Certificates and Windows Phone 7

Organizations need an effective certificate infrastructure because certificates are essential to security. The article Windows Phone 7 and certificates discusses several ways of installing certificates on Windows Phone 7, and provides additional relevant certificate information.


Windows Phone 7 trusts most major commercial certification authorities (CAs). All of these CAs and their root certificates that are pre-installed on Windows Phone 7 phones are identified in the article Windows Phone 7 root certificates. Root certificates are included in web browser applications such as Windows® Internet Explorer® and Internet Explorer Mobile because they play a significant role in Secure Sockets Layer (SSL) communications (which are used extensively in online commerce transactions on the World Wide Web).


Certificates for authentication and Microsoft Exchange ActiveSync®

In addition to using certificates for secure communications, organizations use them for authentication purposes—to verify the identity of users, as well as devices.


An increasingly common authentication use works in conjunction with the Microsoft Exchange ActiveSync (EAS) protocol, which provides mobile users with message and calendar synchronization services. With EAS, users can connect directly to Exchange servers without using any middleware. And the ability of Windows Phone 7 to handle multiple Exchange accounts is a real plus!


How Windows Phone 7 uses certificates to help protect against malware

Certificates play an important role in the installation and licensing of Windows Phone 7 applications, which are only available through the Marketplace Hub. All applications are validated, certified, and uniquely signed with a certificate before they are uploaded, which significantly reduces the threat of malware.


Because Microsoft is the only signing authority, malicious software developers cannot self-sign malware code, and application certificates can be revoked if malware is detected after publication. This approach enhances the integrity of the phone, increases consumer confidence, and provides benefits to developers and consumers alike.


Have a look at the articles on the Windows Phone 7 guides for IT pros download center for more details.

Comments (10)

  1. Alan Meeus says:

    Brian, unless I do not understand your question, you can install SSL cert today. The installation process is described in the article that you can download from the download center.

  2. Alan Meeus says:

    Dany, Windows Phone Mango will soon have the ability to prevent data leaks from email using Information Rights Management (IRM), the persistent file-level technology from Microsoft that uses permissions and authentication.

    IRM can help prevent sensitive information from being printed, forwarded, or copied by unauthorized people. I encourage you to look into IRM capabilities; you can learn more in the Information Rights Management at technet.microsoft.com/…/ff657743.aspx

  3. Alan Meeus says:

    I just posted on Windows Phone 7 and Exchange.  

  4. Damien Caro says:

    If you want to follow a step by step on how to connect your Windows Phone 7 to Exchange 2010, I published the procedure here : blogs.technet.com/…/connecting-a-windows-phone-7-to-exchange-2010-sp1.aspx

  5. russell says:

    What about encrypted email? Is that on the way?

  6. Brian says:

    When can we expect to see SSL Client Certs in IE enabled?

  7. dany says:

    What about encrypted email? Is that on the way? Without e-mail encryption windows phone is not a real alternative to windows mobile 6.x in a enterprise environment. All of our e-mails are encrypted and nowbody is able to read e-mails from our exchange.

  8. Fabio says:


    Our company is using a product called Forefront Identity Management Certificate Lifecycle Manager.2007 This product is issuing a certificate called "Mobile Device User". (Enhanced Key Usage Value Client Authentication ( ))

    Our internal Helpdesk tells me that this type of certificate is no supported by Windows Phone 7.

    Is this true and will this type of certificate ever be supported?

    Thanks & cheers


  9. Bob Hyatt says:

    company uses certificates of exchange 2003,

    and with the new year came a new certificate,

    I installed the new one via my hotmail account,

    but still error messages as soon I try to sync…

    Is there a way to delete the old certificate and then re-install the new one?

    because there is no directory accesable in the phone…

    any tips?


  10. drksilenc says:

    remove this useless feature that none of the other 3 major mobile os's dont require that way we can operate properly

Skip to main content