Home
%3CLINGO-SUB%20id%3D%22lingo-sub-597403%22%20slang%3D%22en-US%22%3ESupporting%20Windows%208%20Mail%20in%20your%20organization%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-597403%22%20slang%3D%22en-US%22%3E%3CP%3E%3C%2FP%3E%3CP%20class%3D%22intro%22%20style%3D%22font-size%3A%201.2em%3B%22%3E%3CIMG%20style%3D%22float%3A%20left%3B%20margin-left%3A%20-10px%3B%20padding-right%3A%205px%20!important%3B%20margin-top%3A%20-25px%3B%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Flegacyfs%2Fonline%2Fmedia%2FTNBlogsFS%2Fprod.evol.blogs.technet.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F31%2F06%2Fpostimages%2F5008.WindowsMail.jpg%22%20original-url%3D%22http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Fcommunityserver-blogs-components-weblogfiles%2F00-00-00-31-06-postimages%2F5008.WindowsMail.jpg%22%20alt%3D%22%22%20width%3D%22300%22%20%2F%3E%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-8%2Fmeet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%208%3C%2FA%3E%20and%20Windows%20RT%20include%20a%20built-in%20email%20app%20named%20%3CSPAN%20class%3D%22bold%22%3EMail%3C%2FSPAN%3E%20(also%20referred%20to%20as%20%3CSPAN%20class%3D%22newterm%22%3EWindows%208%20Mail%3C%2FSPAN%3E%20or%20the%20%3CSPAN%20class%3D%22newterm%22%3EWindows%208%20Mail%20app%3C%2FSPAN%3E).%20The%20Windows%208%20Mail%20app%20includes%20support%20for%20%3CACRONYM%20title%3D%22Internet%20Mail%20Access%20Protocol%22%3EIMAP%3C%2FACRONYM%3E%20and%20Exchange%20ActiveSync%20(EAS)%20accounts.%3C%2FP%3E%0A%3CP%3EThis%20article%20includes%20some%20key%20technical%20details%20of%20the%20Windows%208%20Mail%20app.%20Use%20the%20information%20to%20help%20you%20support%20the%20use%20of%20Windows%208%20Mail%20app%20in%20your%20organization.%20Read%20this%20article%20start%20to%20finish%2C%20or%20jump%20to%20the%20topic%20that%20interests%20you.%20Use%20the%20reference%20links%20throughout%20the%20article%20for%20more%20information.%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20Mail%2C%20Calendar%2C%20People%2C%20and%20Messaging%20are%20apps%20that%20are%20built%20in%20to%20Windows%208%20and%20Windows%20RT.%20Although%20this%20article%20discusses%20the%20Windows%208%20Mail%20app%2C%20please%20note%20that%20much%20of%20the%20information%20in%20this%20article%20also%20applies%20to%20the%20Calendar%2C%20People%2C%20and%20Messaging%20apps.%20This%20is%20because%2C%20when%20connected%20to%20a%20server%20that%20supports%20Exchange%20ActiveSync%2C%20the%20Calendar%2C%20and%20People%20apps%20may%20also%20display%20data%20that%20was%20downloaded%20over%20the%20Exchange%20ActiveSync%20connection.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1738992676%22%20id%3D%22toc-hId--1444043984%22%3EProtocol%20Support%3C%2FH2%3E%0A%3CP%3EThe%20Windows%208%20Mail%20app%20lets%20users%20connect%20to%20any%20service%20provider%20that%20supports%20either%20of%20the%20following%20two%20protocols%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EExchange%20ActiveSync%3C%2FLI%3E%0A%3CLI%3EIMAP%2FSMTP%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3E%3CACRONYM%20title%3D%22Post%20Office%20Protocol%22%3EPOP%3C%2FACRONYM%3E%3C%2FSPAN%3E%20is%20not%20currently%20supported.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1009677790%22%20id%3D%22toc-hId--753482510%22%3EExchange%20ActiveSync%3C%2FH3%3E%0A%3CP%3EExchange%20ActiveSync%20can%20be%20used%20to%20sync%20data%20for%20email%2C%20contacts%2C%20and%20calendar.%20The%20Windows%208%20Mail%20app%20supports%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20versions%202.5%2C%2012.0%2C%2012.1%2C%20and%2014.0.%20For%20detailed%20protocol%20documentation%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc425499(v%3DEXCHG.80).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20Sever%20Protocol%20Documents%3C%2FA%3E%20on%20MSDN.%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20All%20Windows%20Communications%20apps%20(Mail%2C%20Calendar%2C%20and%20People)%20can%20use%20the%20data%20that%20is%20synchronized%20with%20Exchange%20ActiveSync.%20After%20a%20user%20connects%20to%20their%20account%20in%20the%20Windows%208%20Mail%20app%2C%20their%20contacts%20and%20calendar%20data%20are%20available%20in%20the%20other%20Windows%20Communications%20Apps%20and%20vice%20versa.%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3EThe%20Mail%20app%20does%20not%20support%20certificate-based%20authentication%20of%20clients%20for%20Exchange%20ActiveSync.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-733132545%22%20id%3D%22toc-hId-1734030323%22%3EIMAP%2FSMTP%3C%2FH3%3E%0A%3CP%3EThe%20Windows%208%20Mail%20app%20supports%20the%20following%20IMAP%20and%20SMTP%20standards%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CACRONYM%20title%3D%22Internet%20Mail%20Access%20Protocol%204%22%3EIMAP4%3C%2FACRONYM%3E%20rev1%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc3501%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%203501%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CACRONYM%20title%3D%22Simple%20Mail%20Transfer%20Protocol%22%3ESMTP%3C%2FACRONYM%3E%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc5321%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%205321%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EIMAP4%20IDLE%20command%20(push%20email)%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc2177%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%202177%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EIMAP%20LIST%20Extension%20for%20Special%20Folders%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6154%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%206154%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EXLIST%20extension%20of%20the%20LIST%20command(identifies%20special%20folders).%20See%20%3CA%20title%3D%22For%20detailed%20information%20about%20XLIST%2C%20see%20'Extension%20of%20the%20LIST%20command%3A%20XLIST'%20at%20the%20Google%20Apps%20Platform%20page%22%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fgoogle-apps%2Fgmail%2Fimap_extensions%23extension_of_the_list_command_xlist%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EExtension%20of%20the%20LIST%20command%3A%20XLIST%3C%2FA%3E%20in%20Google%20Apps%20Platform%20documentation.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIMAP%2FSMTP%20can%20be%20used%20to%20send%20and%20receive%20email%20only.%20Contacts%20data%20and%20calendar%20data%20is%20not%20synchronized%20when%20IMAP%2FSMTP%20is%20used.%20Microsoft%20Exchange%20does%20not%20support%20Public%20Folders%20via%20IMAP.%20For%20more%20details%20about%20IMAP%20support%20in%20Exchange%2C%20see%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'POP3%20and%20IMAP4'%20in%20Exchange%202013%20documenation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fjj657728.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EPOP3%20and%20IMAP4%3C%2FA%3E%20(for%20Exchange%202010%2C%20see%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'Understanding%20POP3%20and%20IMAP4'%20in%20Exchange%202010%20documentation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fbb124107%2528v%3Dexchg.141%2529.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EUnderstanding%20POP3%20and%20IMAP4%3C%2FA%3E).%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1622510911%22%20id%3D%22toc-hId-1723527219%22%3ESync%20Configuration%3C%2FH2%3E%0A%3CP%3EThe%20Windows%208%20Mail%20app%20can%20be%20configured%20to%20synchronize%20data%20at%20different%20times%20as%20follows%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EPush%20email%20(default)%3C%2FLI%3E%0A%3CLI%3EPolling%20at%20fixed%20intervals%3C%2FLI%3E%0A%3CLI%3EManually%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIf%20a%20push%20email%20connection%20can%E2%80%99t%20be%20established%2C%20it%20will%20automatically%20switch%20to%20poll%20at%20fixed%20intervals.