Windows 8 and Windows RT include a built-in email app named Mail (also referred to as Windows 8 Mail or the Windows 8 Mail app). The Windows 8 Mail app includes support for IMAP and Exchange ActiveSync (EAS) accounts.
This article includes some key technical details of the Windows 8 Mail app. Use the information to help you support the use of Windows 8 Mail app in your organization. Read this article start to finish, or jump to the topic that interests you. Use the reference links throughout the article for more information.
NOTE Mail, Calendar, People, and Messaging are apps that are built in to Windows 8 and Windows RT. Although this article discusses the Windows 8 Mail app, please note that much of the information in this article also applies to the Calendar, People, and Messaging apps. This is because, when connected to a server that supports Exchange ActiveSync, the Calendar, and People apps may also display data that was downloaded over the Exchange ActiveSync connection.
The Windows 8 Mail app lets users connect to any service provider that supports either of the following two protocols:
POP is not currently supported.
Exchange ActiveSync can be used to sync data for email, contacts, and calendar. The Windows 8 Mail app supports EAS versions 2.5, 12.0, 12.1, and 14.0. For detailed protocol documentation, see Exchange Sever Protocol Documents on MSDN.
NOTE All Windows Communications apps (Mail, Calendar, and People) can use the data that is synchronized with Exchange ActiveSync. After a user connects to their account in the Windows 8 Mail app, their contacts and calendar data are available in the other Windows Communications Apps and vice versa.
The Mail app does not support certificate-based authentication of clients for Exchange ActiveSync.
The Windows 8 Mail app supports the following IMAP and SMTP standards:
IMAP/SMTP can be used to send and receive email only. Contacts data and calendar data is not synchronized when IMAP/SMTP is used. Microsoft Exchange does not support Public Folders via IMAP. For more details about IMAP support in Exchange, see POP3 and IMAP4 (for Exchange 2010, see Understanding POP3 and IMAP4).
The Windows 8 Mail app can be configured to synchronize data at different times as follows:
If a push email connection can’t be established, it will automatically switch to poll at fixed intervals.
Push email requires that accounts are either Exchange ActiveSync (which all support Push) or IMAP with the IDLE extension. Not all IMAP servers support IDLE, and it is supported only for the Inbox folder.
When a push connection can’t be established, Mail will change to polling on 30 minute intervals. Push email on Exchange ActiveSync requires that HTTP connections must be maintained for up to 60 minutes, and IMAP IDLE requires TCP connections to be maintained for up to 30 minutes.
Windows 8 and Windows RT users can add email accounts to the Windows 8 Mail app using the Settings charm. The Settings charm is always available on the right side of the Windows 8 and Windows RT screen. (For more visual details about Charms & the Windows 8 user interface, see Search, share & more.)
NOTE This section provides an overview of Windows 8 Mail app account setup. For step-by-step procedures for setting up an account in the Windows 8 Mail app, see What else do I need to know? at the end of this guide.
To make it as easy as possible to add accounts, account setup only prompts the user to enter the email address and password for the account they want to set up. From that data, Mail attempts to automatically configure the account as follows:
Figure 1: Exchange ActiveSync (EAS) configuration in Windows Mail
Full details needed to connect to an Exchange server – needed only if Autodiscover failed
The information required to connect to a server via Exchange ActiveSync is:
Figure 2: IMAP/SMTP configuration in Windows Mail
The information required to connect to a server via IMAP/SMTP is:
Mail provides administrators with some level of security through Exchange ActiveSync policies. It doesn’t support any means of managing or securing PCs that are connected via IMAP.
Exchange ActiveSync devices can be managed using Exchange ActiveSync policies. Windows 8 Mail supports the following EAS policies. :
Note that if AllowNonProvisionableDevices is set to false in an EAS policy and the policy contains settings are not part of this list, the device won’t be able to connect to the Exchange server.
Most of the policies listed above can be automatically enabled by Mail, but there are certain cases where the user has to take action first. These are:
If a Windows 8 PC is joined to an Active Directory domain and controlled by Group Policy, there may be conflicting policy settings between Group Policy and an Exchange ActiveSync policy. In the event of any conflict, the strictest rule in either policy takes precedence. The only exception is password complexity rules for domain accounts. Group policy rules for password complexity (length, expiry, history, number of complex characters) take precedence over Exchange ActiveSync policies – even if group policy rules for password complexity are less strict than Exchange ActiveSync rules, the domain account will be deemed in compliance with Exchange ActiveSync policy.
