Home
%3CLINGO-SUB%20id%3D%22lingo-sub-597403%22%20slang%3D%22en-US%22%3ESupporting%20Windows%208%20Mail%20in%20your%20organization%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-597403%22%20slang%3D%22en-US%22%3E%3CP%3E%3C%2FP%3E%3CP%20class%3D%22intro%22%20style%3D%22font-size%3A%201.2em%3B%22%3E%3CIMG%20style%3D%22float%3A%20left%3B%20margin-left%3A%20-10px%3B%20padding-right%3A%205px%20!important%3B%20margin-top%3A%20-25px%3B%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Flegacyfs%2Fonline%2Fmedia%2FTNBlogsFS%2Fprod.evol.blogs.technet.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F31%2F06%2Fpostimages%2F5008.WindowsMail.jpg%22%20original-url%3D%22http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Fcommunityserver-blogs-components-weblogfiles%2F00-00-00-31-06-postimages%2F5008.WindowsMail.jpg%22%20alt%3D%22%22%20width%3D%22300%22%20%2F%3E%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-8%2Fmeet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%208%3C%2FA%3E%20and%20Windows%20RT%20include%20a%20built-in%20email%20app%20named%20%3CSPAN%20class%3D%22bold%22%3EMail%3C%2FSPAN%3E%20(also%20referred%20to%20as%20%3CSPAN%20class%3D%22newterm%22%3EWindows%208%20Mail%3C%2FSPAN%3E%20or%20the%20%3CSPAN%20class%3D%22newterm%22%3EWindows%208%20Mail%20app%3C%2FSPAN%3E).%20The%20Windows%208%20Mail%20app%20includes%20support%20for%20%3CACRONYM%20title%3D%22Internet%20Mail%20Access%20Protocol%22%3EIMAP%3C%2FACRONYM%3E%20and%20Exchange%20ActiveSync%20(EAS)%20accounts.%3C%2FP%3E%0A%3CP%3EThis%20article%20includes%20some%20key%20technical%20details%20of%20the%20Windows%208%20Mail%20app.%20Use%20the%20information%20to%20help%20you%20support%20the%20use%20of%20Windows%208%20Mail%20app%20in%20your%20organization.%20Read%20this%20article%20start%20to%20finish%2C%20or%20jump%20to%20the%20topic%20that%20interests%20you.%20Use%20the%20reference%20links%20throughout%20the%20article%20for%20more%20information.%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20Mail%2C%20Calendar%2C%20People%2C%20and%20Messaging%20are%20apps%20that%20are%20built%20in%20to%20Windows%208%20and%20Windows%20RT.%20Although%20this%20article%20discusses%20the%20Windows%208%20Mail%20app%2C%20please%20note%20that%20much%20of%20the%20information%20in%20this%20article%20also%20applies%20to%20the%20Calendar%2C%20People%2C%20and%20Messaging%20apps.%20This%20is%20because%2C%20when%20connected%20to%20a%20server%20that%20supports%20Exchange%20ActiveSync%2C%20the%20Calendar%2C%20and%20People%20apps%20may%20also%20display%20data%20that%20was%20downloaded%20over%20the%20Exchange%20ActiveSync%20connection.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1738992676%22%20id%3D%22toc-hId--1444043984%22%3EProtocol%20Support%3C%2FH2%3E%0A%3CP%3EThe%20Windows%208%20Mail%20app%20lets%20users%20connect%20to%20any%20service%20provider%20that%20supports%20either%20of%20the%20following%20two%20protocols%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EExchange%20ActiveSync%3C%2FLI%3E%0A%3CLI%3EIMAP%2FSMTP%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3E%3CACRONYM%20title%3D%22Post%20Office%20Protocol%22%3EPOP%3C%2FACRONYM%3E%3C%2FSPAN%3E%20is%20not%20currently%20supported.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1009677790%22%20id%3D%22toc-hId--753482510%22%3EExchange%20ActiveSync%3C%2FH3%3E%0A%3CP%3EExchange%20ActiveSync%20can%20be%20used%20to%20sync%20data%20for%20email%2C%20contacts%2C%20and%20calendar.%20The%20Windows%208%20Mail%20app%20supports%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20versions%202.5%2C%2012.0%2C%2012.1%2C%20and%2014.0.%20For%20detailed%20protocol%20documentation%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc425499(v%3DEXCHG.80).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20Sever%20Protocol%20Documents%3C%2FA%3E%20on%20MSDN.%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20All%20Windows%20Communications%20apps%20(Mail%2C%20Calendar%2C%20and%20People)%20can%20use%20the%20data%20that%20is%20synchronized%20with%20Exchange%20ActiveSync.%20After%20a%20user%20connects%20to%20their%20account%20in%20the%20Windows%208%20Mail%20app%2C%20their%20contacts%20and%20calendar%20data%20are%20available%20in%20the%20other%20Windows%20Communications%20Apps%20and%20vice%20versa.%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3EThe%20Mail%20app%20does%20not%20support%20certificate-based%20authentication%20of%20clients%20for%20Exchange%20ActiveSync.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-733132545%22%20id%3D%22toc-hId-1734030323%22%3EIMAP%2FSMTP%3C%2FH3%3E%0A%3CP%3EThe%20Windows%208%20Mail%20app%20supports%20the%20following%20IMAP%20and%20SMTP%20standards%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CACRONYM%20title%3D%22Internet%20Mail%20Access%20Protocol%204%22%3EIMAP4%3C%2FACRONYM%3E%20rev1%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc3501%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%203501%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CACRONYM%20title%3D%22Simple%20Mail%20Transfer%20Protocol%22%3ESMTP%3C%2FACRONYM%3E%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc5321%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%205321%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EIMAP4%20IDLE%20command%20(push%20email)%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc2177%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%202177%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EIMAP%20LIST%20Extension%20for%20Special%20Folders%20%3CA%20href%3D%22http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6154%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERFC%206154%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EXLIST%20extension%20of%20the%20LIST%20command(identifies%20special%20folders).%20See%20%3CA%20title%3D%22For%20detailed%20information%20about%20XLIST%2C%20see%20'Extension%20of%20the%20LIST%20command%3A%20XLIST'%20at%20the%20Google%20Apps%20Platform%20page%22%20href%3D%22https%3A%2F%2Fdevelopers.google.com%2Fgoogle-apps%2Fgmail%2Fimap_extensions%23extension_of_the_list_command_xlist%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EExtension%20of%20the%20LIST%20command%3A%20XLIST%3C%2FA%3E%20in%20Google%20Apps%20Platform%20documentation.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIMAP%2FSMTP%20can%20be%20used%20to%20send%20and%20receive%20email%20only.%20Contacts%20data%20and%20calendar%20data%20is%20not%20synchronized%20when%20IMAP%2FSMTP%20is%20used.%20Microsoft%20Exchange%20does%20not%20support%20Public%20Folders%20via%20IMAP.%20For%20more%20details%20about%20IMAP%20support%20in%20Exchange%2C%20see%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'POP3%20and%20IMAP4'%20in%20Exchange%202013%20documenation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fjj657728.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EPOP3%20and%20IMAP4%3C%2FA%3E%20(for%20Exchange%202010%2C%20see%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'Understanding%20POP3%20and%20IMAP4'%20in%20Exchange%202010%20documentation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fbb124107%2528v%3Dexchg.141%2529.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EUnderstanding%20POP3%20and%20IMAP4%3C%2FA%3E).%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1622510911%22%20id%3D%22toc-hId-1723527219%22%3ESync%20Configuration%3C%2FH2%3E%0A%3CP%3EThe%20Windows%208%20Mail%20app%20can%20be%20configured%20to%20synchronize%20data%20at%20different%20times%20as%20follows%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EPush%20email%20(default)%3C%2FLI%3E%0A%3CLI%3EPolling%20at%20fixed%20intervals%3C%2FLI%3E%0A%3CLI%3EManually%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIf%20a%20push%20email%20connection%20can%E2%80%99t%20be%20established%2C%20it%20will%20automatically%20switch%20to%20poll%20at%20fixed%20intervals.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--76214081%22%20id%3D%22toc-hId--1880878603%22%3EPush%20Email%3C%2FH3%3E%0A%3CP%3EPush%20email%20requires%20that%20accounts%20are%20either%20Exchange%20ActiveSync%20(which%20all%20support%20Push)%20or%20IMAP%20with%20the%20IDLE%20extension.%20Not%20all%20IMAP%20servers%20support%20IDLE%2C%20and%20it%20is%20supported%20only%20for%20the%20Inbox%20folder.%3C%2FP%3E%0A%3CP%3EWhen%20a%20push%20connection%20can%E2%80%99t%20be%20established%2C%20Mail%20will%20change%20to%20polling%20on%2030%20minute%20intervals.%20Push%20email%20on%20Exchange%20ActiveSync%20requires%20that%20HTTP%20connections%20must%20be%20maintained%20for%20up%20to%2060%20minutes%2C%20and%20IMAP%20IDLE%20requires%20TCP%20connections%20to%20be%20maintained%20for%20up%20to%2030%20minutes.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1666596254%22%20id%3D%22toc-hId-606634230%22%3EAccount%20Setup%20Features%3C%2FH3%3E%0A%3CP%3EWindows%208%20and%20Windows%20RT%20users%20can%20add%20email%20accounts%20to%20the%20Windows%208%20Mail%20app%20using%20the%20%3CSPAN%20class%3D%22UI%22%3ESettings%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22newterm%22%3Echarm%3C%2FSPAN%3E.%20The%20%3CSPAN%20class%3D%22UI%22%3ESettings%3C%2FSPAN%3E%20charm%20is%20always%20available%20on%20the%20right%20side%20of%20the%20Windows%208%20and%20Windows%20RT%20screen.%20%3CSPAN%20class%3D%22comment%22%3E(For%20more%20visual%20details%20about%20Charms%20%26amp%3B%20the%20Windows%208%20user%20interface%2C%20see%20%3CA%20title%3D%22Learn%20more%20about%20Windows%208%20Charms%20in%20'Get%20to%20Know%20Windows'%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-8%2Fcharms%3Fwoldogcb%3D0%231TC%3Dt1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESearch%2C%20share%20%26amp%3B%20more%3C%2FA%3E.)%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20This%20section%20provides%20an%20overview%20of%20Windows%208%20Mail%20app%20account%20setup.