Security policies are used for configuring security settings that are then enforced with the help of security roles and certificates. They provide the flexibility to control the level of security on the device. The policies are defined globally and enforced locally in their respective components.
The security policy is set during boot by executing a configuration file called provxml.provxml. This provisioning file is in ROM and it contains the default setting specified by the OEM.
The security policies are loaded onto Windows Mobile devices in a security policy provisioning document, which is an Extensible Markup Language (XML) file that is assigned the correct security role to apply the security settings to the device. These security policies are enforced at critical points across the architecture of the device. Often, these policies will interact with Configuration Manager and the metabase security settings. When the security policy document is delivered to the device, it is validated and verified by the Push Router, administered by Configuration Manager, and then applied by the Security Policy Configuration Service Provider .
The security policies are described in Security Policy Settings.