Mail supports the Exchange ActiveSync remote wipe directive, but unlike Windows Phones, the data deleted by this directive is scoped to the specified Exchange ActiveSync account. The user's personal data is not deleted. For example, if a user has an Outlook.com account for personal use and a Contoso.com account for work use, a remote wipe directive from the Contoso.com server would impact Windows 8 and Windows Phone 7 as follows:
To make it as easy as possible for users to have all of their accounts set up on all of their devices, Windows 8 uploads vital account information to the user’s Microsoft account. This information includes email address, server, server settings, and password. When a user signs into a new PC with their Microsoft account, their email accounts are automatically set up for them.
Passwords are not uploaded from a PC for any accounts which are controlled by any Exchange ActiveSync policies. Users will have to enter their password to begin syncing a policy-controlled account on a new PC.
Users are required to have a Microsoft Account, formerly known as Windows Live ID, to use the Windows Communications apps. This will usually be the Microsoft account that the user is signed into Windows with, but if they have not done so, they will be prompted to provide one before proceeding.
Microsoft accounts will automatically sync to Microsoft services using Exchange ActiveSync 14.0 when Mail starts. This will synchronize:
If the user’s Microsoft account is not a Outlook.com or Hotmail account (for example, email@example.com), Mail will prompt the user to provide the password for their email account, which will be added automatically.
By default, Mail only downloads the last two weeks of email. This is user configurable and can potentially download the user’s entire mailbox. For Exchange ActiveSync accounts, all contacts are downloaded and calendar events are downloaded only for three months behind the current date and 18 months ahead.
Additionally, messages are only partially downloaded to reduce bandwidth use as follows:
Embedded images in email messages are downloaded on-demand as the user reads them, and attachments are downloaded on-demand as the user attempts to open them.
By default, Mail only downloads the user’s Inbox and Sent folders. Other folders are downloaded once the user accesses them for the first time.
Mail does not enforce any limits on how many or large of attachments users can send.
The following features are currently not supported by Mail:
Mailbox connections using POP: IMAP and EAS are supported.
(Note, this does not mean that Windows 8 does not support POP3. This post is about the Windows 8 Mail app. )
Servers that require self-signed certificates: Users can work around the self-signed certificate limitation by manually installing the certificate on their Windows 8 or Windows RT device. For additional information about the self-signed certificates, see Self-Signed Certificates section below.
Opaque-Signed and Encrypted S/MIME messages: When S/MIME messages are received in Windows 8 Mail, it displays an email item with a message body that begins with “This encrypted message can’t be displayed.”
To view email items in the S/MIME format, users must open the message using Outlook Web App, Microsoft Outlook, or another email program that supports S/MIME messages. For more information, see Opaque-Signed and Encrypted S/MIME Message on MSDN.
Users may experience connectivity errors when trying to connect to an Exchange servers that require self-signed certificates. The user may receive the following error messages.
Unable to connect. Ensure the information entered is correct.
<Email address> is unavailable
Unable to connect. Ensure the information entered is correct.
<Email address> is unavailable
NOTE This issue may occur because the Mail app cannot connect to Exchange by using self-signed certificates.
Consider the following options to resolve this issue.
Option 1: Install a certificate that is signed by a Microsoft-trusted root certification authority (CA) on the server
This enables Exchange to work for all clients without prompting. For more information about the trust root CAs, see the following topics on TechNet:
Option 2: Install a server’s self-signed certificate on a device
This enables Exchange to work for Windows 8 devices that have the certificate installed.
Note To install a self-signed certificate for a domain’s certification authority, the administrator must provide a certificate file (.cer). The certificate can be installed to the trusted root certificate authority store for either of the following options:
The user or the system administrator can use the .cer file to install the certificate. To do this, use one of the following methods:
At an elevated command prompt, run the following command:
certutil.exe -f -addstore root <name_of_certificatefile>.cer
NOTE The command installs the certificate for all users on the device.
If Windows 8 Mail users can't successfully connect to their accounts, consider the following:
TIP The user will see the following message if they haven't registered their account. In Windows 8 Mail, you will see the following message: “We couldn’t find the settings for. Provide use with more info and we’ll try connecting again.”
For information about signing into Outlook Web App or the Office 365 Portal, see Sign In to Outlook Web App.
After the user signs in to your account using Outlook Web App, the user should sign out, and then try to connect using Windows 8 Mail.