%20For%20step-by-step%20procedures%20for%20setting%20up%20an%20account%20in%20the%20Windows%208%20Mail%20app%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22%23whatelse%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWhat%20else%20do%20I%20need%20to%20know%3F%3C%2FA%3E%20at%20the%20end%20of%20this%20guide.%3C%2FP%3E%0A%3CP%3ETo%20make%20it%20as%20easy%20as%20possible%20to%20add%20accounts%2C%20account%20setup%20only%20prompts%20the%20user%20to%20enter%20the%20email%20address%20and%20password%20for%20the%20account%20they%20want%20to%20set%20up.%20From%20that%20data%2C%20Mail%20attempts%20to%20automatically%20configure%20the%20account%20as%20follows%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EThe%20domain%20portion%20of%20the%20email%20address%20is%20matched%20against%20a%20database%20of%20well-known%20service%20providers.%20If%20it%E2%80%99s%20a%20match%2C%20its%20settings%20are%20automatically%20configured.%3C%2FLI%3E%0A%3CLI%3EThe%20domain%20portion%20of%20the%20email%20address%20is%20used%20to%20execute%20Exchange%20ActiveSync%20Autodiscover%20processes.%20For%20detailed%20information%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc433481(v%3DEXCHG.80).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAutodiscover%20HTTP%20Service%20Protocol%20Specification%3C%2FA%3E%20on%20MSDN.%3C%2FLI%3E%0A%3CLI%3EIf%20still%20not%20configured%2C%20the%20user%20is%20prompted%20to%20provide%20detailed%20settings%20for%20their%20server.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--885560707%22%20id%3D%22toc-hId--1200820233%22%3EExchange%20ActiveSync%3C%2FH3%3E%0A%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Flegacyfs%2Fonline%2Fmedia%2FTNBlogsFS%2Fprod.evol.blogs.technet.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F31%2F06%2Fpostimages%2F4137.Win8Mail-Fig1.png%22%20original-url%3D%22http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Fcommunityserver-blogs-components-weblogfiles%2F00-00-00-31-06-postimages%2F4137.Win8Mail_2D00_Fig1.png%22%20alt%3D%22Screenshot%3A%20Exchange%20ActiveSync%20configuration%20in%20Windows%20Mail%22%20%2F%3E%3CBR%20%2F%3E%20%3CSPAN%20class%3D%22caption%22%3E%3CSPAN%20class%3D%22bold%22%3EFigure%201%3A%20Exchange%20ActiveSync%20(EAS)%20configuration%20in%20Windows%20Mail%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EFull%20details%20needed%20to%20connect%20to%20an%20Exchange%20server%20%E2%80%93%20needed%20only%20if%20Autodiscover%20failed%3C%2FP%3E%0A%3CP%3EThe%20information%20required%20to%20connect%20to%20a%20server%20via%20Exchange%20ActiveSync%20is%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EEmail%20address%3C%2FLI%3E%0A%3CLI%3EServer%20address%3C%2FLI%3E%0A%3CLI%3EDomain%3C%2FLI%3E%0A%3CLI%3EUsername%3C%2FLI%3E%0A%3CLI%3EPassword%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-857249628%22%20id%3D%22toc-hId-1286692600%22%3EIMAP%2FSMTP%3C%2FH3%3E%0A%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Flegacyfs%2Fonline%2Fmedia%2FTNBlogsFS%2Fprod.evol.blogs.technet.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F31%2F06%2Fpostimages%2F6378.Win8Mail-Fig2.png%22%20original-url%3D%22http%3A%2F%2Fblogs.technet.com%2Fcfs-filesystemfile.ashx%2F__key%2Fcommunityserver-blogs-components-weblogfiles%2F00-00-00-31-06-postimages%2F6378.Win8Mail_2D00_Fig2.png%22%20alt%3D%22Screenshot%3A%20IMAP%2FSMTP%20configuration%20in%20Windows%20Mail%22%20%2F%3E%3CBR%20%2F%3E%20%3CSPAN%20class%3D%22caption%22%3E%3CSPAN%20class%3D%22bold%22%3EFigure%202%3A%20IMAP%2FSMTP%20configuration%20in%20Windows%20Mail%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThe%20information%20required%20to%20connect%20to%20a%20server%20via%20IMAP%2FSMTP%20is%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EEmail%20address%3C%2FLI%3E%0A%3CLI%3EUsername%3C%2FLI%3E%0A%3CLI%3EPassword%3C%2FLI%3E%0A%3CLI%3EIMAP%20email%20server%3C%2FLI%3E%0A%3CLI%3EIMAP%20SSL%20%3CSPAN%20class%3D%22comment%22%3E(if%20your%20IMAP%20server%20requires%20SSL%20encryption)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3EIMAP%20port%3C%2FLI%3E%0A%3CLI%3ESMTP%20email%20server%3C%2FLI%3E%0A%3CLI%3ESMTP%20SSL%20%3CSPAN%20class%3D%22comment%22%3E(if%20your%20SMTP%20server%20requires%20SSL%20encryption)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3ESMTP%20port%3C%2FLI%3E%0A%3CLI%3EWhether%20SMTP%20server%20requires%20authentication%3C%2FLI%3E%0A%3CLI%3EWhether%20SMTP%20uses%20the%20same%20credentials%20as%20IMAP%20%3CSPAN%20class%3D%22comment%22%3E(If%20not%2C%20user%20must%20also%20provide%20SMTP%20credentials)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20id%3D%22toc-hId--1498393828%22%20id%3D%22toc-hId-1276189496%22%3ESecurity%20Features%3C%2FH2%3E%0A%3CP%3EMail%20provides%20administrators%20with%20some%20level%20of%20security%20through%20Exchange%20ActiveSync%20policies.%20It%20doesn%E2%80%99t%20support%20any%20means%20of%20managing%20or%20securing%20PCs%20that%20are%20connected%20via%20IMAP.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-47903002%22%20id%3D%22toc-hId-1966750970%22%3EPolicy%20Support%3C%2FH3%3E%0A%3CP%3EExchange%20ActiveSync%20devices%20can%20be%20managed%20using%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'Understanding%20Exchange%20ActiveSync%20Mailbox%20Policies'%20in%20Exchange%202010%20documenation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fbb123484%2528v%3Dexchg.141%2529.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20ActiveSync%20policies%3C%2FA%3E.%20Windows%208%20Mail%20supports%20the%20following%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20policies.%20%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EPassword%20required%3C%2FLI%3E%0A%3CLI%3EAllow%20simple%20password%3C%2FLI%3E%0A%3CLI%3EMinimum%20password%20length%20(to%20a%20maximum%20of%208%20characters)%3C%2FLI%3E%0A%3CLI%3ENumber%20of%20complex%20characters%20in%20password%20(to%20a%20maximum%20of%202%20characters)%3C%2FLI%3E%0A%3CLI%3EPassword%20history%3C%2FLI%3E%0A%3CLI%3EPassword%20expiration%3C%2FLI%3E%0A%3CLI%3EDevice%20encryption%20required%20(on%20Windows%20RT%20and%20editions%20of%20Windows%20that%20support%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'BitLocker%20Drive%20Encryption%20Overview'%20on%20TechNet%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc732774.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EBitLocker%3C%2FA%3E.%20See%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fhh831412.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWhat's%20New%20in%20BitLocker%3C%2FA%3E%20for%20details%20about%20BitLocker%20improvements%20in%20Windows%208.)%3C%2FLI%3E%0A%3CLI%3EMaximum%20number%20of%20failed%20attempts%20to%20unlock%20device%3C%2FLI%3E%0A%3CLI%3EMaximum%20time%20of%20inactivity%20before%20locking%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22note%22%3ENote%20that%20if%20%3CSPAN%20class%3D%22parameter%20lightyellow%22%3EAllowNonProvisionableDevices%3C%2FSPAN%3E%20is%20set%20to%20false%20in%20an%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20policy%20and%20the%20policy%20contains%20settings%20are%20not%20part%20of%20this%20list%2C%20the%20device%20won%E2%80%99t%20be%20able%20to%20connect%20to%20the%20Exchange%20server.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1075552048%22%20id%3D%22toc-hId--535866972%22%3EGetting%20into%20Compliance%3C%2FH3%3E%0A%3CP%3EMost%20of%20the%20policies%20listed%20above%20can%20be%20automatically%20enabled%20by%20Mail%2C%20but%20there%20are%20certain%20cases%20where%20the%20user%20has%20to%20take%20action%20first.%20These%20are%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EServer%20requires%20device%20encryption%3A%3C%2FSPAN%3E%3CUL%3E%0A%3CLI%3EUser%20has%20a%20device%20that%20supports%20BitLocker%20but%20BitLocker%20isn%E2%80%99t%20enabled.%20User%20must%20manually%20enable%20BitLocker.%3C%2FLI%3E%0A%3CLI%3EUser%20has%20a%20Windows%20RT%20device%20that%20supports%20device%20encryption%20but%20it%20is%20suspended.%20User%20must%20reboot.%3C%2FLI%3E%0A%3CLI%3EUser%20has%20a%20Windows%20RT%20device%20that%20supports%20device%20encryption%2C%20but%20it%20isn%E2%80%99t%20enabled.%20User%20must%20sign%20into%20Windows%20with%20a%20Microsoft%20account.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EAn%20admin%20on%20this%20PC%20doesn%E2%80%99t%20have%20a%20strong%20password%3A%3C%2FSPAN%3EAll%20admin%20accounts%20must%20have%20a%20strong%20password%20before%20continuing.%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EThe%20user%E2%80%99s%20account%20doesn%E2%80%99t%20have%20a%20strong%20password%3A%3C%2FSPAN%3EUser%20must%20set%20a%20strong%20password%20before%20continuing.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1476604913%22%20id%3D%22toc-hId-1951645861%22%3EActiveSync%20Policy%20v%2Fs%20Group%20Policy%20on%20domain-joined%20Windows%208%20devices%3C%2FH3%3E%0A%3CP%3EIf%20a%20Windows%208%20PC%20is%20joined%20to%20an%20Active%20Directory%20domain%20and%20controlled%20by%20%3CA%20class%3D%22bold%22%20title%3D%22More%20about%20Group%20Policy%20in%20Windows%20Server%20documenation%20on%20TechNet%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fwindowsserver%2Fbb310732.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EGroup%20Policy%3C%2FA%3E%2C%20there%20may%20be%20conflicting%20policy%20settings%20between%20Group%20Policy%20and%20an%20%3CA%20title%3D%22See%20'Understanding%20Exchange%20ActiveSync%20Mailbox%20Policies'%20in%20Exchange%202010%20documenation%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fbb123484%2528v%3Dexchg.141%2529.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20ActiveSync%20policy%3C%2FA%3E.%20In%20the%20event%20of%20any%20conflict%2C%20the%20strictest%20rule%20in%20either%20policy%20takes%20precedence.%20The%20only%20exception%20is%20password%20complexity%20rules%20for%20domain%20accounts.%20Group%20policy%20rules%20for%20password%20complexity%20(length%2C%20expiry%2C%20history%2C%20number%20of%20complex%20characters)%20take%20precedence%20over%20Exchange%20ActiveSync%20policies%20%E2%80%93%20even%20if%20group%20policy%20rules%20for%20password%20complexity%20are%20less%20strict%20than%20Exchange%20ActiveSync%20rules%2C%20the%20domain%20account%20will%20be%20deemed%20in%20compliance%20with%20Exchange%20ActiveSync%20policy.