The Deployment Guys

Helping to deploy your world automagically...

Supporting Windows 8 Mail App in the Enterprise

Supporting Windows 8 Mail App in the Enterprise

  • Comments 4
  • Likes

In a recent project we faced an interesting problems using the Windows 8 Mail App.

Windows 8 include a built-in email app named Mail (also referred to as Windows 8 Mail or the Windows 8 Mail app). We used a Standard User Account without any local Admin privileges, logged on to the Domain and tried to add our Exchange information to the mail app. After adding our Account information an error is popping up “To sync username@yourdomainname.com, you will need to change this PC’s settings to match the mail server’s security settings.”

clip_image002[5]

After some investigation about this error we found out there are few settings Enterprises need to prepare before using the mail app in an environment with logged down user rights.

The Windows 8 Mail to allows users using ActiveSync (EAS) for Exchange synchronization. If you add your account to the Mail application your Exchange policies will pushed down and the stronger policy will take presence (http://blogs.technet.com/b/exchange/archive/2012/11/26/supporting-windows-8-mail-in-your-organization.aspx). If your EAS is stronger than your Domain or local policy the Windows Policy Engine requires admin access to apply policy changes, since non-admins are not allowed to make changes to computer/account configurations, you will get the issue documented above.

In a next step you have to compare the policy that is applied on the device(s) against what is being requested by the Exchange server.  

Control  the corresponding Group Policy (Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options /) to have the same settings  as you have configured in Exchange. If both are identical you can add your Exchange Account without getting any popup.

AllowSimpleDevicePassword                                     : Windows Policy Engine would try to apply this policy,
MaxInactivityTimeDeviceLock                                    : Windows Policy Engine would try to apply this policy,
MaxDevicePasswordFailedAttempts                       : Windows Policy Engine would try to apply this policy,

DevicePasswordExpiration                                          : Windows Policy Engine would try to apply this policy,
DevicePasswordHistory                                                 : Windows Policy Engine would try to apply this policy,
RequireDeviceEncryption                                              : Windows Policy Engine would try to apply this policy,

MinDevicePasswordComplexCharacters               : domain accounts, password length and complex characters are not governed by EAS,
MinDevicePasswordLength                                         : domain accounts, password length and complex characters are not governed by EAS,

 

 

This post was contributed by Lutz Seidemann, a Solution Architect with Microsoft Consulting Services.

The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use.

  • Hi - It seems to be impossible to define a user display name in outgoing mail. The Win 8 mail app seems to magically grab it from somewhere and completely ignores what is defined in account settings 'Your Name'. This seems bafflingly amateurish. I have no idea how to report the issue. Maybe you do. Thanks.

  • Is there a way to configure the mail app with a script? Best would be powershell.

    So add Accounts automatically for the domain users.

  • thanks

  • Thanks for this, I also found this link helpful when trying to link the Activsync Policies to Group Policy settings. http://technet.microsoft.com/en-gb/library/dn282287.aspx

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment