Active Sync extensions, Windows RT • Antivirus status will have built-in hooks so that it is manageable by SCCM • Anti-spyware status and InTune. For example, using Exchange , SCCM This is just a . In the future, there are many and InTune, the IT admin is able to configure a set of opportunities for Microsoft to open up additional policies including: management capabilities beyond these critical ones • Allow convenience logon listed. As Windows RT becomes mature, we expect • Maximum failed password attempts Microsoft to continue expanding the list. Myth #2 – Windows RT is not secure RT devices come with full volume data Out of the box, Windows RT devices encryption, which is based on their own TPMs are devices that securely store are loaded with a number of built-in technology (although will not cryptographic keys, such as password security features that will appeal to a be branded BitLocker by Microsoft). This and credentials (typed and broad set of customers with varying ensures that any sensitive data on the smartcard based) and encryption levels of security enforcement policies. device will be inaccessible in the event keys. Windows RT supports a firmware Secure Boot the device is lost or stolen. The recovery based TPM so that user’s passwords Secure Boot effectively locks down key is stored on the user’s SkyDrive and credentials remain secure and Windows RT devices by preventing account for easy access if needed. protected. it from loading (or booting for that Remote wipe of company sensitive data Myth #3 – Setting up Windows matter) non-Windows operating In the event that a Windows RT RT to work in an enterprise systems. This effectively stops users device is lost or stolen, the user or environment is difficult from loading rogue or pirated copies IT administrator with the proper Windows RT comes with a number of of OS onto Windows RT devices. credentials has the ability to remotely built-in, out-of-the-box tools that allow This maintains the integrity of the wipe EAS managed data (like email, the device to easily connect the user operating system so that it can always contacts, and events) on to their enterprise environment and be trusted. the device, even though the data download LoB applications. So even This same system also helps enforce is encrypted (just to be safe!). If the though Windows RT does not directly that all applications be digitally signed applications were installed through support features like Domain Join, it is using a trusted certificate before the Enterprise Application Store, IT exceptionally “enterprise ready”. being installed on the device. It admins will also be able to disable VPN ensures authenticity (knowing where access to these line of business (LoB) Virtual Private Networking (VPN) the app came from) and integrity apps (see Myth #4 below). creates a secure, reliable tunnel (verifying the app hasn’t been Multi-factor directly through a company’s firewall tampered with since its publication) Windows RT supports many forms that allows users to access corporate for each application on a Windows of secure login, including picture data and email. Windows RT has a RT device, preventing installation of password, typed password, biometric built-in VPN that is compliant with the unauthorized applications. (fingerprint) and smartcards (PIV, majority of advanced VPN systems in Windows Defender GIDS) utilizing firmware trusted the marketplace today. Although the Secure Boot system will platform module (TPM), depending • Inbox VPN client included for prevent the majority of unauthorized on the hardware configuration. Microsoft, Cisco, CheckPoint, and applications from being installed, the Through the InTune management Juniper servers next line of defense will be built-in console, IT admins can also force • VPN protocols supported: L2TP, Windows Defender, protecting the policies such as strong password, PPTP, SSTP, Ipsec (IKEv2) system against spyware and unwanted password expiration, inactivity time • Multiple ways of configuration . Windows Defender will lock, etc. (client UX, scripts, or management continuously monitor and Separate user profiles are also infrastructure) remove malicious and potentially supported which isolates and • Encryption protocols: WEP, WPA, unwanted programs from the device. protects user’s data from being WPA2, WPA-Enterprise, WPA2- Full device encryption accessed by other users logged Enterprise, 802.1X Protecting data on the system is into the device the same time. • Certificate-based authentication Although separate local user profiles important for a number of reasons and Using the built-in management are possible, only one Enterprise encrypting the data on the device is agent, Windows RT allows automatic Application Store credential is the most widely accepted method of configuration of VPN profiles for the supported (i.e. authentication via AD). securing private information. Windows user, so that Windows RT devices easily connect to a corporate network requiring little user action.