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-266205422%22%20id%3D%22toc-hId-144191398%22%3ERemote%20Wipe%3C%2FH3%3E%0A%3CP%3EMail%20supports%20the%20Exchange%20ActiveSync%20remote%20wipe%20directive%2C%20but%20unlike%20Windows%20Phones%2C%20the%20data%20deleted%20by%20this%20directive%20is%20scoped%20to%20the%20specified%20Exchange%20ActiveSync%20account.%20The%20user's%20personal%20data%20is%20not%20deleted.%20For%20example%2C%20if%20a%20user%20has%20an%20Outlook.com%20account%20for%20personal%20use%20and%20a%20Contoso.com%20account%20for%20work%20use%2C%20a%20remote%20wipe%20directive%20from%20the%20Contoso.com%20server%20would%20impact%20Windows%208%20and%20Windows%20Phone%207%20as%20follows%3A%3C%2FP%3E%0A%3CTABLE%20class%3D%22posttable%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%3CTH%3EData%3C%2FTH%3E%3CTH%3EWindows%20Phone%207%3C%2FTH%3E%3CTH%3EWindows%208%20Mail%3C%2FTH%3E%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EContoso.com%20email%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EContoso.com%20contacts%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EContoso.com%20calendars%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOutlook.com%20email%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOutlook.com%20contacts%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOutlook.com%20calendars%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3EOther%20documents%2C%20files%2C%20pictures%2C%20etc.%3C%2FTD%3E%0A%3CTD%3EDeleted%3C%2FTD%3E%0A%3CTD%3ENot%20deleted%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CH2%20id%3D%22toc-hId--489000180%22%20id%3D%22toc-hId--1792345784%22%3EAccount%20Roaming%3C%2FH2%3E%0A%3CP%3ETo%20make%20it%20as%20easy%20as%20possible%20for%20users%20to%20have%20all%20of%20their%20accounts%20set%20up%20on%20all%20of%20their%20devices%2C%20Windows%208%20uploads%20vital%20account%20information%20to%20the%20user%E2%80%99s%20Microsoft%20account.%20This%20information%20includes%20email%20address%2C%20server%2C%20server%20settings%2C%20and%20password.%20When%20a%20user%20signs%20into%20a%20new%20PC%20with%20their%20Microsoft%20account%2C%20their%20email%20accounts%20are%20automatically%20set%20up%20for%20them.%3C%2FP%3E%0A%3CP%3EPasswords%20are%20not%20uploaded%20from%20a%20PC%20for%20any%20accounts%20which%20are%20controlled%20by%20any%20Exchange%20ActiveSync%20policies.%20Users%20will%20have%20to%20enter%20their%20password%20to%20begin%20syncing%20a%20policy-controlled%20account%20on%20a%20new%20PC.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--543141204%22%20id%3D%22toc-hId-824249768%22%3E%3CA%20name%3D%22msaccount%22%20target%3D%22_blank%22%3E%3C%2FA%3EMicrosoft%20Accounts%3C%2FH3%3E%0A%3CP%3EUsers%20are%20required%20to%20have%20a%20%3CA%20class%3D%22bold%22%20title%3D%22See%20'What%20is%20a%20Microsoft%20account%3F'%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-live%2Fsign-in-what-is-microsoft-account%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Account%3C%2FA%3E%2C%20formerly%20known%20as%20%3CSPAN%20class%3D%22bold%22%3EWindows%20Live%20ID%3C%2FSPAN%3E%2C%20to%20use%20the%20Windows%20Communications%20apps.%20This%20will%20usually%20be%20the%20Microsoft%20account%20that%20the%20user%20is%20signed%20into%20Windows%20with%2C%20but%20if%20they%20have%20not%20done%20so%2C%20they%20will%20be%20prompted%20to%20provide%20one%20before%20proceeding.%3C%2FP%3E%0A%3CP%3EMicrosoft%20accounts%20will%20automatically%20sync%20to%20Microsoft%20services%20using%20Exchange%20ActiveSync%2014.0%20when%20Mail%20starts.%20This%20will%20synchronize%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EEmail%2C%20if%20the%20user%E2%80%99s%20Microsoft%20account%20is%20also%20their%20Hotmail%20or%20Outlook.com%20account%3C%2FLI%3E%0A%3CLI%3EContacts%20from%20Windows%20Live%3C%2FLI%3E%0A%3CLI%3ECalendar%20events%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3EIf%20the%20user%E2%80%99s%20Microsoft%20account%20is%20not%20a%20%3CA%20class%3D%22bold%22%20title%3D%22Learn%20more%20about%20Outlook.com%2C%20the%20award-winnding%20free%2C%20modern%20cloud%20email%20service%20from%20Microsoft%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows%2Foutlook%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EOutlook.com%3C%2FA%3E%20or%20Hotmail%20account%20(for%20example%2C%20%3CSPAN%20class%3D%22url%22%3Edave%40contoso.com%3C%2FSPAN%3E)%2C%20Mail%20will%20prompt%20the%20user%20to%20provide%20the%20password%20for%20their%20email%20account%2C%20which%20will%20be%20added%20automatically.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1199669131%22%20id%3D%22toc-hId--983204695%22%3EData%20Consumption%3C%2FH3%3E%0A%3CP%3EBy%20default%2C%20Mail%20only%20downloads%20the%20last%20two%20weeks%20of%20email.%20This%20is%20user%20configurable%20and%20can%20potentially%20download%20the%20user%E2%80%99s%20entire%20mailbox.%20For%20Exchange%20ActiveSync%20accounts%2C%20all%20contacts%20are%20downloaded%20and%20calendar%20events%20are%20downloaded%20only%20for%20three%20months%20behind%20the%20current%20date%20and%2018%20months%20ahead.%3C%2FP%3E%0A%3CP%3EAdditionally%2C%20messages%20are%20only%20partially%20downloaded%20to%20reduce%20bandwidth%20use%20as%20follows%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EMessage%20bodies%20are%20truncated%20to%20the%20first%20100KB%20(20KB%20on%20metered%20networks).%20For%20more%20details%20see%20Engineering%20Windows%208%20for%20mobile%20networks.%3C%2FLI%3E%0A%3CLI%3EAttachments%20are%20not%20downloaded%20automatically.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3EEmbedded%20images%20in%20email%20messages%20are%20downloaded%20on-demand%20as%20the%20user%20reads%20them%2C%20and%20attachments%20are%20downloaded%20on-demand%20as%20the%20user%20attempts%20to%20open%20them.%3C%2FP%3E%0A%3CP%3EBy%20default%2C%20Mail%20only%20downloads%20the%20user%E2%80%99s%20Inbox%20and%20Sent%20folders.%20Other%20folders%20are%20downloaded%20once%20the%20user%20accesses%20them%20for%20the%20first%20time.%3C%2FP%3E%0A%3CP%3EMail%20does%20not%20enforce%20any%20limits%20on%20how%20many%20or%20large%20of%20attachments%20users%20can%20send.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-444463529%22%20id%3D%22toc-hId-1375225419%22%3ELimitations%3C%2FH2%3E%0A%3CP%3EThe%20following%20features%20are%20currently%20not%20supported%20by%20Mail%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EMailbox%20connections%20using%20%3CACRONYM%20title%3D%22Post%20Office%20Protocol%22%3EPOP%3C%2FACRONYM%3E%3A%3C%2FSPAN%3E%26nbsp%3B%20%3CACRONYM%20title%3D%22Internet%20Mail%20Access%20Protocol%22%3EIMAP%3C%2FACRONYM%3E%20and%20%3CACRONYM%20title%3D%22Exchange%20ActiveSync%22%3EEAS%3C%2FACRONYM%3E%20are%20supported.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22italic%22%3E(Note%2C%20this%20does%20not%20mean%20that%20Windows%208%20does%20not%20support%20POP3.%20This%20post%20is%20about%20the%20Windows%208%20Mail%20app.%20)%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EServers%20that%20require%20self-signed%20certificates%3A%3C%2FSPAN%3E%20Users%20can%20work%20around%20the%20self-signed%20certificate%20limitation%20by%20manually%20installing%20the%20certificate%20on%20their%20Windows%208%20or%20Windows%20RT%20device.%20For%20additional%20information%20about%20the%20self-signed%20certificates%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22%23selfsigned%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESelf-Signed%20Certificates%3C%2FA%3E%20section%20below.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EOpaque-Signed%20and%20Encrypted%20S%2FMIME%20messages%3A%3C%2FSPAN%3E%20When%20%3CACRONYM%20title%3D%22Secure%2FMultipurpose%20Internet%20Mail%20Extension%22%3ES%2FMIME%3C%2FACRONYM%3E%20messages%20are%20received%20in%20Windows%208%20Mail%2C%20it%20displays%20an%20email%20item%20with%20a%20message%20body%20that%20begins%20with%20%E2%80%9CThis%20encrypted%20message%20can%E2%80%99t%20be%20displayed.%E2%80%9D%3C%2FP%3E%0A%3CP%3ETo%20view%20email%20items%20in%20the%20S%2FMIME%20format%2C%20users%20must%20open%20the%20message%20using%20Outlook%20Web%20App%2C%20Microsoft%20Outlook%2C%20or%20another%20email%20program%20that%20supports%20S%2FMIME%20messages.%20For%20more%20information%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fee159350(v%3Dexchg.80).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EOpaque-Signed%20and%20Encrypted%20S%2FMIME%20Message%3C%2FA%3Eon%20MSDN.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-390322505%22%20id%3D%22toc-hId--303146325%22%3E%3CA%20name%3D%22selfsigned%22%20target%3D%22_blank%22%3E%3C%2FA%3ESelf-Signed%20Certificates%3C%2FH3%3E%0A%3CP%3EUsers%20may%20experience%20connectivity%20errors%20when%20trying%20to%20connect%20to%20an%20Exchange%20servers%20that%20require%20self-signed%20certificates.%20The%20user%20may%20receive%20the%20following%20error%20messages.%3C%2FP%3E%0A%3CBLOCKQUOTE%20class%3D%22blockquote2%22%3E%0A%3CP%3EUnable%20to%20connect.%20Ensure%20the%20information%20entered%20is%20correct.%3C%2FP%3E%0A%3CP%3E%3CEMAIL%20address%3D%22%22%3E%20is%20unavailable%3C%2FEMAIL%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3E%20This%20issue%20may%20occur%20because%20the%20Mail%20app%20cannot%20connect%20to%20Exchange%20by%20using%20self-signed%20certificates.%3C%2FP%3E%0A%3CP%3EConsider%20the%20following%20options%20to%20resolve%20this%20issue.%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%3COL%20class%3D%22nobullet%22%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EOption%201%3A%20Install%20a%20certificate%20that%20is%20signed%20by%20a%20Microsoft-trusted%20root%20certification%20authority%20(CA)%20on%20the%20server%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20enables%20Exchange%20to%20work%20for%20all%20clients%20without%20prompting.