Get ready for beta!

Prepare for Halo Wars 2 Blitz Mode beta: Everything you need to know!

One Windows

Microsoft is building a new Windows 10 Shell for PC, Mobile and Xbox

On the Inside

Everything you need to know about the Xbox Insider Program

Beautiful compromises

Surface Studio review: you'll want one, even if you don't need one


Is this the Surface Phone? Microsoft awarded patents for foldable devices

Windows Central Offers

MCSE Certification bundle is just $39

Even more improvements

All the changes found in Windows 10 build 15007!

Games as a Service

What does the cancellation of Scalebound mean for future Xbox exclusives?

Windows Central Offers

Save $90 on these FRESHeBUDS Pro Magnetic Bluetooth Earbuds

Returning for 2017

We're back with an new episode of #AskDanWindows

Lifetime Subscription

VPNSecure is currently 91% off

Our favorite things

The Best of CES 2017 Awards

Infinity Edge in your hand

The XPS 13 2-in-1 is the Dell convertible we've always wanted

Project Valerie

Razer just made a laptop with three — THREE! — 17-inch 4K displays. 😱

Great design from Palo Alto

HP's CES 2017 releases are truly gorgeous PCs

Intel and Google's big day

CES 2017 Day Two: New laptops, new phones, and old ideas made new

Take five is better than ever

The updated Lenovo ThinkPad X1 packs Kaby Lake chips and zero bloatware

Everything we know about the next Xbox: Project Scorpio


'Game Mode' for Windows 10 will power Xbox One and Scorpio games too

Buyer's guide

Best accessories for Microsoft Surface Book

< >
Welcome to the Windows Central Forums Create Your Account or Ask a Question Answers in 5 minutes - no registration required!
Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By Rafcayey
  • 1 Post By that guy with the face
  1.    #1  
    I've seen it listed as a feature, but I'm not sure how to implement it. Is it as easy as turning on a lock screen password like in IOS, or is there more to it? I've searched everywhere and can't find any details. Are there hardware level encryption chips in WP8 devices (920 in my case) or is it software based? What encryption algorithm is in place? Strength?
  2. Rafcayey's Avatar

    1 Posts
    I found this about encryption. hope this helps.

    Windows Phone Security | Windows Phone (United States)
  3.    #3  
    Here is the important part of the PDF regarding encryption:

    Device encryption
    To help keep everything from documents to passwords safe, Windows Phone 8 includes a device encryption feature.
    Device encryption in Windows Phone 8 utilizes BitLocker technology to encrypt all internal data storage on the phone with AES 128. Encryption is enabled by either EAS policy (RequireDeviceEncryption) or device management policy, and once enabled, BitLocker conversion automatically begins encrypting the internal storage. The encryption key is protected by the Trust Platform Module (TPM) which is bound to UEFI Trusted Boot to ensure the encryption key will only be released to trusted boot components.
    With both PIN-lock and BitLocker enabled, the combination of data encryption and device lock would make it extremely difficult for an attacker to recover sensitive information from a device.


    Although the Windows Phone 8 operating system and user data partitions are encrypted, files on SD cards that are inserted in the phone are not encrypted.

    So it appears that you need to connect the WP8 device to your Exchange ActiveSync network, AND toggle "RequireDeviceEncryption" for your details to be secured. I'm not sure what they're talking about RE: device management policy, because unless it's another facet of EAS, it is just a set of rules you set in place within your company like don't take pictures inside the lab. So there isn't whole device encryption for the average user, and only having a 4 digit pin is easily crackable via computer or simply looking at fingerprints. Why there's no option for a keyboard to make more secure passwords is also lost on me. Another caveat to encryption is that it does not secure files on removable SD cards. I always liked that feature on Android, even though my 920 doesn't have one. This is all a bit concerning and has made me less trusting of my 920 in the months I've had it. I've resorted to using my iPad as my primary device, and only using my 920 for phone calls and to check WPCentral because the apps awesome. One last off topic thing/rant keeping me from using my phone is the Bing search button. I love it when I need it, but the other dozen times a day or more I hit it (or look at it, or breathe near it, or think "I hope I don't hit the Bing button while I'm 30 minutes in to recording an hour concert") literally frazzles my nerves.
  4. manicottiK's Avatar

    659 Posts
    Global Posts
    660 Global Posts
    Yes, activating whole device encryption is something done by your Exchange server or "mobile device management" administration -- it is not a user-selectable option. Those administrators can also set the screen timeout, pin length, and pin type (numeric only or full range of characters from the regular keyboard).

    One of the unusual things about WP8 is that the SD card is read-only. This means that apps can read data from the card, but not copy things to it or modify what's there. Because it can't be written to, it can't be encrypted (which would need to read the existing data, encrypt it, and write it back). Because the card can't be encrypted, the Exchange Active Sync policy that requires card encryption fails on WP8 devices.

    For you, assuming that you use Exchange, you can try to convince your admin to create a security policy for you (and other WP8 users) that turns on full device encryption while not requiring removable storage encryption. The work involved is fairly minimal. The risk to the business (let's pretend that it's one governed by strict data leakage laws, like medicine or finance) is that you'd have two devices, one WP8 and another that does have removable storage. Since the Exchange security policy is set per user rather than per device type, the new policy that you had set up could allow unencrypted data to leak out of the organization via the SD card on the non-WP8 device.

    Microsoft can address this in different ways. It could have phone models that lack an SD slot "lie" to the server, saying that the card is encrypted and justifying it on the basis of there being no actual risk since there is no actual card. It could have all models "lie" to the server, saying that the card is encrypted when it isn't, justifying it on the basis of not creating a risk for data to "leak" from the phone to the outside world. It could create a new policy that says "force encryption on writeable removable card" and advise administrators to switch to that. I would go on, but won't.
  5.    #5  
    I'm more concerned about the every day user. I'm disappointed that Microsoft doesn't allow non exchange users the ability to set more secure passwords I.E. with a full keyboard, and doesn't automatically encrypt user data (when you set up a pin code).
    johnteeples likes this.
  6. #6  
    How do I know if my phone is encrypted or not without knowing the policy details? Is there a screen anywhere in the settings that can show this? Or maybe an artifact by which I can infer this?

Similar Threads

  1. Why WP8 not coming to WP7 devices makes sense.
    By paulheu in forum Windows Phone 8
    Replies: 33
    Last Post: 06-27-2012, 05:42 PM
  2. Replies: 30
    Last Post: 06-11-2012, 11:29 PM
  3. Is HP Thinking About A WP8 Device?
    By fatclue_98 in forum Upcoming & Rumored Windows Phones
    Replies: 35
    Last Post: 06-07-2012, 11:29 AM
  4. WP8 for current devices
    By Dormage in forum Windows Phone 7
    Replies: 9
    Last Post: 05-27-2012, 02:38 PM
  5. Speculations about Wp8/Apollo devices?
    By Ky772 in forum Windows Phone 7
    Replies: 6
    Last Post: 03-28-2012, 12:38 PM

Posting Permissions