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--76214081%22%20id%3D%22toc-hId--1880878603%22%3EPush%20Email%3C%2FH3%3E%0A%3CP%3EPush%20email%20requires%20that%20accounts%20are%20either%20Exchange%20ActiveSync%20(which%20all%20support%20Push)%20or%20IMAP%20with%20the%20IDLE%20extension.%20Not%20all%20IMAP%20servers%20support%20IDLE%2C%20and%20it%20is%20supported%20only%20for%20the%20Inbox%20folder.%3C%2FP%3E%0A%3CP%3EWhen%20a%20push%20connection%20can%E2%80%99t%20be%20established%2C%20Mail%20will%20change%20to%20polling%20on%2030%20minute%20intervals.%20Push%20email%20on%20Exchange%20ActiveSync%20requires%20that%20HTTP%20connections%20must%20be%20maintained%20for%20up%20to%2060%20minutes%2C%20and%20IMAP%20IDLE%20requires%20TCP%20connections%20to%20be%20maintained%20for%20up%20to%2030%20minutes.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1666596254%22%20id%3D%22toc-hId-606634230%22%3EAccount%20Setup%20Features%3C%2FH3%3E%0A%3CP%3EWindows%208%20and%20Windows%20RT%20users%20can%20add%20email%20accounts%20to%20the%20Windows%208%20Mail%20app%20using%20the%20%3CSPAN%20class%3D%22UI%22%3ESettings%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22newterm%22%3Echarm%3C%2FSPAN%3E.%20The%20%3CSPAN%20class%3D%22UI%22%3ESettings%3C%2FSPAN%3E%20charm%20is%20always%20available%20on%20the%20right%20side%20of%20the%20Windows%208%20and%20Windows%20RT%20screen.%20%3CSPAN%20class%3D%22comment%22%3E(For%20more%20visual%20details%20about%20Charms%20%26amp%3B%20the%20Windows%208%20user%20interface%2C%20see%20%3CA%20title%3D%22Learn%20more%20about%20Windows%208%20Charms%20in%20'Get%20to%20Know%20Windows'%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-8%2Fcharms%3Fwoldogcb%3D0%231TC%3Dt1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESearch%2C%20share%20%26amp%3B%20more%3C%2FA%3E.)%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20This%20section%20provides%20an%20overview%20of%20Windows%208%20Mail%20app%20account%20setup.%20For%20step-by-step%20procedures%20for%20setting%20up%20an%20account%20in%20the%20Windows%208%20Mail%20app%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22%23whatelse%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWhat%20else%20do%20I%20need%20to%20know%3F%3C%2FA%3E%20at%20the%20end%20of%20this%20guide.%3C%2FP%3E%0A%3CP%3ETo%20make%20it%20as%20easy%20as%20possible%20to%20add%20accounts%2C%20account%20setup%20only%20prompts%20the%20user%20to%20enter%20the%20email%20address%20and%20password%20for%20the%20account%20they%20want%20to%20set%20up.%20From%20that%20data%2C%20Mail%20attempts%20to%20automatically%20configure%20the%20account%20as%20follows%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EThe%20domain%20portion%20of%20the%20email%20address%20is%20matched%20against%20a%20database%20of%20well-known%20service%20providers.%20If%20it%E2%80%99s%20a%20match%2C%20its%20settings%20are%20automatically%20configured.%3C%2FLI%3E%0A%3CLI%3EThe%20domain%20portion%20of%20the%20email%20address%20is%20used%20to%20execute%20Exchange%20ActiveSync%20Autodiscover%20processes.%20For%20detailed%20information%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc433481(v%3DEXCHG.80).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAutodiscover%20HTTP%20Service%20Protocol%20Specification%3C%2FA%3E%20on%20MSDN.%3C%2FLI%3E%0A%3CLI%3EIf%20still%20not%20configured%2C%20the%20user%20is%20prompted%20to%20provide%20detailed%20settings%20for%20their%20server.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--885560707%22%20id%3D%22toc-hId--1200820233%22%3EExchange%20ActiveSync%3C%2FH3%3E%0A%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Flegacyfs%2Fonline%2Fmedia%2FTNBlogsFS%2Fprod.evol.blogs.technet.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F31%2F06%2Fpostimages%2F4137.Win8Mail-Fig1.png%22%20original-url%3D%22http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Fcommunityserver-blogs-components-weblogfiles%2F00-00-00-31-06-postimages%2F4137.Win8Mail_2D00_Fig1.png%22%20alt%3D%22Screenshot%3A%20Exchange%20ActiveSync%20configuration%20in%20Windows%20Mail%22%20%2F%3E%3CBR%20%2F%3E%20%3CSPAN%20class%3D%22caption%22%3E%3CSPAN%20class%3D%22bold%22%3EFigure%201%3A%20Exchange%20ActiveSync%20(EAS)%20configuration%20in%20Windows%20Mail%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EFull%20details%20needed%20to%20connect%20to%20an%20Exchange%20server%20%E2%80%93%20needed%20only%20if%20Autodiscover%20failed%3C%2FP%3E%0A%3CP%3EThe%20information%20required%20to%20connect%20to%20a%20server%20via%20Exchange%20ActiveSync%20is%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EEmail%20address%3C%2FLI%3E%0A%3CLI%3EServer%20address%3C%2FLI%3E%0A%3CLI%3EDomain%3C%2FLI%3E%0A%3CLI%3EUsername%3C%2FLI%3E%0A%3CLI%3EPassword%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-857249628%22%20id%3D%22toc-hId-1286692600%22%3EIMAP%2FSMTP%3C%2FH3%3E%0A%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Flegacyfs%2Fonline%2Fmedia%2FTNBlogsFS%2Fprod.evol.blogs.technet.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F31%2F06%2Fpostimages%2F6378.Win8Mail-Fig2.png%22%20original-url%3D%22http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Fcommunityserver-blogs-components-weblogfiles%2F00-00-00-31-06-postimages%2F6378.Win8Mail_2D00_Fig2.png%22%20alt%3D%22Screenshot%3A%20IMAP%2FSMTP%20configuration%20in%20Windows%20Mail%22%20%2F%3E%3CBR%20%2F%3E%20%3CSPAN%20class%3D%22caption%22%3E%3CSPAN%20class%3D%22bold%22%3EFigure%202%3A%20IMAP%2FSMTP%20configuration%20in%20Windows%20Mail%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThe%20information%20required%20to%20connect%20to%20a%20server%20via%20IMAP%2FSMTP%20is%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EEmail%20address%3C%2FLI%3E%0A%3CLI%3EUsername%3C%2FLI%3E%0A%3CLI%3EPassword%3C%2FLI%3E%0A%3CLI%3EIMAP%20email%20server%3C%2FLI%3E%0A%3CLI%3EIMAP%20SSL%20%3CSPAN%20class%3D%22comment%22%3E(if%20your%20IMAP%20server%20requires%20SSL%20encryption)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3EIMAP%20port%3C%2FLI%3E%0A%3CLI%3ESMTP%20email%20server%3C%2FLI%3E%0A%3CLI%3ESMTP%20SSL%20%3CSPAN%20class%3D%22comment%22%3E(if%20your%20SMTP%20server%20requires%20SSL%20encryption)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3ESMTP%20port%3C%2FLI%3E%0A%3CLI%3EWhether%20SMTP%20server%20requires%20authentication%3C%2FLI%3E%0A%3CLI%3EWhether%20SMTP%20uses%20the%20same%20credentials%20as%20IMAP%20%3CSPAN%20class%3D%22comment%22%3E(If%20not%2C%20user%20must%20also%20provide%20SMTP%20credentials)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20id%3D%22toc-hId--1498393828%22%20id%3D%22toc-hId-1276189496%22%3ESecurity%20Features%3C%2FH2%3E%0A%3CP%3EMail%20provides%20administrators%20with%20some%20level%20of%20security%20through%20Exchange%20ActiveSync%20policies.%20It%20doesn%E2%80%99t%20support%20any%20means%20of%20managing%20or%20securing%20PCs%20that%20are%20connected%20via%20IMAP.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-47903002%22%20id%3D%22toc-hId-1966750970%22%3EPolicy%20Support%3C%2FH3%3E%0A%3CP%3EExchange%20ActiveSync%20devices%20can%20be%20managed%20using%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'Understanding%20Exchange%20ActiveSync%20Mailbox%20Policies'%20in%20Exchange%202010%20documenation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fbb123484%2528v%3Dexchg.141%2529.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20ActiveSync%20policies%3C%2FA%3E.%20Windows%208%20Mail%20supports%20the%20following%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20policies.%20%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EPassword%20required%3C%2FLI%3E%0A%3CLI%3EAllow%20simple%20password%3C%2FLI%3E%0A%3CLI%3EMinimum%20password%20length%20(to%20a%20maximum%20of%208%20characters)%3C%2FLI%3E%0A%3CLI%3ENumber%20of%20complex%20characters%20in%20password%20(to%20a%20maximum%20of%202%20characters)%3C%2FLI%3E%0A%3CLI%3EPassword%20history%3C%2FLI%3E%0A%3CLI%3EPassword%20expiration%3C%2FLI%3E%0A%3CLI%3EDevice%20encryption%20required%20(on%20Windows%20RT%20and%20editions%20of%20Windows%20that%20support%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'BitLocker%20Drive%20Encryption%20Overview'%20on%20TechNet%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc732774.