Windows Phone 8 device encryption – How to apply it and how to check its status

Nokia have made deal out of promoting Windows Phone 8’s device encryption capabilities, posting on the @Nokia_UK Twitter account ‘5 Reasons Why Companies Feel Safer with Nokia Lumia‘.

State-of-the-art device encryption comes in at number one with a bullet. What Nokia fail to mention is that the only way to activate this protection is via Exchange ActiveSync policies, making this feature pretty much inaccessible to the typical home user or even organisations, dare I say it, using a non-Microsoft mail platform. ‘Heresy!’ I hear you say, but moving on…

This is one of those days having my email served via Office 365 conferred advantage, as I was able to supplement my employers Exchange device policy with one from my own personal mail service, allowing me to better protect my data such as those mission-critical selfies & cat pictures.

The policies which apply the encryption setting  can be found on the tenant Exchange admin center, on the mobile section, under the ‘mobile device mailbox policies’ tab:

You can create new policies and/or edit existing policies to enforce encryption. The setting you are looking for is the checkbox ‘Require encryption on device':

Of course, you may want to check your current encryption status on your device. This can be done on Nokia Lumia Windows Phones by opening the ‘Settings’ app and then pressing the ‘phone storage’ button under the ‘system’ section:

Windows Phone 8 storage settings

Discover the current device encryption state in this location

 

If encryption is enabled it will say “XX GB used, encrypted”.  If it is not encrypted, it will simply say “XX GB used”. Here’s my before and after shots by example.

Windows Phone 8 - Unprotected data

Before

Windows Phone 8 - Encrypted data

After

The encryption process doesn’t have a progress indicator but I estimate it took less than 45 minutes to apply the encryption to ~10GB of data, once the policy had been driven down to the device. It does strike me as odd that the device user isn’t presented with any sort of indication that encryption is underway. Exposing the percentage complete status somehow would be even more desirable, in my humble opinion.

As none of this information was high up in the search engine hits and part of the solution was in a Citrix KB article, of all places, I thought I’d share!

Leave a Reply