2 VDI support • Internally developed Windows RT For companies using Virtual Desktop apps that are not published in the Infrastructure (VDI), Windows RT Windows Store allows the user to connect directly • Apps produced by independent to their full Windows desktop and software vendors that are licensed access legacy applications using the to the organization for internal built-in VDI receiver application. This distribution allows for: • Web links that launch websites • Full VDI experience and web-based apps directly in • Rich experience everywhere the browser (RemoteFX, USB redirection, multi- • Links to app listings in the Windows touch remoting) Store. This is a convenient way • Best value for VDI (Fairshare) for IT to make users aware of • Efficient management useful business apps that are publicly available. So even though legacy native apps written purely in native WIN32 code Discovering and cannot execute directly on Windows downloading LoB RT devices, these apps may still be applications on Windows accessible to the user through a RT devices is quite connected VDI session. Plus, all the simple. The Windows RT advantages of VDI such as session Management Agent and mobility, security and IT image Enterprise Application management will be available to the Store allows the user Windows RT user through the built-in to simply enter their VDI receiver. corporate email address and password and the Myth #4 – It’s difficult to install device will automatically line of business (LoB) apps on Windows RT present a set of LoB available for the user to Enterprise customers have many download and install. options available to distribute LoB applications to their employees (or This same system also students). One way is through the allows the IT Administrator Windows Store or through the Dell to populate, manage and Shop (store within a store) application. audit which applications Although this method is a convenient are available to each user. way to discover and download most This is accomplished popular off-the-shelf apps, it requires by simply adding the the user to log on using their personal user’s credentials to the Microsoft Live ID, which may not be (AD) appropriate for companies or school service in the SCCM or systems that have developed or InTune console. negotiated separate volume license By specifying which AD agreements for their LoB applications. domain a particular user Enterprise Application Store is a member of, IT admins So by using the built-in Windows RT can offer different applications to Management Agent and Enterprise different sets of users. For example, Application Store, a curated set of they can offer expense management, company approved LoB apps can contact management and sales be easily discovered, downloaded tracking applications to their road and installed directly to the device. warriors and offer quality control, Microsoft allows the user to browse inventory management and logistics and discover these types of LoB apps applications to team members on the that have been made available to them factory floor. by the IT admin:

3 The Windows RT Management Agent Today, Windows RT is a perfect Myth #6: Windows RT is not like also performs daily maintenance tasks, complement to the BYOD trend, having a “full” Windows OS updates downloaded applications and primarily because it has the consumer The new Windows RT is a purpose-built checks for new apps available to the features end users desire and the operating system designed specifically user. It will also report back which apps enterprise enablers corporate to be used on ARM-based mobile and are installed on which machine for customers require. Its main focus is tablet devices. Its design intent was inventory and audits. security, manageability, productivity to leverage the many advantages of The result is a system in which and application access, when and Windows 8, but it’s optimized for an ARM-based processor. enterprise customers can populate a where appropriate to the company set of curated LoB applications they or user. If the company or end user The “Windows Experience” Interface want their users to discover, download (if in a BYOD environment) chooses (formally known as the UI) and use. Refer to the following blog to disconnect from the control and The new Windows RT interface is for more information about managing compliance of the enterprise, the IT the largest technology shift in the LoB apps using the Enterprise admin simply initiates a disconnection PC industry since Microsoft moved Application Store. of the device which will: away from DOS. But most legacy • Remove the activation key software was UI designed for Ref: Managing “BYO” PCs in the enterprise (including WOA) keyboard and mouse interaction and http://blogs.msdn.com/b/b8/archive/2012/04/19/managing- that allowed the agent to install quot-byo-quot-pcs-in-the-enterprise-including-woa.aspx LoB apps. Once removed, any therefore, customers would have to WinRT apps that were installed via redesign the software for optimal finger touch experience to be used on the SSP and management client a tablet. The new Windows are deactivated. Windows RT apps are, by default, • Remove any certificates that the designed specifically for finger touch RT interface is the agent has provisioned. using the new WinRT “Windows • Cease enforcement of the largest technology Experience” interface. This new policies that the management interface allows developers to design shift in the PC infrastructure applied. lightweight apps that are optimized to • Report successful deactivation to connected run or cloud-based apps industry since the management infrastructure if written in HTML5 instead of heavy the admin initiated the . Microsoft moved ++ native applications. And since • Remove the agent configuration, Windows RT can ONLY run WinRT including the scheduled away from DOS. apps, any application that is written maintenance task. Once completed, for a Windows RT device can be easily the agent remains dormant unless ported to run on a full Windows 8 PC the user reconnects it to the Myth #5 – Windows RT is not or in cases, execute on either with no management infrastructure. good for BYOD users changes required. The consumerization of IT trend in This process will not touch the VDI the marketplace is driving companies personally loaded applications the user As explained earlier, there is yet to adopt Bring Your Own Device purchased or downloaded through another alternative to running x86 (BYOD) policies. These companies the marketplace, but will effectively software on the tablet itself. When have been trending away from fully remove all corporate assets off of the intermittent access to legacy x86 managing devices to more monitoring employee-owned device. software is required on a tablet, and maintaining access controls to Ref: Managing “BYO” PCs in the enterprise (including WOA) consider VDI and a Dell keyboard dock their applications, data and services, http://blogs.msdn.com/b/b8/archive/2012/04/19/managing- quot-byo-quot-pcs-in-the-enterprise-including-woa.aspx that comes with a touchpad. while leaving the user’s personal applications and private data alone.