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EBitLocker%3C%2FA%3E.%20See%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fhh831412.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWhat's%20New%20in%20BitLocker%3C%2FA%3E%20for%20details%20about%20BitLocker%20improvements%20in%20Windows%208.)%3C%2FLI%3E%0A%3CLI%3EMaximum%20number%20of%20failed%20attempts%20to%20unlock%20device%3C%2FLI%3E%0A%3CLI%3EMaximum%20time%20of%20inactivity%20before%20locking%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22note%22%3ENote%20that%20if%20%3CSPAN%20class%3D%22parameter%20lightyellow%22%3EAllowNonProvisionableDevices%3C%2FSPAN%3E%20is%20set%20to%20false%20in%20an%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20policy%20and%20the%20policy%20contains%20settings%20are%20not%20part%20of%20this%20list%2C%20the%20device%20won%E2%80%99t%20be%20able%20to%20connect%20to%20the%20Exchange%20server.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1075552048%22%20id%3D%22toc-hId--535866972%22%3EGetting%20into%20Compliance%3C%2FH3%3E%0A%3CP%3EMost%20of%20the%20policies%20listed%20above%20can%20be%20automatically%20enabled%20by%20Mail%2C%20but%20there%20are%20certain%20cases%20where%20the%20user%20has%20to%20take%20action%20first.%20These%20are%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EServer%20requires%20device%20encryption%3A%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3EUser%20has%20a%20device%20that%20supports%20BitLocker%20but%20BitLocker%20isn%E2%80%99t%20enabled.%20User%20must%20manually%20enable%20BitLocker.%3C%2FLI%3E%0A%3CLI%3EUser%20has%20a%20Windows%20RT%20device%20that%20supports%20device%20encryption%20but%20it%20is%20suspended.%20User%20must%20reboot.%3C%2FLI%3E%0A%3CLI%3EUser%20has%20a%20Windows%20RT%20device%20that%20supports%20device%20encryption%2C%20but%20it%20isn%E2%80%99t%20enabled.%20User%20must%20sign%20into%20Windows%20with%20a%20Microsoft%20account.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EAn%20admin%20on%20this%20PC%20doesn%E2%80%99t%20have%20a%20strong%20password%3A%3C%2FSPAN%3EAll%20admin%20accounts%20must%20have%20a%20strong%20password%20before%20continuing.%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EThe%20user%E2%80%99s%20account%20doesn%E2%80%99t%20have%20a%20strong%20password%3A%3C%2FSPAN%3EUser%20must%20set%20a%20strong%20password%20before%20continuing.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1476604913%22%20id%3D%22toc-hId-1951645861%22%3EActiveSync%20Policy%20v%2Fs%20Group%20Policy%20on%20domain-joined%20Windows%208%20devices%3C%2FH3%3E%0A%3CP%3EIf%20a%20Windows%208%20PC%20is%20joined%20to%20an%20Active%20Directory%20domain%20and%20controlled%20by%20%3CA%20class%3D%22bold%22%20title%3D%22More%20about%20Group%20Policy%20in%20Windows%20Server%20documenation%20on%20TechNet%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fwindowsserver%2Fbb310732.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EGroup%20Policy%3C%2FA%3E%2C%20there%20may%20be%20conflicting%20policy%20settings%20between%20Group%20Policy%20and%20an%20%3CA%20title%3D%22See%20'Understanding%20Exchange%20ActiveSync%20Mailbox%20Policies'%20in%20Exchange%202010%20documenation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fbb123484%2528v%3Dexchg.141%2529.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20ActiveSync%20policy%3C%2FA%3E.%20In%20the%20event%20of%20any%20conflict%2C%20the%20strictest%20rule%20in%20either%20policy%20takes%20precedence.%20The%20only%20exception%20is%20password%20complexity%20rules%20for%20domain%20accounts.%20Group%20policy%20rules%20for%20password%20complexity%20(length%2C%20expiry%2C%20history%2C%20number%20of%20complex%20characters)%20take%20precedence%20over%20Exchange%20ActiveSync%20policies%20%E2%80%93%20even%20if%20group%20policy%20rules%20for%20password%20complexity%20are%20less%20strict%20than%20Exchange%20ActiveSync%20rules%2C%20the%20domain%20account%20will%20be%20deemed%20in%20compliance%20with%20Exchange%20ActiveSync%20policy.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-266205422%22%20id%3D%22toc-hId-144191398%22%3ERemote%20Wipe%3C%2FH3%3E%0A%3CP%3EMail%20supports%20the%20Exchange%20ActiveSync%20remote%20wipe%20directive%2C%20but%20unlike%20Windows%20Phones%2C%20the%20data%20deleted%20by%20this%20directive%20is%20scoped%20to%20the%20specified%20Exchange%20ActiveSync%20account.%20The%20user's%20personal%20data%20is%20not%20deleted.%20For%20example%2C%20if%20a%20user%20has%20an%20Outlook.com%20account%20for%20personal%20use%20and%20a%20Contoso.com%20account%20for%20work%20use%2C%20a%20remote%20wipe%20directive%20from%20the%20Contoso.com%20server%20would%20impact%20Windows%208%20and%20Windows%20Phone%207%20as%20follows%3A%3C%2FP%3E%0A%3CTABLE%20class%3D%22posttable%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%3CTH%3EData%3C%2FTH%3E%3CTH%3EWindows%20Phone%207%3C%2FTH%3E%3CTH%3EWindows%208%20Mail%3C%2FTH%3E%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EContoso.com%20email%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EContoso.com%20contacts%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EContoso.com%20calendars%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOutlook.com%20email%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOutlook.com%20contacts%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOutlook.com%20calendars%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOther%20documents%2C%20files%2C%20pictures%2C%20etc.%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CH2%20id%3D%22toc-hId--489000180%22%20id%3D%22toc-hId--1792345784%22%3EAccount%20Roaming%3C%2FH2%3E%0A%3CP%3ETo%20make%20it%20as%20easy%20as%20possible%20for%20users%20to%20have%20all%20of%20their%20accounts%20set%20up%20on%20all%20of%20their%20devices%2C%20Windows%208%20uploads%20vital%20account%20information%20to%20the%20user%E2%80%99s%20Microsoft%20account.%20This%20information%20includes%20email%20address%2C%20server%2C%20server%20settings%2C%20and%20password.%20When%20a%20user%20signs%20into%20a%20new%20PC%20with%20their%20Microsoft%20account%2C%20their%20email%20accounts%20are%20automatically%20set%20up%20for%20them.%3C%2FP%3E%0A%3CP%3EPasswords%20are%20not%20uploaded%20from%20a%20PC%20for%20any%20accounts%20which%20are%20controlled%20by%20any%20Exchange%20ActiveSync%20policies.%20Users%20will%20have%20to%20enter%20their%20password%20to%20begin%20syncing%20a%20policy-controlled%20account%20on%20a%20new%20PC.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--543141204%22%20id%3D%22toc-hId-824249768%22%3E%3CA%20name%3D%22msaccount%22%20target%3D%22_blank%22%3E%3C%2FA%3EMicrosoft%20Accounts%3C%2FH3%3E%0A%3CP%3EUsers%20are%20required%20to%20have%20a%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'What%20is%20a%20Microsoft%20account%3F'%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-live%2Fsign-in-what-is-microsoft-account%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Account%3C%2FA%3E%2C%20formerly%20known%20as%20%3CSPAN%20class%3D%22bold%22%3EWindows%20Live%20ID%3C%2FSPAN%3E%2C%20to%20use%20the%20Windows%20Communications%20apps.%20This%20will%20usually%20be%20the%20Microsoft%20account%20that%20the%20user%20is%20signed%20into%20Windows%20with%2C%20but%20if%20they%20have%20not%20done%20so%2C%20they%20will%20be%20prompted%20to%20provide%20one%20before%20proceeding.%3C%2FP%3E%0A%3CP%3EMicrosoft%20accounts%20will%20automatically%20sync%20to%20Microsoft%20services%20using%20Exchange%20ActiveSync%2014.0%20when%20Mail%20starts.