%20For%20more%20information%20about%20the%20trust%20root%20CAs%2C%20see%20the%20following%20topics%20on%20TechNet%3A%3C%2FP%3E%0A%3CUL%20class%3D%22nobullet%22%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F3281.introduction-to-the-microsoft-root-certificate-program.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Root%20Certificate%20Program%20overview%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fcontrolpanel%2Fblogs%2Fposteditor.aspx%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Root%20Certificate%20Program%20-%20Members%20List%20(All%20CAs)%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EOption%202%3A%20Install%20a%20server%E2%80%99s%20self-signed%20certificate%20on%20a%20device%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20enables%20Exchange%20to%20work%20for%20Windows%208%20devices%20that%20have%20the%20certificate%20installed.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22bold%22%3ENote%3C%2FSPAN%3E%20To%20install%20a%20self-signed%20certificate%20for%20a%20domain%E2%80%99s%20certification%20authority%2C%20the%20administrator%20must%20provide%20a%20certificate%20file%20(.cer).%20The%20certificate%20can%20be%20installed%20to%20the%20trusted%20root%20certificate%20authority%20store%20for%20either%20of%20the%20following%20options%3A%3C%2FP%3E%0A%3CUL%20class%3D%22nobullet%22%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EFor%20the%20current%20user%3C%2FSPAN%3EThis%20option%20does%20not%20require%20admin%20rights%20but%20must%20be%20completed%20for%20each%20user%20on%20the%20device.%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22bold%22%3EFor%20the%20local%20device%3C%2FSPAN%3EThis%20option%20requires%20administrator%20rights%20and%20needs%20to%20be%20done%20only%20one%20time%20for%20a%20device.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20user%20or%20the%20system%20administrator%20can%20use%20the%20.cer%20file%20to%20install%20the%20certificate.%20To%20do%20this%2C%20use%20one%20of%20the%20following%20methods%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3ECommand-line%20tool%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAt%20an%20elevated%20command%20prompt%2C%20run%20the%20following%20command%3A%3C%2FP%3E%0A%3CP%20class%3D%22code%22%3Ecertutil.exe%20-f%20-addstore%20root%20%3CNAME_OF_CERTIFICATEFILE%3E.cer%3C%2FNAME_OF_CERTIFICATEFILE%3E%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ENOTE%3C%2FSPAN%3EThe%20command%20installs%20the%20certificate%20for%20all%20users%20on%20the%20device.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22bold%22%3EUser%20interface%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EDouble-click%20the%20certificate%20file.%20A%20certificate%20dialog%20opens.%3C%2FLI%3E%0A%3CLI%3EClick%20Install%20Certificate.%20A%20Certificate%20Import%20Wizard%20window%20opens.%3C%2FLI%3E%0A%3CLI%3ESelect%20the%20option%20to%20install%20the%20certificate%20for%20only%20the%20current%20user%20or%20for%20the%20local%20device.%3C%2FLI%3E%0A%3CLI%3ESelect%20Place%20all%20certificates%20in%20the%20following%20store%3C%2FLI%3E%0A%3CLI%3EClick%20Browse%20to%20open%20the%20store%20selection%20dialog.%20Select%20Trusted%20Root%20Certification%20Authorities.%3C%2FLI%3E%0A%3CLI%3ESelect%20the%20store%2C%20and%20then%20click%20Ok.%20You%20are%20returned%20to%20Certificate%20Import%20Wizard%20dialog%2C%20and%20the%20certificate%20store%20and%20certificate%20to%20be%20installed%20into%20that%20store%20are%20displayed.%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20id%3D%22toc-hId--364883097%22%20id%3D%22toc-hId-2055283789%22%3ETroubleshooting%20Windows%208%20Mail%20Client%20Connectivity%3C%2FH2%3E%0A%3CP%3EIf%20Windows%208%20Mail%20users%20can't%20successfully%20connect%20to%20their%20accounts%2C%20consider%20the%20following%3A%3C%2FP%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3EVerify%20that%20the%20user%20is%20using%20the%20latest%20version%20of%20the%20Windows%208%20Mail%20app.%20A%20user%20can%20check%20for%20updates%20to%20the%20Windows%208%20Mail%20app%20by%20doing%20the%20following%3A%20from%20the%20Start%20screen%2C%20go%20to%20Store%20%26gt%3B%20Settings%20%26gt%3B%20App%20updates%20%26gt%3B%20Check%20for%20updates.%3C%2FLI%3E%0A%3CLI%3EThe%20user%20should%20wait%20a%20few%20minutes%20and%20try%20again.%3C%2FLI%3E%0A%3CLI%3EIf%20the%20account%20is%20a%20cloud-based%20email%20account%20that%20requires%20registration%20(for%20example%2C%20a%20Microsoft%20Office%20365%20account)%2C%20the%20user%20must%20register%20their%20account%20before%20they%20can%20set%20up%20their%20account%20in%20Windows%208%20Mail.%20If%20the%20user%20is%20a%20Microsoft%20Office%20365%20user%2C%20they%20register%20their%20account%20when%20they%20sign%20in%20to%20Office%20365%20for%20the%20first%20time.%20If%20the%20user%20is%20not%20an%20Office%20365%20user%2C%20the%20user%20registers%20their%20account%20when%20they%20sign%20in%20to%20their%20account%20using%20Microsoft%20account%20or%20Outlook%20Web%20App.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22note%22%3E%3CSPAN%20class%3D%22bold%22%3ETIP%3C%2FSPAN%3E%20The%20user%20will%20see%20the%20following%20message%20if%20they%20haven't%20registered%20their%20account.%20In%20Windows%208%20Mail%2C%20you%20will%20see%20the%20following%20message%3A%20%3CBR%20%2F%3E%20%E2%80%9CWe%20couldn%E2%80%99t%20find%20the%20settings%20for.%20Provide%20use%20with%20more%20info%20and%20we%E2%80%99ll%20try%20connecting%20again.%E2%80%9D%3C%2FP%3E%0A%3CP%3EFor%20information%20about%20signing%20into%20Outlook%20Web%20App%20or%20the%20Office%20365%20Portal%2C%20see%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Foffice.microsoft.com%2Fen-us%2Fsupport%2Fsign-in-to-outlook-web-app-HA102821290.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESign%20In%20to%20Outlook%20Web%20App%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EAfter%20the%20user%20signs%20in%20to%20your%20account%20using%20Outlook%20Web%20App%2C%20the%20user%20should%20sign%20out%2C%20and%20then%20try%20to%20connect%20using%20Windows%208%20Mail.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1377927238%22%20id%3D%22toc-hId-247829326%22%3E%3CA%20name%3D%22whatelse%22%20target%3D%22_blank%22%3E%3C%2FA%3EWhat%20else%20do%20I%20need%20to%20know%3F%3C%2FH2%3E%0A%3CUL%20class%3D%22arrowlist%22%3E%0A%3CLI%3E%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Foffice.microsoft.com%2Fen-us%2Fweb-apps-help%2Fset-up-email-in-windows-8-mail-HA102834576.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESet%20up%20email%20in%20Windows%208%20Mail%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Fwindows-8%2Fmail-faq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMail%3A%20Frequently%20asked%20questions%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22kblink%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2784275%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2784275%3C%2FA%3EHow%20to%20configure%20an%20Exchange%20account%20and%20how%20to%20troubleshoot%20Exchange%20account%20connectivity%20issues%20in%20the%20Mail%20app%20in%20Windows%208%20and%20Windows%20RT%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22kblink%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2792112%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2792112%3C%2FA%3E80070057%20error%2C%20and%20Windows%20Phone%208%20cannot%20sync%20with%20Microsoft%20Exchange%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22kblink%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2464593%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2464593%3C%2FA%3EError%2085010013%2C%208600C2B%2C%20or%2086000C29%20when%20you%20try%20to%20synchronize%20a%20Windows%20Phone-based%20device%20to%20an%20Exchange%20server%3C%2FLI%3E%0A%3CLI%3EYou%20may%20also%20find%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fblogs.msdn.com%2Fb%2Fb8%2Farchive%2F2012%2F06%2F14%2Fbuilding-the-mail-app.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EBuilding%20the%20Mail%20app%3C%2FA%3E%20on%20the%20Building%20Windows%208%20blog%20of%20interest.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CDIV%20class%3D%22note%22%20style%3D%22margin-top%3A%201.5em%3B%22%3E%0A%3CH3%20id%3D%22toc-hId--731902415%22%20id%3D%22toc-hId--732380477%22%3EUpdates%3C%2FH3%3E%0A%3CUL%20class%3D%22nobullet%22%3E%0A%3CLI%3E11%2F26%2F2012%3A%20Updated%20info%20about%20%3CSPAN%20class%3D%22parameter%22%3EAllowNonProvisionableDevices%3C%2FSPAN%3E%20setting%20in%20EAS%20policies.%3C%2FLI%3E%0A%3CLI%3E11%2F27%2F2012%3A%20Added%20links%20to%20EAS%20policy%20documentation.%3C%2FLI%3E%0A%3CLI%3E11%2F27%2F2012%3A%20Added%20info%20about%20Public%20Folder%20support%20in%20IMAP%20and%20link%20to%20IMAP%20documentation.%3C%2FLI%3E%0A%3CLI%3E12%2F3%2F2012%3A%20Added%20link%20to%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fblogs.msdn.com%2Fb%2Fb8%2Farchive%2F2012%2F06%2F14%2Fbuilding-the-mail-app.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EBuilding%20the%20Mail%20app%3C%2FA%3E%20on%20the%20Building%20Windows%208%20blog.%3C%2FLI%3E%0A%3CLI%3E12%2F21%2F2012%3A%20Added%20links%20to%20KB%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2784275%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2784275%3C%2FA%3E%2C%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2792112%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2792112%3C%2FA%3E%20and%20%3CA%20class%3D%22bold%22%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F2464593%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E2464593%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3E2%2F20%2F2013%3A%20Added%20note%20about%20Certificate-base%20authentication%20of%20clients%20for%20Exchange%20ActiveSync%20not%20being%20supported.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-597403%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EClient%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emobility%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E

