Windows Phone 7 Security and Management

Security features on mobile devices are important, but as workers become more mobile there is also an increasing need to manage security.


The Windows Phone 7 design provides solid security through an interesting security model—for more info, see the “Windows Phone 7 Security Model” article on the on the Windows Phone 7 Guides for IT Professionals page on the Microsoft Download Center. Features such as requiring managed code, application sandboxing, and app certification/verification contribute to the overall security. And even though Windows Phone 7 isolates processes from each other and prevents inter-application communications, developers can use built-in cryptography to protect app data if they want.


The latest incarnation of Microsoft® Exchange ActiveSync® (EAS) provides security-related mailbox policy properties, which can be used by IT departments for security management purposes. For detailed information on which EAS policies are supported on Windows Phone 7, see the “Windows Phone 7 and Microsoft Exchange Server” article, also on the Windows Phone 7 Guides for IT Professionals page.


For information about the security controls implemented on Windows Phone 7, see the “Windows Phone 7 Security and Management” article on the Windows Phone 7 Guides for IT Professionals page.

Comments (2)

  1. Alan Meeus says:


    The Windows Phone 7 team understands that phone data needs protection, which I think is at the heart of your request. Others have also requested device encryption, and we are investigating what implementation would be best.

    Windows Phone 7 protects data in the following ways:

    Phones can be locked, currently with a numeric PIN. This functionality can be managed with PIN-lock and related password policies in Exchange Active Sync (EAS).

    All data is protected during transmission using SSL.

    Data can’t be transferred from Windows Phone 7 phones; removable data storage cards for data transfer aren’t supported. If a Windows Phone 7 design includes an SD card, it’s locked with a 128-bit key that is securely stored in the phone and in the SD card controller, which uniquely pairs the card with the phone and makes the card unusable in any other device.

    The file system spans the phone’s flash memory and the SD card, but it cannot be accessed from a PC, even using the Microsoft Zune software that connects Windows Phone 7 to Windows–based PCs. This approach prevents users from copying or removing documents from the phone. The Zune software can only synchronize media files (such as music, picture, and video files) with a PC.

    The design of the Windows Phone 7 operating system prevents inter-application communications or applications accessing each other’s isolated storage.

    Devices can be remotely wiped, if necessary, either by a user or an Exchange administrator.

  2. Alun Jones says:

    No good news about device encryption in there – when will Windows Phone 7 be enabled for device encryption? The Exchange ActiveSync document in these guides specifically calls out "Windows Phone 7 does not support device encryption". Many enterprises have security policies requiring this to be enabled for connection to Exchange.

Skip to main content