%20This%20will%20synchronize%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EEmail%2C%20if%20the%20user%E2%80%99s%20Microsoft%20account%20is%20also%20their%20Hotmail%20or%20Outlook.com%20account%3C%2FLI%3E%0A%3CLI%3EContacts%20from%20Windows%20Live%3C%2FLI%3E%0A%3CLI%3ECalendar%20events%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3EIf%20the%20user%E2%80%99s%20Microsoft%20account%20is%20not%20a%20%3CA%20class%3D%22bold%22%20title%3D%22Learn%20more%20about%20Outlook.com%2C%20the%20award-winnding%20free%2C%20modern%20cloud%20email%20service%20from%20Microsoft%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows%2Foutlook%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EOutlook.com%3C%2FA%3E%20or%20Hotmail%20account%20(for%20example%2C%20%3CSPAN%20class%3D%22url%22%3Edave%40contoso.com%3C%2FSPAN%3E)%2C%20Mail%20will%20prompt%20the%20user%20to%20provide%20the%20password%20for%20their%20email%20account%2C%20which%20will%20be%20added%20automatically.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1199669131%22%20id%3D%22toc-hId--983204695%22%3EData%20Consumption%3C%2FH3%3E%0A%3CP%3EBy%20default%2C%20Mail%20only%20downloads%20the%20last%20two%20weeks%20of%20email.%20This%20is%20user%20configurable%20and%20can%20potentially%20download%20the%20user%E2%80%99s%20entire%20mailbox.%20For%20Exchange%20ActiveSync%20accounts%2C%20all%20contacts%20are%20downloaded%20and%20calendar%20events%20are%20downloaded%20only%20for%20three%20months%20behind%20the%20current%20date%20and%2018%20months%20ahead.%3C%2FP%3E%0A%3CP%3EAdditionally%2C%20messages%20are%20only%20partially%20downloaded%20to%20reduce%20bandwidth%20use%20as%20follows%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EMessage%20bodies%20are%20truncated%20to%20the%20first%20100KB%20(20KB%20on%20metered%20networks).%20For%20more%20details%20see%20Engineering%20Windows%208%20for%20mobile%20networks.%3C%2FLI%3E%0A%3CLI%3EAttachments%20are%20not%20downloaded%20automatically.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3EEmbedded%20images%20in%20email%20messages%20are%20downloaded%20on-demand%20as%20the%20user%20reads%20them%2C%20and%20attachments%20are%20downloaded%20on-demand%20as%20the%20user%20attempts%20to%20open%20them.%3C%2FP%3E%0A%3CP%3EBy%20default%2C%20Mail%20only%20downloads%20the%20user%E2%80%99s%20Inbox%20and%20Sent%20folders.%20Other%20folders%20are%20downloaded%20once%20the%20user%20accesses%20them%20for%20the%20first%20time.%3C%2FP%3E%0A%3CP%3EMail%20does%20not%20enforce%20any%20limits%20on%20how%20many%20or%20large%20of%20attachments%20users%20can%20send.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-444463529%22%20id%3D%22toc-hId-1375225419%22%3ELimitations%3C%2FH2%3E%0A%3CP%3EThe%20following%20features%20are%20currently%20not%20supported%20by%20Mail%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EMailbox%20connections%20using%20%3CACRONYM%20title%3D%22Post%20Office%20Protocol%22%3EPOP%3C%2FACRONYM%3E%3A%3C%2FSPAN%3E%26nbsp%3B%20%3CACRONYM%20title%3D%22Internet%20Mail%20Access%20Protocol%22%3EIMAP%3C%2FACRONYM%3E%20and%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20are%20supported.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22italic%22%3E(Note%2C%20this%20does%20not%20mean%20that%20Windows%208%20does%20not%20support%20POP3.%20This%20post%20is%20about%20the%20Windows%208%20Mail%20app.%20)%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EServers%20that%20require%20self-signed%20certificates%3A%3C%2FSPAN%3E%20Users%20can%20work%20around%20the%20self-signed%20certificate%20limitation%20by%20manually%20installing%20the%20certificate%20on%20their%20Windows%208%20or%20Windows%20RT%20device.%20For%20additional%20information%20about%20the%20self-signed%20certificates%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22%23selfsigned%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESelf-Signed%20Certificates%3C%2FA%3E%20section%20below.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EOpaque-Signed%20and%20Encrypted%20S%2FMIME%20messages%3A%3C%2FSPAN%3E%20When%20%3CACRONYM%20title%3D%22Secure%2FMultipurpose%20Internet%20Mail%20Extension%22%3ES%2FMIME%3C%2FACRONYM%3E%20messages%20are%20received%20in%20Windows%208%20Mail%2C%20it%20displays%20an%20email%20item%20with%20a%20message%20body%20that%20begins%20with%20%E2%80%9CThis%20encrypted%20message%20can%E2%80%99t%20be%20displayed.%E2%80%9D%3C%2FP%3E%0A%3CP%3ETo%20view%20email%20items%20in%20the%20S%2FMIME%20format%2C%20users%20must%20open%20the%20message%20using%20Outlook%20Web%20App%2C%20Microsoft%20Outlook%2C%20or%20another%20email%20program%20that%20supports%20S%2FMIME%20messages.%20For%20more%20information%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fee159350(v%3Dexchg.80).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EOpaque-Signed%20and%20Encrypted%20S%2FMIME%20Message%3C%2FA%3Eon%20MSDN.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-390322505%22%20id%3D%22toc-hId--303146325%22%3E%3CA%20name%3D%22selfsigned%22%20target%3D%22_blank%22%3E%3C%2FA%3ESelf-Signed%20Certificates%3C%2FH3%3E%0A%3CP%3EUsers%20may%20experience%20connectivity%20errors%20when%20trying%20to%20connect%20to%20an%20Exchange%20servers%20that%20require%20self-signed%20certificates.%20The%20user%20may%20receive%20the%20following%20error%20messages.%3C%2FP%3E%0A%3CBLOCKQUOTE%20class%3D%22blockquote2%22%3E%0A%3CP%3EUnable%20to%20connect.%20Ensure%20the%20information%20entered%20is%20correct.%3C%2FP%3E%0A%3CP%3E%3CEMAIL%20address%3D%22%22%3E%20is%20unavailable%3C%2FEMAIL%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20This%20issue%20may%20occur%20because%20the%20Mail%20app%20cannot%20connect%20to%20Exchange%20by%20using%20self-signed%20certificates.%3C%2FP%3E%0A%3CP%3EConsider%20the%20following%20options%20to%20resolve%20this%20issue.%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%3COL%20class%3D%22nobullet%22%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EOption%201%3A%20Install%20a%20certificate%20that%20is%20signed%20by%20a%20Microsoft-trusted%20root%20certification%20authority%20(CA)%20on%20the%20server%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20enables%20Exchange%20to%20work%20for%20all%20clients%20without%20prompting.%20For%20more%20information%20about%20the%20trust%20root%20CAs%2C%20see%20the%20following%20topics%20on%20TechNet%3A%3C%2FP%3E%0A%3CUL%20class%3D%22nobullet%22%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F3281.introduction-to-the-microsoft-root-certificate-program.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Root%20Certificate%20Program%20overview%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fcontrolpanel%2Fblogs%2Fposteditor.aspx%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Root%20Certificate%20Program%20-%20Members%20List%20(All%20CAs)%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EOption%202%3A%20Install%20a%20server%E2%80%99s%20self-signed%20certificate%20on%20a%20device%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20enables%20Exchange%20to%20work%20for%20Windows%208%20devices%20that%20have%20the%20certificate%20installed.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22bold%22%3ENote%3C%2FSPAN%3E%20To%20install%20a%20self-signed%20certificate%20for%20a%20domain%E2%80%99s%20certification%20authority%2C%20the%20administrator%20must%20provide%20a%20certificate%20file%20(.cer).%20The%20certificate%20can%20be%20installed%20to%20the%20trusted%20root%20certificate%20authority%20store%20for%20either%20of%20the%20following%20options%3A%3C%2FP%3E%0A%3CUL%20class%3D%22nobullet%22%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EFor%20the%20current%20user%3C%2FSPAN%3EThis%20option%20does%20not%20require%20admin%20rights%20but%20must%20be%20completed%20for%20each%20user%20on%20the%20device.%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EFor%20the%20local%20device%3C%2FSPAN%3EThis%20option%20requires%20administrator%20rights%20and%20needs%20to%20be%20done%20only%20one%20time%20for%20a%20device.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20user%20or%20the%20system%20administrator%20can%20use%20the%20.cer%20file%20to%20install%20the%20certificate.