Office 365 on Windows Phone 8 - 8

This post provides my suggestions on setting up Windows Phone 8 for small business users, including, email, file sharing and storage, and device encryption. A recent post at the All About Windows Phone site, “Smartphone nirvana doesn’t mean no effort is needed!“, seems a very apt preamble. That said, the set-up process isn’t completely logical, and for that reason, I hope this post is useful.

This post assumes your small business uses Office 365 for productivity services. For those not familiar, Office 365 is the Microsoft suite of services that includes email, online business storage (OneDrive For Busines), tools to share files with teams (Team Sites in SharePoint), messaging/ voice/ video/ conferencing service (Lync), and Microsoft software subscriptions (Word, Excel, PowerPoint, plus others). Depending on your needs there are various plans and options available.

A bit of Windows Phone 8 background

Windows Phone 8 has been available since late 2012.

Outright purchase of an entry level Windows Phone starts at about £100 or US$150 for the Nokia Lumina 520, and prices increase for models with better hardware, such as cameras and screens.

The development of Windows Phone has been eventful in recent years, including Nokia dropping its own mobile operating system in favor of Windows Phone, and Microsoft acquiring Nokia in April 2014.

The current Windows Phone market share is just 3%, depending on who you ask, you can even find fan t-shirts based on this statistic!

Common complaints from former iPhone users is the lack of applications on the Windows Store compared to the Apple Store, while Android users often lament losing advanced features and integration with Google applications, such as Gmail.

Proponents of Windows Phone 8 like the user interface and integration with Microsoft services.

A Microsoft Account should not be an employer responsibility

When you first setup a Windows Phone you will be asked for a Microsoft Account.

Microsoft Account on Windows Phone

A Microsoft Account is primarily related to consumer services, for this reason I recommend that small business identify the Microsoft Account as the personal responsibility of employees, if they choose to use it.

I recommend that employees be free to download applications from the secure Windows Store, automatically backup their photos, link to their Xbox or Skype accounts, or locate their phone if missing, with full knowledge that they are responsible for, and have exclusive access to, their personal information. The alternative, where the employer is responsible, privacy issues aside, is impractical as there are no tools to centrally, and thus efficiently, manage Microsoft Account access and permissions. Of course, there is an option of “no personal use of the business phone”, but that may result in less Christmas cards this year.

If you accept the above recommendation to identify the Microsoft Account as the privilege of your employees, then the following employee advice may be helpful:

  1. You can sign up for a Microsoft Account online, but check that you do not already have one, and understand how to protect your account.
  2. You can back up your photos and videos to the personal online storage (OneDrive) that comes with a Microsoft Account. Please be aware that your employer does not backup your phone.
  3. If you choose to use a Microsoft Account please be aware that the only way to change the Microsoft Account is to wipe the device and start again.
  4. If you lose your phone, you can use your Microsoft Account on the Find My Phone service to help locate it.
  5. If there is an application that you need for work purposes check the cost will be reimbursed before downloading and incurring the cost.
  6. If you use iTunes, then you can sync your content to Windows Phone.

Enable encryption

Device encryption provides addition security to a device password if your phone is lost or stolen (not convinced? read this). Without device encryption retrieving information off your phone is a trivial task for appropriately motivated individuals, but note, having encryption enabled does not make data immune to attack.

Depending on your industry and local regulation, it may be an expectation that sensitive data is encrypted when stored on a device.

Despite information to the contrary, your Windows Phone is not encrypted from initial activation. See below screenshot after initial activation, the area highlighted will have “encrypted” stated after encryption is enabled.

Windows phone storage - not encrypted

Encryption is only possible to enable using remote command (and not directly on the phone) via certain Microsoft email administration tools, or 3rd party products that leverage those same Microsoft administration tools. Fortunately, Office 365 includes the tools required.

If you use an enterprise plan for Office 365 then follow this link for instructions enabling encryption.

If you use a small business plan for Office 365, rather than use the admin portal, you should go to the lesser known “Exchange Admin Console”, https://outlook.office365.com/ecp.

Windows phone 8 device encryption-1

Follow these steps from the Exchange Admin Console:

1 – Click on “mobile” on the left menu.

2 – Click on “mobile device mailbox policies” on the top menu.

3 – Click on the default policy. Note that the policy details are shown on the right, including “encryption not required” (“3a” in the screenshot).