Windows 8 and Windows RT include a built-in email app named Mail (also referred to as Windows 8 Mail or the Windows 8 Mail app). The Windows 8 Mail app includes support for IMAP and Exchange ActiveSync (EAS) accounts.

This article includes some key technical details of the Windows 8 Mail app. Use the information to help you support the use of Windows 8 Mail app in your organization. Read this article start to finish, or jump to the topic that interests you. Use the reference links throughout the article for more information.

NOTE Mail, Calendar, People, and Messaging are apps that are built in to Windows 8 and Windows RT. Although this article discusses the Windows 8 Mail app, please note that much of the information in this article also applies to the Calendar, People, and Messaging apps. This is because, when connected to a server that supports Exchange ActiveSync, the Calendar, and People apps may also display data that was downloaded over the Exchange ActiveSync connection.

Protocol Support

The Windows 8 Mail app lets users connect to any service provider that supports either of the following two protocols:

  • Exchange ActiveSync
  • IMAP/SMTP

POP is not currently supported.

Exchange ActiveSync

Exchange ActiveSync can be used to sync data for email, contacts, and calendar. The Windows 8 Mail app supports EAS versions 2.5, 12.0, 12.1, and 14.0. For detailed protocol documentation, see Exchange Sever Protocol Documents on MSDN.

NOTE All Windows Communications apps (Mail, Calendar, and People) can use the data that is synchronized with Exchange ActiveSync. After a user connects to their account in the Windows 8 Mail app, their contacts and calendar data are available in the other Windows Communications Apps and vice versa.

The Mail app does not support certificate-based authentication of clients for Exchange ActiveSync.