%20To%20do%20this%2C%20use%20one%20of%20the%20following%20methods%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3ECommand-line%20tool%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAt%20an%20elevated%20command%20prompt%2C%20run%20the%20following%20command%3A%3C%2FP%3E%0A%3CP%20class%3D%22code%22%3Ecertutil.exe%20-f%20-addstore%20root%20%3CNAME_OF_CERTIFICATEFILE%3E.cer%3C%2FNAME_OF_CERTIFICATEFILE%3E%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3EThe%20command%20installs%20the%20certificate%20for%20all%20users%20on%20the%20device.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EUser%20interface%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EDouble-click%20the%20certificate%20file.%20A%20certificate%20dialog%20opens.%3C%2FLI%3E%0A%3CLI%3EClick%20Install%20Certificate.%20A%20Certificate%20Import%20Wizard%20window%20opens.%3C%2FLI%3E%0A%3CLI%3ESelect%20the%20option%20to%20install%20the%20certificate%20for%20only%20the%20current%20user%20or%20for%20the%20local%20device.%3C%2FLI%3E%0A%3CLI%3ESelect%20Place%20all%20certificates%20in%20the%20following%20store%3C%2FLI%3E%0A%3CLI%3EClick%20Browse%20to%20open%20the%20store%20selection%20dialog.%20Select%20Trusted%20Root%20Certification%20Authorities.%3C%2FLI%3E%0A%3CLI%3ESelect%20the%20store%2C%20and%20then%20click%20Ok.%20You%20are%20returned%20to%20Certificate%20Import%20Wizard%20dialog%2C%20and%20the%20certificate%20store%20and%20certificate%20to%20be%20installed%20into%20that%20store%20are%20displayed.%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20id%3D%22toc-hId--364883097%22%20id%3D%22toc-hId-2055283789%22%3ETroubleshooting%20Windows%208%20Mail%20Client%20Connectivity%3C%2FH2%3E%0A%3CP%3EIf%20Windows%208%20Mail%20users%20can't%20successfully%20connect%20to%20their%20accounts%2C%20consider%20the%20following%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EVerify%20that%20the%20user%20is%20using%20the%20latest%20version%20of%20the%20Windows%208%20Mail%20app.%20A%20user%20can%20check%20for%20updates%20to%20the%20Windows%208%20Mail%20app%20by%20doing%20the%20following%3A%20from%20the%20Start%20screen%2C%20go%20to%20Store%20%26gt%3B%20Settings%20%26gt%3B%20App%20updates%20%26gt%3B%20Check%20for%20updates.%3C%2FLI%3E%0A%3CLI%3EThe%20user%20should%20wait%20a%20few%20minutes%20and%20try%20again.%3C%2FLI%3E%0A%3CLI%3EIf%20the%20account%20is%20a%20cloud-based%20email%20account%20that%20requires%20registration%20(for%20example%2C%20a%20Microsoft%20Office%20365%20account)%2C%20the%20user%20must%20register%20their%20account%20before%20they%20can%20set%20up%20their%20account%20in%20Windows%208%20Mail.%20If%20the%20user%20is%20a%20Microsoft%20Office%20365%20user%2C%20they%20register%20their%20account%20when%20they%20sign%20in%20to%20Office%20365%20for%20the%20first%20time.%20If%20the%20user%20is%20not%20an%20Office%20365%20user%2C%20the%20user%20registers%20their%20account%20when%20they%20sign%20in%20to%20their%20account%20using%20Microsoft%20account%20or%20Outlook%20Web%20App.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ETIP%3C%2FSPAN%3E%20The%20user%20will%20see%20the%20following%20message%20if%20they%20haven't%20registered%20their%20account.%20In%20Windows%208%20Mail%2C%20you%20will%20see%20the%20following%20message%3A%20%3CBR%20%2F%3E%20%E2%80%9CWe%20couldn%E2%80%99t%20find%20the%20settings%20for.%20Provide%20use%20with%20more%20info%20and%20we%E2%80%99ll%20try%20connecting%20again.%E2%80%9D%3C%2FP%3E%0A%3CP%3EFor%20information%20about%20signing%20into%20Outlook%20Web%20App%20or%20the%20Office%20365%20Portal%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Foffice.microsoft.com%2Fen-us%2Fsupport%2Fsign-in-to-outlook-web-app-HA102821290.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESign%20In%20to%20Outlook%20Web%20App%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EAfter%20the%20user%20signs%20in%20to%20your%20account%20using%20Outlook%20Web%20App%2C%20the%20user%20should%20sign%20out%2C%20and%20then%20try%20to%20connect%20using%20Windows%208%20Mail.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1377927238%22%20id%3D%22toc-hId-247829326%22%3E%3CA%20name%3D%22whatelse%22%20target%3D%22_blank%22%3E%3C%2FA%3EWhat%20else%20do%20I%20need%20to%20know%3F%3C%2FH2%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Foffice.microsoft.com%2Fen-us%2Fweb-apps-help%2Fset-up-email-in-windows-8-mail-HA102834576.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESet%20up%20email%20in%20Windows%208%20Mail%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-8%2Fmail-faq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMail%3A%20Frequently%20asked%20questions%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22kblink%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2784275%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2784275%3C%2FA%3EHow%20to%20configure%20an%20Exchange%20account%20and%20how%20to%20troubleshoot%20Exchange%20account%20connectivity%20issues%20in%20the%20Mail%20app%20in%20Windows%208%20and%20Windows%20RT%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22kblink%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2792112%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2792112%3C%2FA%3E80070057%20error%2C%20and%20Windows%20Phone%208%20cannot%20sync%20with%20Microsoft%20Exchange%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22kblink%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2464593%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2464593%3C%2FA%3EError%2085010013%2C%208600C2B%2C%20or%2086000C29%20when%20you%20try%20to%20synchronize%20a%20Windows%20Phone-based%20device%20to%20an%20Exchange%20server%3C%2FLI%3E%0A%3CLI%3EYou%20may%20also%20find%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fblogs.msdn.com%2Fb%2Fb8%2Farchive%2F2012%2F06%2F14%2Fbuilding-the-mail-app.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EBuilding%20the%20Mail%20app%3C%2FA%3E%20on%20the%20Building%20Windows%208%20blog%20of%20interest.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CDIV%20class%3D%22note%22%20style%3D%22margin-top%3A%201.5em%3B%22%3E%0A%3CH3%20id%3D%22toc-hId--731902415%22%20id%3D%22toc-hId--732380477%22%3EUpdates%3C%2FH3%3E%0A%3CUL%20class%3D%22nobullet%22%3E%0A%3CLI%3E11%2F26%2F2012%3A%20Updated%20info%20about%20%3CSPAN%20class%3D%22parameter%22%3EAllowNonProvisionableDevices%3C%2FSPAN%3E%20setting%20in%20EAS%20policies.%3C%2FLI%3E%0A%3CLI%3E11%2F27%2F2012%3A%20Added%20links%20to%20EAS%20policy%20documentation.%3C%2FLI%3E%0A%3CLI%3E11%2F27%2F2012%3A%20Added%20info%20about%20Public%20Folder%20support%20in%20IMAP%20and%20link%20to%20IMAP%20documentation.%3C%2FLI%3E%0A%3CLI%3E12%2F3%2F2012%3A%20Added%20link%20to%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fblogs.msdn.com%2Fb%2Fb8%2Farchive%2F2012%2F06%2F14%2Fbuilding-the-mail-app.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EBuilding%20the%20Mail%20app%3C%2FA%3E%20on%20the%20Building%20Windows%208%20blog.%3C%2FLI%3E%0A%3CLI%3E12%2F21%2F2012%3A%20Added%20links%20to%20KB%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2784275%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2784275%3C%2FA%3E%2C%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2792112%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2792112%3C%2FA%3E%20and%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2464593%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2464593%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3E2%2F20%2F2013%3A%20Added%20note%20about%20Certificate-base%20authentication%20of%20clients%20for%20Exchange%20ActiveSync%20not%20being%20supported.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-597403%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EClient%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emobility%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E