4 – Click on the edit icon. The following screen will then appear.

data connection error Windows Phone - 3

1 – Click on “general” on the left menu if not already highlighted.

2 – I recommend un-ticking “allow mobile devices that don’t fully support these policy to synchronize”.

3 – Click on “save”, and keep the same window open for the next step.

Windows phone 8 device encryption-4

Now we will setup the policy.

1 – Click on “security” on the left menu.

2 – Tick the “require a password” box. Encryption without a password is meaningless. Choose your password characteristics.

3 – Tick the “require encryption on the device”.

4 – If you choose a short password length for convenience reasons, then it is best to also tick the options that wipes the device after a number of incorrect attempts, as this prevents brute force password guessing.

5 – Click on “Save”.

Now if you return to where we started, and view the “mobile device policies settings” you will see the updated policy information.

Windows phone 8 device encryption-5

You will need to wait till we setup Office 365 before the device encryption applies to the Windows Phone.

Setting up Office 365

Please note, a Microsoft Account is different to an Office 365 account, and a Microsoft Account is not needed to use Office 365. This is obviously key to my earlier recommendation to avoid the Microsoft Account as a business owner!

This post assumes you have already signed up to Office 365. If not, a future post will step through the various plans available, the sign-up, and the initial setup steps.

I did receive an error during my setup, with the notification “80072EFD”. It occurs in specific scenarios. Read this post if you get it too.

To setup Office 365 services go to the “Office” app then select “Office 365” and follow the setup instructions.

Office 365 on Windows Phone 8 - 8

Office 365 setup on Windows Phone 1

Office 365 setup on Windows Phone 2

The success notification will include an option to download Microsoft Lync(yes, for this, you need a Microsoft Account!).

Office 365 setup on Windows Phone 3

Shortly after setup you will be prompted to create a device password (to allow encryption to apply).

Office 365 setup on Windows Phone 4

Please note, it can be tempting to initially setup the email side of Office 365 by going to via “settings”, “emails + accounts”, “add an account”, then selecting “Outlook – Outlook.com Exchange, Office 365” – don’t be tempted! If you follow this path, email will indeed setup, but you won’t be able to add the other components of Office 365 until you remove the email account, and start again using the first process described. The below error will show if you try to add Office 365 after email enabled separately.

Office 365 setup on Windows Phone 5

After the setup, your Windows phone will have email available. Don’t forget to check and adjust your sync options, and if you add additional, non-Office 365, email accounts, use the second method to add email described earlier.

Office 365 setup on Windows Phone 7

If you go into the Office app you will see OneDrive and Team Sites updated. For those not familiar, OneDrive @ “your organisation name” is the online business service for storing personal business files (recently rebranded to OneDrive for businesses). Team Site is the online business service for sharing files between teams and uses SharePoint. This post assumes your small business already uses OneDrive for Business and SharePoint, if not, I’ll provide a future post on why you would want to use these.

SkyDrive (recently renamed to OneDrive) is the online consumer service for storing personal files that Microsoft provides with all Microsoft Accounts. This is not part of the business Office 365 service, and remains “un-setup”.

Office 365 setup on Windows Phone 6

Lastly, if you now check your device storage again, you will see it now states “encrypted”.

Windows phone storage - encrypted

Anti-virus

As far as I am aware, anti-virus is not available for Windows Phone because it just isn’t required. For more information follow this link to an article on the Telegraph.

Backup and restore

As mentioned earlier, Windows Phone can be backed up to the Microsoft consumer online storage service, OneDrive. There are some limitations however. On restore you will find that application settings are not restored, phone layout customizations are gone, and email accounts will need passwords again. Windows Phone 8.1, which is in developer release, and due for public release shortly, addresses some of these limitations. Either way, a complete business backup and restore option for Windows Phone is not available.

Remote management

The interfaces used earlier for encryption setup can also be used for basic remote management tasks including locking the device and wiping data from the phone. More granular remote device control requires additional services such as Windows Intune, or 3rd party products.

What else?

Now you have your Windows Phone setup for small business use, including Office 365. To understand other general functions head to the Windows Phone “how to” site, but start of by reading this post: 8 hidden Windows Phone 8 settings you’ll actually use. Also see this user friendly quick start guide for using Office 365 with a Windows Phone. In the coming months Windows Phone 8.1 will be released to the public, which includes some significant business functions. I’ll post a review once I’ve upgraded my Windows Phone.