IMAP/SMTP

The Windows 8 Mail app supports the following IMAP and SMTP standards:

IMAP/SMTP can be used to send and receive email only. Contacts data and calendar data is not synchronized when IMAP/SMTP is used. Microsoft Exchange does not support Public Folders via IMAP. For more details about IMAP support in Exchange, see POP3 and IMAP4 (for Exchange 2010, see Understanding POP3 and IMAP4).

Sync Configuration

The Windows 8 Mail app can be configured to synchronize data at different times as follows:

  • Push email (default)
  • Polling at fixed intervals
  • Manually

If a push email connection can’t be established, it will automatically switch to poll at fixed intervals.

Push Email

Push email requires that accounts are either Exchange ActiveSync (which all support Push) or IMAP with the IDLE extension. Not all IMAP servers support IDLE, and it is supported only for the Inbox folder.

When a push connection can’t be established, Mail will change to polling on 30 minute intervals. Push email on Exchange ActiveSync requires that HTTP connections must be maintained for up to 60 minutes, and IMAP IDLE requires TCP connections to be maintained for up to 30 minutes.

Account Setup Features

Windows 8 and Windows RT users can add email accounts to the Windows 8 Mail app using the Settings charm. The Settings charm is always available on the right side of the Windows 8 and Windows RT screen. (For more visual details about Charms & the Windows 8 user interface, see Search, share & more.)

NOTE This section provides an overview of Windows 8 Mail app account setup. For step-by-step procedures for setting up an account in the Windows 8 Mail app, see What else do I need to know? at the end of this guide.

To make it as easy as possible to add accounts, account setup only prompts the user to enter the email address and password for the account they want to set up. From that data, Mail attempts to automatically configure the account as follows:

  • The domain portion of the email address is matched against a database of well-known service providers. If it’s a match, its settings are automatically configured.
  • The domain portion of the email address is used to execute Exchange ActiveSync Autodiscover processes. For detailed information, see Autodiscover HTTP Service Protocol Specification on MSDN.
  • If still not configured, the user is prompted to provide detailed settings for their server.

Exchange ActiveSync

Screenshot: Exchange ActiveSync configuration in Windows Mail
Figure 1: Exchange ActiveSync (EAS) configuration in Windows Mail

Full details needed to connect to an Exchange server – needed only if Autodiscover failed

The information required to connect to a server via Exchange ActiveSync is:

  • Email address
  • Server address
  • Domain
  • Username
  • Password

IMAP/SMTP

Screenshot: IMAP/SMTP configuration in Windows Mail
Figure 2: IMAP/SMTP configuration in Windows Mail

The information required to connect to a server via IMAP/SMTP is:

  • Email address
  • Username
  • Password
  • IMAP email server
  • IMAP SSL (if your IMAP server requires SSL encryption)
  • IMAP port
  • SMTP email server
  • SMTP SSL (if your SMTP server requires SSL encryption)
  • SMTP port
  • Whether SMTP server requires authentication
  • Whether SMTP uses the same credentials as IMAP (If not, user must also provide SMTP credentials)

Security Features

Mail provides administrators with some level of security through Exchange ActiveSync policies. It doesn’t support any means of managing or securing PCs that are connected via IMAP.

Policy Support

Exchange ActiveSync devices can be managed using Exchange ActiveSync policies. Windows 8 Mail supports the following EAS policies. :

  • Password required
  • Allow simple password
  • Minimum password length (to a maximum of 8 characters)
  • Number of complex characters in password (to a maximum of 2 characters)
  • Password history
  • Password expiration
  • Device encryption required (on Windows RT and editions of Windows that support BitLocker. See What's New in BitLocker for details about BitLocker improvements in Windows 8.)
  • Maximum number of failed attempts to unlock device
  • Maximum time of inactivity before locking

Note that if AllowNonProvisionableDevices is set to false in an EAS policy and the policy contains settings are not part of this list, the device won’t be able to connect to the Exchange server.

Getting into Compliance

Most of the policies listed above can be automatically enabled by Mail, but there are certain cases where the user has to take action first. These are:

  • Server requires device encryption:
    • User has a device that supports BitLocker but BitLocker isn’t enabled. User must manually enable BitLocker.
    • User has a Windows RT device that supports device encryption but it is suspended. User must reboot.
    • User has a Windows RT device that supports device encryption, but it isn’t enabled. User must sign into Windows with a Microsoft account.
  • An admin on this PC doesn’t have a strong password: All admin accounts must have a strong password before continuing.
  • The user’s account doesn’t have a strong password: User must set a strong password before continuing.

ActiveSync Policy v/s Group Policy on domain-joined Windows 8 devices

If a Windows 8 PC is joined to an Active Directory domain and controlled by Group Policy, there may be conflicting policy settings between Group Policy and an Exchange ActiveSync policy. In the event of any conflict, the strictest rule in either policy takes precedence. The only exception is password complexity rules for domain accounts. Group policy rules for password complexity (length, expiry, history, number of complex characters) take precedence over Exchange ActiveSync policies – even if group policy rules for password complexity are less strict than Exchange ActiveSync rules, the domain account will be deemed in compliance with Exchange ActiveSync policy.

Remote Wipe

Mail supports the Exchange ActiveSync remote wipe directive, but unlike Windows Phones, the data deleted by this directive is scoped to the specified Exchange ActiveSync account. The user's personal data is not deleted. For example, if a user has an Outlook.com account for personal use and a Contoso.com account for work use, a remote wipe directive from the Contoso.com server would impact Windows 8 and Windows Phone 7 as follows:

DataWindows Phone 7Windows 8 Mail
Contoso.com email Deleted Deleted
Contoso.com contacts Deleted Deleted
Contoso.com calendars Deleted Deleted
Outlook.com email Deleted Not deleted
Outlook.com contacts Deleted Not deleted
Outlook.com calendars Deleted Not deleted
Other documents, files, pictures, etc. Deleted Not deleted

Account Roaming

To make it as easy as possible for users to have all of their accounts set up on all of their devices, Windows 8 uploads vital account information to the user’s Microsoft account. This information includes email address, server, server settings, and password. When a user signs into a new PC with their Microsoft account, their email accounts are automatically set up for them.

Passwords are not uploaded from a PC for any accounts which are controlled by any Exchange ActiveSync policies. Users will have to enter their password to begin syncing a policy-controlled account on a new PC.

Microsoft Accounts

Users are required to have a Microsoft Account, formerly known as Windows Live ID, to use the Windows Communications apps. This will usually be the Microsoft account that the user is signed into Windows with, but if they have not done so, they will be prompted to provide one before proceeding.

Microsoft accounts will automatically sync to Microsoft services using Exchange ActiveSync 14.0 when Mail starts. This will synchronize:

      • Email, if the user’s Microsoft account is also their Hotmail or Outlook.com account
      • Contacts from Windows Live
      • Calendar events

If the user’s Microsoft account is not a Outlook.com or Hotmail account (for example, dave@contoso.com), Mail will prompt the user to provide the password for their email account, which will be added automatically.

Data Consumption

By default, Mail only downloads the last two weeks of email. This is user configurable and can potentially download the user’s entire mailbox. For Exchange ActiveSync accounts, all contacts are downloaded and calendar events are downloaded only for three months behind the current date and 18 months ahead.

Additionally, messages are only partially downloaded to reduce bandwidth use as follows:

        • Message bodies are truncated to the first 100KB (20KB on metered networks). For more details see Engineering Windows 8 for mobile networks.
        • Attachments are not downloaded automatically.

Embedded images in email messages are downloaded on-demand as the user reads them, and attachments are downloaded on-demand as the user attempts to open them.

By default, Mail only downloads the user’s Inbox and Sent folders. Other folders are downloaded once the user accesses them for the first time.

Mail does not enforce any limits on how many or large of attachments users can send.

Limitations

The following features are currently not supported by Mail:

  • Mailbox connections using POP:  IMAP and EAS are supported.

    (Note, this does not mean that Windows 8 does not support POP3. This post is about the Windows 8 Mail app. )

  • Servers that require self-signed certificates: Users can work around the self-signed certificate limitation by manually installing the certificate on their Windows 8 or Windows RT device. For additional information about the self-signed certificates, see Self-Signed Certificates section below.

  • Opaque-Signed and Encrypted S/MIME messages: When S/MIME messages are received in Windows 8 Mail, it displays an email item with a message body that begins with “This encrypted message can’t be displayed.”

    To view email items in the S/MIME format, users must open the message using Outlook Web App, Microsoft Outlook, or another email program that supports S/MIME messages. For more information, see Opaque-Signed and Encrypted S/MIME Message on MSDN.

Self-Signed Certificates

Users may experience connectivity errors when trying to connect to an Exchange servers that require self-signed certificates. The user may receive the following error messages.

Unable to connect. Ensure the information entered is correct.

<Email address> is unavailable

NOTE This issue may occur because the Mail app cannot connect to Exchange by using self-signed certificates.