Windows 8 and Windows RT include a built-in email app named Mail (also referred to as Windows 8 Mail or the Windows 8 Mail app). The Windows 8 Mail app includes support for IMAP and Exchange ActiveSync (EAS) accounts.

This article includes some key technical details of the Windows 8 Mail app. Use the information to help you support the use of Windows 8 Mail app in your organization. Read this article start to finish, or jump to the topic that interests you. Use the reference links throughout the article for more information.

NOTE Mail, Calendar, People, and Messaging are apps that are built in to Windows 8 and Windows RT. Although this article discusses the Windows 8 Mail app, please note that much of the information in this article also applies to the Calendar, People, and Messaging apps. This is because, when connected to a server that supports Exchange ActiveSync, the Calendar, and People apps may also display data that was downloaded over the Exchange ActiveSync connection.

Protocol Support

The Windows 8 Mail app lets users connect to any service provider that supports either of the following two protocols:

  • Exchange ActiveSync
  • IMAP/SMTP

POP is not currently supported.

Exchange ActiveSync

Exchange ActiveSync can be used to sync data for email, contacts, and calendar. The Windows 8 Mail app supports EAS versions 2.5, 12.0, 12.1, and 14.0. For detailed protocol documentation, see Exchange Sever Protocol Documents on MSDN.

NOTE All Windows Communications apps (Mail, Calendar, and People) can use the data that is synchronized with Exchange ActiveSync. After a user connects to their account in the Windows 8 Mail app, their contacts and calendar data are available in the other Windows Communications Apps and vice versa.

The Mail app does not support certificate-based authentication of clients for Exchange ActiveSync.

IMAP/SMTP

The Windows 8 Mail app supports the following IMAP and SMTP standards:

IMAP/SMTP can be used to send and receive email only. Contacts data and calendar data is not synchronized when IMAP/SMTP is used. Microsoft Exchange does not support Public Folders via IMAP. For more details about IMAP support in Exchange, see POP3 and IMAP4 (for Exchange 2010, see Understanding POP3 and IMAP4).

Sync Configuration

The Windows 8 Mail app can be configured to synchronize data at different times as follows:

  • Push email (default)
  • Polling at fixed intervals
  • Manually

If a push email connection can’t be established, it will automatically switch to poll at fixed intervals.

Push Email

Push email requires that accounts are either Exchange ActiveSync (which all support Push) or IMAP with the IDLE extension. Not all IMAP servers support IDLE, and it is supported only for the Inbox folder.

When a push connection can’t be established, Mail will change to polling on 30 minute intervals. Push email on Exchange ActiveSync requires that HTTP connections must be maintained for up to 60 minutes, and IMAP IDLE requires TCP connections to be maintained for up to 30 minutes.

Account Setup Features

Windows 8 and Windows RT users can add email accounts to the Windows 8 Mail app using the Settings charm. The Settings charm is always available on the right side of the Windows 8 and Windows RT screen. (For more visual details about Charms & the Windows 8 user interface, see Search, share & more.)

NOTE This section provides an overview of Windows 8 Mail app account setup. For step-by-step procedures for setting up an account in the Windows 8 Mail app, see What else do I need to know? at the end of this guide.

To make it as easy as possible to add accounts, account setup only prompts the user to enter the email address and password for the account they want to set up. From that data, Mail attempts to automatically configure the account as follows:

  • The domain portion of the email address is matched against a database of well-known service providers. If it’s a match, its settings are automatically configured.
  • The domain portion of the email address is used to execute Exchange ActiveSync Autodiscover processes. For detailed information, see Autodiscover HTTP Service Protocol Specification on MSDN.
  • If still not configured, the user is prompted to provide detailed settings for their server.

Exchange ActiveSync

Screenshot: Exchange ActiveSync configuration in Windows Mail
Figure 1: Exchange ActiveSync (EAS) configuration in Windows Mail

Full details needed to connect to an Exchange server – needed only if Autodiscover failed

The information required to connect to a server via Exchange ActiveSync is:

  • Email address
  • Server address
  • Domain
  • Username
  • Password

IMAP/SMTP

Screenshot: IMAP/SMTP configuration in Windows Mail
Figure 2: IMAP/SMTP configuration in Windows Mail

The information required to connect to a server via IMAP/SMTP is:

  • Email address
  • Username
  • Password
  • IMAP email server
  • IMAP SSL (if your IMAP server requires SSL encryption)
  • IMAP port
  • SMTP email server
  • SMTP SSL (if your SMTP server requires SSL encryption)
  • SMTP port
  • Whether SMTP server requires authentication
  • Whether SMTP uses the same credentials as IMAP (If not, user must also provide SMTP credentials)

Security Features

Mail provides administrators with some level of security through Exchange ActiveSync policies. It doesn’t support any means of managing or securing PCs that are connected via IMAP.

Policy Support

Exchange ActiveSync devices can be managed using Exchange ActiveSync policies. Windows 8 Mail supports the following EAS policies. :

  • Password required
  • Allow simple password
  • Minimum password length (to a maximum of 8 characters)
  • Number of complex characters in password (to a maximum of 2 characters)
  • Password history
  • Password expiration
  • Device encryption required (on Windows RT and editions of Windows that support BitLocker. See What's New in BitLocker for details about BitLocker improvements in Windows 8.)
  • Maximum number of failed attempts to unlock device
  • Maximum time of inactivity before locking

Note that if AllowNonProvisionableDevices is set to false in an EAS policy and the policy contains settings are not part of this list, the device won’t be able to connect to the Exchange server.

Getting into Compliance

Most of the policies listed above can be automatically enabled by Mail, but there are certain cases where the user has to take action first. These are:

  • Server requires device encryption:
    • User has a device that supports BitLocker but BitLocker isn’t enabled. User must manually enable BitLocker.
    • User has a Windows RT device that supports device encryption but it is suspended. User must reboot.
    • User has a Windows RT device that supports device encryption, but it isn’t enabled. User must sign into Windows with a Microsoft account.
  • An admin on this PC doesn’t have a strong password: All admin accounts must have a strong password before continuing.
  • The user’s account doesn’t have a strong password: User must set a strong password before continuing.

ActiveSync Policy v/s Group Policy on domain-joined Windows 8 devices

If a Windows 8 PC is joined to an Active Directory domain and controlled by Group Policy, there may be conflicting policy settings between Group Policy and an Exchange ActiveSync policy. In the event of any conflict, the strictest rule in either policy takes precedence. The only exception is password complexity rules for domain accounts. Group policy rules for password complexity (length, expiry, history, number of complex characters) take precedence over Exchange ActiveSync policies – even if group policy rules for password complexity are less strict than Exchange ActiveSync rules, the domain account will be deemed in compliance with Exchange ActiveSync policy.

Remote Wipe

Mail supports the Exchange ActiveSync remote wipe directive, but unlike Windows Phones, the data deleted by this directive is scoped to the specified Exchange ActiveSync account. The user's personal data is not deleted. For example, if a user has an Outlook.com account for personal use and a Contoso.com account for work use, a remote wipe directive from the Contoso.com server would impact Windows 8 and Windows Phone 7 as follows:

DataWindows Phone 7Windows 8 Mail
Contoso.com email Deleted Deleted
Contoso.com contacts Deleted Deleted
Contoso.com calendars Deleted Deleted
Outlook.com email Deleted Not deleted
Outlook.com contacts Deleted Not deleted
Outlook.com calendars Deleted Not deleted
Other documents, files, pictures, etc. Deleted Not deleted

Account Roaming

To make it as easy as possible for users to have all of their accounts set up on all of their devices, Windows 8 uploads vital account information to the user’s Microsoft account. This information includes email address, server, server settings, and password. When a user signs into a new PC with their Microsoft account, their email accounts are automatically set up for them.

Passwords are not uploaded from a PC for any accounts which are controlled by any Exchange ActiveSync policies. Users will have to enter their password to begin syncing a policy-controlled account on a new PC.

Microsoft Accounts

Users are required to have a Microsoft Account, formerly known as Windows Live ID, to use the Windows Communications apps. This will usually be the Microsoft account that the user is signed into Windows with, but if they have not done so, they will be prompted to provide one before proceeding.

Microsoft accounts will automatically sync to Microsoft services using Exchange ActiveSync 14.0 when Mail starts. This will synchronize:

      • Email, if the user’s Microsoft account is also their Hotmail or Outlook.com account
      • Contacts from Windows Live
      • Calendar events

If the user’s Microsoft account is not a Outlook.com or Hotmail account (for example, dave@contoso.com), Mail will prompt the user to provide the password for their email account, which will be added automatically.

Data Consumption

By default, Mail only downloads the last two weeks of email. This is user configurable and can potentially download the user’s entire mailbox. For Exchange ActiveSync accounts, all contacts are downloaded and calendar events are downloaded only for three months behind the current date and 18 months ahead.

Additionally, messages are only partially downloaded to reduce bandwidth use as follows:

        • Message bodies are truncated to the first 100KB (20KB on metered networks). For more details see Engineering Windows 8 for mobile networks.
        • Attachments are not downloaded automatically.

Embedded images in email messages are downloaded on-demand as the user reads them, and attachments are downloaded on-demand as the user attempts to open them.

By default, Mail only downloads the user’s Inbox and Sent folders. Other folders are downloaded once the user accesses them for the first time.

Mail does not enforce any limits on how many or large of attachments users can send.

Limitations

The following features are currently not supported by Mail:

  • Mailbox connections using POP:  IMAP and EAS are supported.