4 Windows 8 feature comparison Below is a line-by-line comparison of Windows RT versus the other versions of Windows 8. As you can see, Windows RT stacks up pretty well.

Feature name Windows 8 Windows 8 Pro Windows RT Upgrades from Starter, Home Basic, Home Premium X X Upgrades from Windows 7 Professional, Ultimate X Start screen, Semantic Zoom, Live Tiles X X X

Windows Store X X X Apps (, Calendar, , Messaging, Photos, SkyDrive, Reader, Music, Video) X X X (Word, Excel, PowerPoint, OneNote) X 10 X X X Device encryption X Connected standby X X X X X X Desktop X X X Installation of x86/64 and desktop software X X Updated Windows Explorer X X X Windows Defender X X X SmartScreen X X X X X X Enhanced X X X Switch languages on the fly (Language Packs) X X X Better multiple monitor support X X X Storage spaces X X X X Exchange ActiveSync X X X File history X X X ISO / VHD mount X X X Mobile broadband features X X X Picture password X X X Play To X X X Remote Desktop (client) X X X Reset and refresh your PC X X X Snap X X X

5 Windows 8 feature comparison continued

Feature name Windows 8 Windows 8 Pro Windows RT Touch and Thumb keyboard X X X Trusted boot X X X VPN client X X X BitLocker and BitLocker To Go X Boot from VHD X Client Hyper-V X Domain Join X Encrypting X

Group Policy X Remote Desktop (host) X

Ref: Announcing the http://windowsteamblog.com/windows/b/bloggingwindows/archive/2012/04/16/announcing-the-windows-8-editions.aspx Summary The new Windows RT powering Dell tablets will allow users to work smarter by allowing easy, secure access to company applications and services while enabling rich content creation and consumption with built-in Microsoft Office Suite — even in a BYOD environment. Key security features include built-in secure boot, encryption, multi-factor authentication and the industry acclaimed built-in anti-spyware application, Windows Defender. Windows RT is manageable by the widely adopted Microsoft SCCM and for those companies who opt for a full SaaS systems management solution, Microsoft InTune. It is proven to be enterprise ready with out-of-the-box support for VPN, VDI and a system to discover, download and install a curated set of LoB applications. It is easy to use, thanks to the new WinRT touch-optimized UI and its built-in features compare well to the full version of Windows 8. Windows RT is primed and ready to take on the tablet market by storm by giving your customer the power to do more. Is it right for your customer?

For more information about Dell’s new Windows RT powered tablets, please contact: xxx xxxxxx Dell Inc. FLEX (xxx)- xxx -xxxx

6