Consider the following options to resolve this issue.

    1. Option 1: Install a certificate that is signed by a Microsoft-trusted root certification authority (CA) on the server

      This enables Exchange to work for all clients without prompting. For more information about the trust root CAs, see the following topics on TechNet:

    2. Option 2: Install a server’s self-signed certificate on a device

      This enables Exchange to work for Windows 8 devices that have the certificate installed.

Note To install a self-signed certificate for a domain’s certification authority, the administrator must provide a certificate file (.cer). The certificate can be installed to the trusted root certificate authority store for either of the following options:

  • For the current user This option does not require admin rights but must be completed for each user on the device.
  • For the local device This option requires administrator rights and needs to be done only one time for a device.

The user or the system administrator can use the .cer file to install the certificate. To do this, use one of the following methods:

  • Command-line tool

    At an elevated command prompt, run the following command:

    certutil.exe -f -addstore root <name_of_certificatefile>.cer

    NOTE The command installs the certificate for all users on the device.

  • User interface

    1. Double-click the certificate file. A certificate dialog opens.
    2. Click Install Certificate. A Certificate Import Wizard window opens.
    3. Select the option to install the certificate for only the current user or for the local device.
    4. Select Place all certificates in the following store
    5. Click Browse to open the store selection dialog. Select Trusted Root Certification Authorities.
    6. Select the store, and then click Ok. You are returned to Certificate Import Wizard dialog, and the certificate store and certificate to be installed into that store are displayed.

Troubleshooting Windows 8 Mail Client Connectivity

If Windows 8 Mail users can't successfully connect to their accounts, consider the following:

  • Verify that the user is using the latest version of the Windows 8 Mail app. A user can check for updates to the Windows 8 Mail app by doing the following: from the Start screen, go to Store > Settings > App updates > Check for updates.
  • The user should wait a few minutes and try again.
  • If the account is a cloud-based email account that requires registration (for example, a Microsoft Office 365 account), the user must register their account before they can set up their account in Windows 8 Mail. If the user is a Microsoft Office 365 user, they register their account when they sign in to Office 365 for the first time. If the user is not an Office 365 user, the user registers their account when they sign in to their account using Microsoft account or Outlook Web App.

TIP The user will see the following message if they haven't registered their account. In Windows 8 Mail, you will see the following message:
“We couldn’t find the settings for. Provide use with more info and we’ll try connecting again.”

For information about signing into Outlook Web App or the Office 365 Portal, see Sign In to Outlook Web App.

After the user signs in to your account using Outlook Web App, the user should sign out, and then try to connect using Windows 8 Mail.

What else do I need to know?

Updates

  • 11/26/2012: Updated info about AllowNonProvisionableDevices setting in EAS policies.
  • 11/27/2012: Added links to EAS policy documentation.
  • 11/27/2012: Added info about Public Folder support in IMAP and link to IMAP documentation.
  • 12/3/2012: Added link to Building the Mail app on the Building Windows 8 blog.
  • 12/21/2012: Added links to KB 2784275, 2792112 and 2464593.
  • 2/20/2013: Added note about Certificate-base authentication of clients for Exchange ActiveSync not being supported.
84 Comments
Not applicable

Two issues I've found.

1. The autodiscover doesn't work, at least when using SRV records. The testexchangeconnectivity.com site says the domain is configured correctly.

2. Non administrators cannot proceed when there are policies set (password required policies) the app informs you the user needs to be an administrator to continue, which is a little strange. Surely a non admin should be able to hookup their email etc. It would be better a lot easier if you could set Exchange 2010 not to apply policies to Windows8 devices.

Not applicable

Does the Windows 8 Mail Client work with client certificate-based authentication?

Windows 8 Phone and Windows Phone 7 work fine, but I have not had any  success so far with the Windows 8 Mail Client.

Not applicable

Same question as Alginald, does the Windows 8 Mail Client work with client certificate-based authentication?

I can never get it to work. Where are the logs for troubleshooting if the connection fails?

Not applicable

This is a great article, very helpfull. The only thing I'm missing is: where can we find the logfiles to further troubleshoot issues?

Not applicable

It doesn't work with our Exchange server. Going to www.testexchangeconnectivity.com results in a green pass. Our mobile devices work, but not Windows 8 mail.

Not applicable

Why the heck do the Communications apps REQUIRE a Microsoft account? I don't care about the syncing settings stuff, this makes absolutely no sense and makes distributing a device with these apps difficult. I don't care that Messages doesn't work because all I want in Mail and Calendar is my Exchange account!

Not applicable

The Windows 8 Mail app is no good. It is constantly having problems synching to Exchange in our company. By far the most complained about Modern UI app. It doesn't handle multiple mailboxes well, especially the notifications. It appears to lose IMAP-related e-mail like our users GMAIL mailboxes. Windows 8 mail is making all of us in IT look bad.

On the flip side, the Outlook 2013 application looks like all the color was removed and the 3d effects are gone. The integrated search is now missing and the notifications are non-interactive.

Basically the Windows 8 mail app is too basic and doesn't appear to work. The new full Outlook client looks like a major step backwards as well. We're forced to stick with Windows 7 and Outlook 2010 for now.

Not applicable

Looks complicated. Too complicated for most users to figure out and/or troubleshoot.

What I want to know is why I am forced to use a Microsoft Hotmail and/or outlook account to set up my mail in Windows 8. It forces me to use an account I don't want to use just to set up my mail. How can we get around this limitation?

Not applicable

Can someone put this article into plain English? I can't get my Surface device to connect to my Exchange 2010 service, but I can't understand this article. For example, I don't understand what an "IMAP SSL" is

Not applicable

Can the Mail App see Exchange Public folders?

Not applicable

@Plain English please: By default, IMAP listens on well-known

port 143 If your mail server has IMAP over SSL (IMAPS) enabled, it typically listens on the well-known

port 993. (Both ports TCP, but you don't need to specify that when configuring Mail). You must configure Windows 8 Mail with either IMAP or IMAP over SSL settings to access mail from your IMAP mailbox server.

This article is meant for IT pros to support Windows 8 Mail in organizations. You can find more details about IMAP4 in the IMAP RFC linked in the article. There are plenty of other great

resources for IMAP info on the web, including

Wikipedia.

Not applicable

@Don: Microsoft Exchange does not support Public Folder access over IMAP. See

Understanding POP3 and IMAP4 in Exchange2010 documentation.

Not applicable

@AM: Most organizations don't allow unmanaged devices (devices with no policies). Exchange ActiveSync policies are applied to mailbox users and thus applicable to all

EAS devices your users use. You can't exempt a specific device from EAS policies. You can use device access rules to allow, block or quarantine devices. See

Controlling Exchange ActiveSync device access using the Allow/Block/Quarantine list for details.

If you want to allow devices to connect without restrictions, you can modify the EAS policy (applicable to users - the default EAS policy if you haven't created any custom policies) to disable most settings. See

Understanding Exchange ActiveSync Mailbox Policies in Exchange 2010 documentation for details.

Not applicable

Bharat,

I'm still confused. I have no idea what you mean when you say "port 993". Are you on another planet?You might as well be speaking Latin. I talked with my IT folk and they say that Mail should not be using "IMAP" to connect to our Exchange. It should be using "Active Synch". It should not be prompting for a certificate either.

So, how do I fix it? please state things in plain English as I have no idea what you're talking about. All I want to do is get our Exchange mail application to work with my Windows Surface tablet I bought. Occur Exchange works with iPhones, iPads, Android Jelly Bean, Macs, and all the other devices. But it does not work with your own surface device.

Not applicable

@Plain English please: This blog is for IT pros and this post states the target audience (it's a technical post). End-users may find the technical details confusing. You should have your IT folks read this to get the info they need to support Windows 8 Mail users.

You can use Exchange ActiveSync - in which case you don't need to worry about IMAP4 or port numbers! See the articles linked in "What else do I need to know?" at the bottom of the post.

Not applicable

Can configuration of accounts be automated?

Not applicable

We are having the same problems as everyone else. We are on the verge of completely banning all Windows 8 and Windows RT devices. They are proving to be a complete pain all around. Much more difficult to manage than Windows 7.

social.technet.microsoft.com/.../b7d52f12-ea1c-489c-865d-0fffac470dfa

Not applicable

Mail 8 is having problems connecting to Exchange. I get the same "unable to connect ensure the information is correct" whenever I try to get a users RT device to connect, but their iPhone works perfectly. We've never had any issues with connecting to Exchange until Windows Mail 8. That's the only application or device with problems.

social.technet.microsoft.com/.../64e26b46-4135-46f2-aee2-bff1e59931f7

Not applicable

@IMAP in Windows 8 Mail is completely FUBAR!!: The post you linked to is about Outlook 2013. Are you seeing the same issue in Mail?