    (Note, this does not mean that Windows 8 does not support POP3. This post is about the Windows 8 Mail app. )

  • Servers that require self-signed certificates: Users can work around the self-signed certificate limitation by manually installing the certificate on their Windows 8 or Windows RT device. For additional information about the self-signed certificates, see Self-Signed Certificates section below.

  • Opaque-Signed and Encrypted S/MIME messages: When S/MIME messages are received in Windows 8 Mail, it displays an email item with a message body that begins with “This encrypted message can’t be displayed.”

    To view email items in the S/MIME format, users must open the message using Outlook Web App, Microsoft Outlook, or another email program that supports S/MIME messages. For more information, see Opaque-Signed and Encrypted S/MIME Message on MSDN.

Self-Signed Certificates

Users may experience connectivity errors when trying to connect to an Exchange servers that require self-signed certificates. The user may receive the following error messages.

Unable to connect. Ensure the information entered is correct.

<Email address> is unavailable

NOTE This issue may occur because the Mail app cannot connect to Exchange by using self-signed certificates.

Consider the following options to resolve this issue.

    1. Option 1: Install a certificate that is signed by a Microsoft-trusted root certification authority (CA) on the server

      This enables Exchange to work for all clients without prompting. For more information about the trust root CAs, see the following topics on TechNet:

    2. Option 2: Install a server’s self-signed certificate on a device

      This enables Exchange to work for Windows 8 devices that have the certificate installed.

Note To install a self-signed certificate for a domain’s certification authority, the administrator must provide a certificate file (.cer). The certificate can be installed to the trusted root certificate authority store for either of the following options:

  • For the current user This option does not require admin rights but must be completed for each user on the device.
  • For the local device This option requires administrator rights and needs to be done only one time for a device.

The user or the system administrator can use the .cer file to install the certificate. To do this, use one of the following methods:

  • Command-line tool

    At an elevated command prompt, run the following command:

    certutil.exe -f -addstore root <name_of_certificatefile>.cer

    NOTE The command installs the certificate for all users on the device.

  • User interface

    1. Double-click the certificate file. A certificate dialog opens.
    2. Click Install Certificate. A Certificate Import Wizard window opens.
    3. Select the option to install the certificate for only the current user or for the local device.
    4. Select Place all certificates in the following store
    5. Click Browse to open the store selection dialog. Select Trusted Root Certification Authorities.
    6. Select the store, and then click Ok. You are returned to Certificate Import Wizard dialog, and the certificate store and certificate to be installed into that store are displayed.

Troubleshooting Windows 8 Mail Client Connectivity

If Windows 8 Mail users can't successfully connect to their accounts, consider the following:

  • Verify that the user is using the latest version of the Windows 8 Mail app. A user can check for updates to the Windows 8 Mail app by doing the following: from the Start screen, go to Store > Settings > App updates > Check for updates.
  • The user should wait a few minutes and try again.
  • If the account is a cloud-based email account that requires registration (for example, a Microsoft Office 365 account), the user must register their account before they can set up their account in Windows 8 Mail. If the user is a Microsoft Office 365 user, they register their account when they sign in to Office 365 for the first time. If the user is not an Office 365 user, the user registers their account when they sign in to their account using Microsoft account or Outlook Web App.

TIP The user will see the following message if they haven't registered their account. In Windows 8 Mail, you will see the following message:
“We couldn’t find the settings for. Provide use with more info and we’ll try connecting again.”

For information about signing into Outlook Web App or the Office 365 Portal, see Sign In to Outlook Web App.

After the user signs in to your account using Outlook Web App, the user should sign out, and then try to connect using Windows 8 Mail.

What else do I need to know?

Updates

  • 11/26/2012: Updated info about AllowNonProvisionableDevices setting in EAS policies.
  • 11/27/2012: Added links to EAS policy documentation.
  • 11/27/2012: Added info about Public Folder support in IMAP and link to IMAP documentation.
  • 12/3/2012: Added link to Building the Mail app on the Building Windows 8 blog.
  • 12/21/2012: Added links to KB 2784275, 2792112 and 2464593.
  • 2/20/2013: Added note about Certificate-base authentication of clients for Exchange ActiveSync not being supported.
84 Comments
Not applicable

@CBA, Ben and others who asked about certificate-based authentication: We can't comment on whether certificate-based authentication is supported until the Windows Mail team completes their validation. At this point it would be fair to assume certificate-based

authentication is not suppported for Exchange ActiveSync.

(It would also be fair to assume that like most Windows 8 apps, Mail will get updates.)

@CBA: As stated in the post, Exchange ActiveSync and IMAP4 are the only 2 protocols supported.

POP is not supported.

Mail does work with Exchange. If you're having specific issues connecting to Exchange, you will need to post in forums or contact Support.

Not applicable

Certificate based authentication DOES NOT WORK at all. No need for the Windows Mail team to test anything. POP does not work at all, even thought that is presented as an option. IMAP works sometimes, but may or may not display all the e-mails. Exchange works sometimes, but seems to have massive problems with certificates.

If you wave the rubber chicken over your head while spinning in a circle, and flapping your arms, Windows 8 Mail might work for you.

Not applicable

How do I get the Windows 8 Mail app to connect to my Exchange server without having to type in a Microsoft account first? There appears to be no way to change this behavior even if it is a domain joined machine. We can't have our users typing in multiple e-mail addresses to set up a single e-mail address account. In addition, it makes me wonder why Microsoft is requiring this information and I can think of no other reason than they are using it to track our users data. This makes me very nervous to even set it up.

Not applicable

@LyncDude: Thanks for the feedback. It has been passed on to the Windows Mail team.

The current version does not have a way to bypass this.

Not applicable

"Users are required to have a Microsoft Account"

In one fell swoop MS confirmed that we will NOT be deploying Win8 in our business.  Not being able to link the Mail app to our Exchange servers without creating MS accounts for each and every user (and then needing to deal with users' personal data mixing in) must be one of the most foolish decisions I've seen out of this developer in a long time.

I really like Win8, faults included, but for a "Pro" version in a business environment such a requirement is gigantically naive.  Looks like it's Win7 for our biz for another X years as 8 has now been formally eliminated from our year-end upgrades.  

Not applicable

I for one am not understanding what the benefit is to having to sign in using a MS-based account first? If we don't choose a MS-based account we have to go through the process of adding that e-mail account to one that is controlled by MS. Why would anyone want to do that? What is the benefit for any business to have all their end users configuring two e-mail addresses to log into their e-mail? Can any one please help me understand this requirement and why I should go along with it as a business IT administrator?

Not applicable

What is the benefit to having us utilize 2 e-mail accounts to sign up for our Windows 8 Mail? They must be tracking our usage patterns, displaying ad content, or something with it.

Not applicable

Mr. Suneja,

Please explain to us why we need that additional Microsoft Account in order to use e-mail? It is required, therefore it must be doing something. What would that "something" be?

Not applicable

This is great info but my access to corporate email externally is using OWA, which works great EXCEPT that I cannot open encrypted messages because the S/MIME control is out of date.  What are the Microsoft plans to update the OWA S/MIME control to support Windows 8 RT?  Running the Exchange provided MSI on RT obviously fails.  Thanks.

Not applicable

Without working certificate authentication support for the mail app suite, the permissions description should be updated. It currently incorrectly states:

"Certificates stored on your PC or a smart card to securely access organizations such as banks, government agencies, or your employer. "

While it may be fair to say you can install self-signed or internal PKI certificates for trust issues as stated in this article, mentioning smart cards implies certificate-based authentication.

Not applicable

@Nintendo Dude: "Why do you need a Microsoft account?" is a frequently asked question. See the Account Roaming and Microsoft Account sections in the post, which include these details.

We've received feedback that this should be an option, not be a requirement, for Exchange accounts or email accounts other than Outlook.com or Hotmail. The feedback has been passed on to the Windows Mail team.

Not applicable

Bharat, your links only explain the benefits of using a Microsoft account. They do not explain *why* the account is needed for the communication apps to work, especially when it is not a requirement elsewhere.

Not applicable

@Bharat - There is nothing in this entire post that explains why a Microsoft account is required to connect to my Exchange server. The only thing this post mentions is that the Microsoft account can be used to sync data using the live services, but that is NOT what anyone running Exchange would even want. It does no explain this behavior.

Please answer the question directly. Why is an additional Microsoft account required in Mail 8 for each and every end-user to connect to an Exchange service?

Not applicable

3 q's. a) how do we select multiple items to delete all at once? b) how do we get integrated search to wrok with mail 8? c) what every one has been asking,,,why do we need a live account AND an EX mail account to get Mail 8 to load? This is a pain in the ass for us and is causing end user and it confusion.

Not applicable

We have all flavors of Exchange in our environment (2003, 2007, 2010).  We can successfully set up an account in Windows 8 mail from all 3 Exchange versions.  When attempting to download attachments on the Windows 8 Mail account that is Exchange 2003 or Exchange 2007 based, we get an error that the attachment cannot be downloaded and are asked to Try Again.  We can never load the attachment.  All of our ActiveSync accounts work fine with other vendors' devices (apple and android based) and we can successfully download and open attachments on them with all three versions of accounts.  Is there a plan for a fix for this in the near future??

Not applicable

Very entertaining comments on this blog. There is a good question being raised that is not being answered appropriately that I would like to understand further. Can a representative of the Metro or Windows 8 team please chime in here and give us more details on the live account requirements?

Why is the live account required to set up an Exchange profile? Where can I find more documentation on why Mail 8 needs 2 accounts in order to function and more importantly how I can change this behavior so that only the users e-mail address and password are required. This is how it works on all other devices. This is how it should work on Windows 8 too.

Not applicable

"@Nintendo Dude: "Why do you need a Microsoft account?" is a frequently asked question. See the Account Roaming and Microsoft Account sections in the post, which include these details."

No. You did not answer this "frequently asked question" in any meaningful way. You answered with pure fluff and misdirection. That section of this post answers nothing about why we need 2 accounts to get mail working.

Not applicable

>>>Users are required to have a Microsoft Account, formerly known as Windows Live ID, to use the Windows >>>Communications apps. This will usually be the Microsoft account that the user is signed into Windows with, >>>but if they have not done so, they will be prompted to provide one before proceeding.

Why is this a requirement?

>>>Microsoft accounts will automatically sync to Microsoft services using Exchange ActiveSync 14.0 when Mail >>>starts.

Woah there. I don't want ANYTHING to synchronize to ANY of Microsoft service EVER. This item desperately needs further clarification.

>>>If the user’s Microsoft account is not a Outlook.com or Hotmail account (for example, dave@contoso.com), >>>Mail will prompt the user to provide the password for their email account, which will be added automatically.

Again, why is this a requirement? It's not a requirement on the iPhone - ahem.

Not applicable

"@Bharat Suneja [MSFT]: @Alginald and others who asked about certificate-based authentication in Windows 8 Mail: The Windows Mail team is validating this. We'll update this post when we hear back."

The above quote was from the 10 December and still no update. Is it really sooooooo difficult to answer one simple question correctly?

Not applicable

@Anonymous: You probably missed the following response on Dec. 13th

(highlighted for emphasis)

@CBA, Ben and others who asked about certificate-based authentication: We can't comment on whether certificate-based authentication is supported until the Windows Mail team completes their validation.

At this point it would be fair to assume certificate-based authentication is not supported for Exchange ActiveSync. (It would also be fair to assume that like most Windows 8 apps, Mail will get updates.)

Not applicable

@Justin Burns: I've pointed to the relevant section in the post, which states benefits of using a Microsoft account.

Understand that making a Microsoft account a requirement is not ideal. The feedback has beeen passed on to the Winows Mail team. For more details on the design decision, you'd have to contact someone in the Windows Mail team.

Not applicable

>>> I've pointed to the relevant section in the post, which states benefits of using a Microsoft account.

It states the benefit of using the MS account in relation to Hotmail/Outlook.com accounts, but explains nothing in regards to the benefits for Exchange and other e-mail services. You've pointed to a section of the post that is irrelevant to our concerns.

>>>Understand that making a Microsoft account a requirement is not ideal.

Glad you understand, but especially if it is not ideal, then why is it a requirement? This isn't being answered.

>>>For more details on the design decision, you'd have to contact someone in the Windows Mail team.

To whom and/or what blog should we contact to obtain this information? This is the "supporting Windows 8 Mail" blog correct? I would have expected this to be the place to find out how to support Windows 8  Mail and collaborate, but apparently we were mistaken.

Not applicable

I live in Canada and send a weekly newsletter to about 100 friends. WIN8 is driving me crazy trying to get group mailings to work. I have it set up but about 15% of those on my list do not receive my letters. I then have to go back to my old computer with WIN XP.  The XP is probably the overall best WIN application ever made.  It was user friendly which WIN8 is not!  Why not just upgrade XP and charge a fee instead of the lousy WIN8?

Not applicable

I'll ask again.

This blog states the benefit of using the MS account in relation to Hotmail/Outlook.com accounts, but explains nothing in regards to the benefits for Exchange and other e-mail services. What are the benefits to companies, Exchange, and other e-mail system users to provide MS account data?

To whom and/or what blog should we contact to obtain this information? This is the "supporting Windows 8 Mail" blog correct? I would have expected this to be the place to find out how to support Windows 8  Mail and collaborate, but apparently we were mistaken and we need to go somewhere else. Where do we go?

Microsoft sure knows how to obfuscate and provide non-answer answers to questions raised in this forum.

Not applicable

@A and others: Regarding the requirement of a Microsoft account, certificate-based authentication for Exchange ActiveSync, and other Windows Mail issues, you can send feedback directly to the Windows Mail team using the

Feedback button in the Mail app on Windows 8/Windows RT, as shown below. To see the app commands, swipe from bottom on touch screens or right-click if using a mouse.

Send Windows Mail feedback to the Mail team

Meanwhile, we'll continue to respond to your questions and pass on any feedback to the Mail team, but you may get a faster response by using the Feedback button in the app.

Not applicable

So, even "The Exchange Team" itself cannot directly answer why this was done. Not cool. You'd think with the hundreds of thousands of Exchange servers out there, including Microsoft's own platform, this one would be an easy answer as to why it is a requirement for the new Windows 8 OS that launched a few months ago, but I guess not.

I will submit feedback via the app. Hopefully they will be able to provide an answer. Thank you.

Not applicable

@A: The Exchange Team does not own the Mail app in Windows 8.

As you may already know, Exchange does not require a Microsoft account when connecting using Exchange ActiveSync or any other supported protocol (OWA, RPC over TCP, RPC over HTTPS, IMAP or POP) . The Mail team can best respond to your question about the app, and the Feedback button in the Mail app lets you provide feedback quickly and directly to the Mail team.

HTH.

Not applicable

Again, even the Exchange team appears clueless as to the basic functionality of Microsoft's own client used by millions of people (including tens of thousands of internal MS users) to connect to the Exchange services. All this in a forum dedicated to supporting the Mail 8 client. On top of all that, nobody on the Exchange team is interested enough in the issue that, again, affects their core product division enough to find out why?

Interesting. Again, thank you. I await feedback from the feedback option method within the app.

Not applicable

1. There does not appear to be a feedback button. I see a "sync", "pin to start" on the left. I see a "move" and "mark unread" to the right. I don't see "feedback" appear anywhere.

2. I don't believe the "feedback" is conversational or interactive communication. In other words, if I submit feedback I'm not going to be able to talk with anyone or hear answers to the questions I submit. We'll all still be in the dark as to why the Mail 8 app requires an MS account to function.

Therefore,I conclude that your suggestion won't work to use the in-app feedback option. I need a valid method to contact someone on the Mail 8 team to get a definitive answer as to why the app functions the way it does. In addition, I'm appalled that the Exchange team themselves don't know why the defacto app on the new flagship OS that MS has launched makes their Exchange product look like utter garbage. The users don't see Exchange, but they do see Mail 8 which immediately turns them off.

Again, since you don't want to talk about this issue in this forum, where is an appropriate place I could post this question that will result in an actual answer being given? Again too, I'm saddened that the Exchange team can't answer this. Everyone at Microsoft is running Windows 8, but nobody can explain why the default mail client behaves in a particular way? Not cool.

Not applicable

@A: If you don't see a Feedback button and haven't submitted feedback, how do you know you won't get a response? :)

Please try it. If you don't see the Feedback button at all, please contact Support.

Criticizing Exchange product group for being "clueless" about not knowing specifics of a particular email client we do not own or the design decisions taken by another team is not very productive. I can't help you any further except to restate that Microsoft values your feedback - we've passed on your (and others') feedback to the Mail team. They're aware of the pain points and considering your feedback for future updates.

Not applicable

I had my corporate mail on my new windows 8 computer. It required screen lock and passwords. Who knows what else. As of today I am no longer with the company and have removed the mail account from my computer. Yet "Some of my system settings are controlled by my system administrator" Soo how do i get my personal computer back?

Not applicable
Not applicable

hi all, can the surface tablet mail app connect to small business server 2003 exchange?i am unable to connect it to the companies exchange server...please assist

Not applicable

In a recent project we faced an interesting problems using the Windows 8 Mail App.

Windows 8 include