Not applicable

Metro e-mail has to be the worst programmed, most basic e-mail application ever. It is embarrassing. To launch this travesty as the defacto e-mail client for Windows 8 and Windows RT devices is really just spitting in your users faces. You can't even select multiple items at the same time, imap connectivity loses mail constantly, and it forces you to use a MS_based account to force advertisements on you. If you have no account configured it just opens up with a blank white screen and you have to somehow figure out that you need to select the charms option. Finally, it doesn't connect to Exchange 2010 even with service pack 2 and the latest rollup 4 version 2 applied. A whale of a fail. Even Pine is better than the Metro e-mail client. At least Pine works.

Not applicable

It also seems that one cannot change the reply from e-mail address in Windows 8 Mail. I'm forced to reply using my Hotmail address and cannot change it to my business address. I have to copy the whole message and create a new one if I want to reply from a different e-mail address. This is not a good utility.

Not applicable

Still waiting for a reply regarding certificate-based authentication. Or will this question be "safely ignored", as nobody tested it, so nobody knows? At least let us know if it may be available in a future update of the Mail App, it's not rocket science.

Not applicable

Mail appears to simply not work with our Exchange infrastructure that uses HTTPS. My Windows Phone connects and downloads mail, the OAB, and everything just fine. My iPad does the same (running iOS 6. Mail doesn't appear to be able to connect at all. Did anyone test this before releasing it? Is there an update coming soon that will fix this problem?

Not applicable

@Alginald and others who asked about certificate-based authentication in Windows 8 Mail: The Windows Mail team is validating this. We'll update this post when we hear back.

@It does not work: It'd be safe to guess that almost all Exchange servers published to the Internt (for EAS) use SSL. My personal experience - I've tried it many times with different Exchange servers in different on-premises Orgs and in Exchange Online. I haven't had any issue at all connecting or syncing. You may need to contact Support to get help with a specific issue.

Not applicable

Cannot make windows 8 mail autodiscover work for us because it uses HTTP protocol and not HTTPS as we require. Any news on that?

Not applicable

None of the steps above work for me. I cannot get the Metro mail client to connect to Exchange. the testexchangeconnect site returns a green checkbox when I test. Outlook works too. The only tool that does not work is Metro mail.

Is Metro mail designed to work with RPC/HTTP and certificates on Exchange? It doesn't appear to work for me either.

Not applicable

@Robert Miner: As indicated in the post, Mail only works with Exchange ActiveSync and IMAP4. RPC over HTTP is an Outlook feature.

Not applicable

Whatever the case, I cannot get it to work. I've loaded the trial version of Office/Outlook 2010 on the desktop and that works with no issue. Metro mail does not work for our configuration.

Also, can you clarify why we have to set up a separate Hotmail account to get Metro mail to set up a business profile?

Not applicable

Is it true that flagging of E-Mails is not supported? I can't find the function.

Not applicable

@Robert Miner: Please contact Support for resolving specific issues.

As stated in the Microsoft Accounts section in this post:

Users are required to have a Microsoft Account, formerly known as Windows Live ID, to use the Windows Communications apps.

Not applicable

@Bharat Suneja: That's all fine and dandy, but why? Why do I need a Microsoft account to use an e-mail application to connect to my Exchange server? I don't see any explanation being offered as to why this is a requirement, nor how it helps me in any way to now have to manage two accounts in Metro to use the application. Is Microsoft tracking my e-mails or harvesting data from my device? I can see no other reason for this requirement other than Microsoft wants to snoop on my activities.

Not applicable

We have followed all of the supported security settings on our Exchange 2007 EAS policy and we still cannot get the mail app to work on Windows 8 RT or Windows 8 Pro.  It always says "This PC can't meet the security requirements...."  Can anyone help with this?  We require device encryption, passwords, and do not all non provisionable devices.

Not applicable

@Robert Miner: The post does explain what the Microsoft account is used for, but your (and others') feedback on making this optional and not a requirement has been passed on to the Windows Mail team.

Your privacy concerns are valid, but you can't be serious about the snooping question! Microsoft has one of the best records as far as privacy is concerned. See the Microsoft Privacy site (microsoft.com/privacy) for details, including Microsoft Privacy Principles.

Not applicable

Yes, I am very serious about the snooping thing. After realizing I can't connect my Metro mail to my Exchange server (both of which are Microsoft products), I say anything goes at this point. I have no idea why you'd require a separate log on unless you were using the data from it. Otherwise, you are inconveniencing every single person using the mail app for no reason whatsoever.

Not applicable

I have to agree with Robert. What is the reasoning behind making people sign in with a Microsoft Account? Sounds very much like Google, and we know how Google are with their information...targeted adverts based on search history etc. Windows 8 Default should be to set up the system with a local account and then the user can choose if they want to convert this to an Online account, not the other way around.

Not applicable

I can't open attachments in the Surface mail app? Any ideas

Not applicable

@JP - I can't figure out how to flag e-mails either.

Does anyone know how to get this to work? Selecting individual e-mails is a complete pain in the ass. I'm finding that all of the Metro apps are complete pains in the ass and lack even basic features.

In any case, how do I flag e-mails?

Not applicable

Is there a version of this article that makes sense to non-IT people? This is too complicated.

Not applicable

@Beyond confused!: See the first two links under

What else do I need to know? section (pasted below), which are for users.

  • Set up email in Windows 8 Mail
  • Mail: Frequently asked questions
  • Not applicable

    @DC: Thanks for the feedback!

    Not applicable

    Thanks for the info, but I'm still confused. The "set up email in Windows 8 Mail" referenced doesn't contain a single screen shot or anything. I'm lost about 8 paragraphs into it. The "Mail: Frequently asked questions" reference only contains 6 things which do not apply.

    Is there not a simple, easy to understand method with screenshots and an absolutely "idiot proof" way to set things up and make them work?

    Not applicable

    Don't work. Is a lurpin broke. Bad man not talk exchagny

    Not applicable

    I've read carefully through all of the above. I'm not a sysadmin, so it's a bit tough for me to follow when you state things like "Exchange ActiveSync 14.0". I have not a clue what that means. What I do know is that both myself and our sysadmins have been working for about 4 hours now to get my new 64GB Surface to work with our mail exchange software.

    1. We continually get a failure to sync error when connecting Windows 8 Mail. We cannot get past this point.

    2. Our sysadmins are unwilling to allow me to import a certificate. They state that this is not required on Apple or Google devices, so why is Microsoft requiring this extra step?

    3. As a third question, why am I being required to enter an outlook.com e-mail address when I am connecting to my e-mail address at my company? None of the sysadmins can figure out why this is required. Again, this does not occur on Apple or Google devices, so why on a Microsoft device?

    All I want to do is get mail working on my tablet, but I'm starting to feel sick about even buying the surface at this point. Can you help?

    Thank you in advance.

    Not applicable

    "Users are required to have a Microsoft Account, formerly known as Windows Live ID, to use the Windows Communications apps. "

    Can anyone tell us why this is a requirement?

    Not applicable

    Any update from the "Windows Mail team" regarding the certificate authentication issue?

    "@Bharat Suneja [MSFT]: @Alginald and others who asked about certificate-based authentication in Windows 8 Mail: The Windows Mail team is validating this. We'll update this post when we hear back."

    I am also experiencing this issue, and have been waiting to hear the follow up. Also hoping to hear if it will be addressed in an coming update or not.

    Not applicable

    THE ATTACHMENTS FOR EXCHANGE SERVER DOSENT WORK

    Not applicable

    Windows 8 Mail is too limiting and basic -----

    Want to sort messages in some way other then by date  - you cant

    Want to be able to see more messages in the list by switching to a 1-line display - you cant

    Want messages to go into multiple folders when they arrive - you cant

    Want something to happen automatically when a message arrives, such as a reply or forwarding - you cant

    Want the text to be bigger/smaller on the screen - you cant

    want the colors changed on the screen - you cant

    Want to ignore known bad senders - you cant

    Want to only download images from known good addresses - you cant

    Want to be able to say an email is spam - you cant

    want to be able to send a basic-text (instead of html) email - you cant

    Want to automatically update a calendar other than Live.com (such as corporate Exchange or gmail) - you cant

    Why did Microsoft release such an awful app as the default mail client on millions and millions of Windows 8 machines? Do you hate your customers?

    Not applicable

    Who specifically designed the Windows 8 Mail client and approved it for release? Who can we pin the blame on for this massive travesty? Never in my 18 years of consulting have I stumbled on such a terrible excuse for a program.

    Not applicable

    Hello,

    Please i need to be sure if Mail App in Windows RT or Windows 8 can support Client Certification Base Authentication (CBA) for ActiveSync.

    I spent a lot of time testing all versions of Windows RT and Windows 8 (With network capturing) and my conclusion is they doesn't work : My Client certification doesn't sent (while using Internet Explorer it is sent).

    Thank

    Not applicable

    @Ben,

    CBA does not work in Windows 8 mail. Most people can't even get it to work with any Exchange server or POP. IMAP is also very flakey.