As a technology coordinator within a school I’ve worked through a number of issues in connecting to the school’s exchange email server via Windows RT and Windows 8. The concerns I’ve had and wanted to explore are somewhat peculiar to a school environment although may exist elsewhere.
The concerns were based around when a user accesses email via Windows RT or Windows 8 using the Mail App some of the security settings are imported from the domain where the exchange server is based and forced upon any computer wanting to access email from the particular site. In some ways this is not as significant an issue with Windows 8 as it is with Windows RT as Windows 8 allows users to access other email applications such as Windows Live Mail, Outlook and potentially a range of other email programs. However, with Windows RT if you want to connect to an exchange server the only App available is the Mail App.
My initial concern with security settings connected to the Mail App was on my Windows RT Surface tablet. When I connected to our school’s email server there was no choice but to enforce the policies from the exchange server as per the following.
In my mind there are a number of issues with this. One issue is that the user is provided no details as to what policies will be enforced and what impact they will have. Further given my RT Surface is my own device I didn’t really want to have school exchange security settings applied. However, that aside the biggest issue I had after I accepted these policies was that my Windows RT Surface would lock and require a password after a period of inactivity.
It’s highly annoying to have to constantly re-enter passwords on tablet devices and everything I read suggested this setting could not be removed without first disconnecting the Mail App from the exchange mail server. When I tried to remove the settings under User within PC Settings the option of “Never require a password” was not allowed.
Perhaps strangely, I found this setting could actually be adjusted without disconnecting the Mail App from the exchange server. This involved first choosing to “Reset Security Policies” from with User Accounts in the Control Panel as indicated in the following image.
To be clear the account I use to logon to my RT Surface is a “live” account and the security policies had come from the exchange server from my school. Resetting the Policies in this instance meant I could go back into the User settings in PC Settings and subsequently set the settings to be “Never require a password”. This subsequently solved my issue of having to constantly having to re-enter my password when the tablet locked as a result of a period of inactivity.
It wasn’t clear what other security settings were still applying to my tablet as a result of joining the Mail App to the school’s exchange server. However, what ever settings may have been in place didn’t appear to be having a negative impact on my use of my RT Surface.
What did concern me, was that in my role of coordinating technology within our school, I had a number of conversations with the school’s systems administrator as to how this might impact students who also tried to connect to the exchange email server with similar devices.
As a result of these conversations I came to understand that these security settings were connected to the ability to be able to remotely control and wipe devices such as tablets and phones. This caused me some concern because while I wanted students to connect to our exchange server to support email communication I didn’t want to be in a position where the school’s staff might be accused of wiping student devices.
I subsequently did some further investigations about this and found a number of links which provided some details about what might occur. The following are a few of these links.
http://blog.exchangegeek.com/2012/06/windows-8-mail-app-exchange-activesync.html
Beyond this I wasn’t overly concerned until I upgraded my home desktop to Windows 8. The Mail App in Windows 8 then synched automatically with my Windows RT Surface Mail App. Both devices used the same live account to logon with. There was no fine grained synching control where I could simply stop the Mail App synching – nor do I recall there being a way I could remove the Mail App from my Windows 8 computer. While I didn’t have to open the Mail App and access the school email via this App on my Windows 8 computer it looked a bit ugly to have a partly broken App sitting there in Windows 8. However, I put my school coordinator hat on and thought that any students in a similar situation would may want to access the school email on all the devices they have and was interested to know the result of doing so.
While there were a number of questions I really couldn’t answer without having access to administer the exchange server I was interested in what a user (i.e. a student) could do. I subsequently performed a test on the ability to remotely wipe my RT Surface device from OWA (Outlook Web Access).
To test what wiping would do on my Windows RT Surface I connected the Mail App to the school’s exchange server and then via OWA, Options, Mobile Devices I selected the device and chose to “Wipe All Data from Device” as per the following image.
The result was largely as expected, following some research on the topic. Initially nothing happened to my Surface and it appeared I could read existing school email via the Mail App. After about 5 minutes of waiting with nothing happening I attempted to send an email via the Mail App using the school email system. More or less as soon as I hit send the wipe occurred.
The Mail App connection to the school email server was removed with the school email account disappeared from the Mail App. In addition I received the following email confirmation.
The wipe fortunately didn’t wipe the entire Surface Tablet as some documentation indicates but rather just removed the school email account from the Mail App as indicated above.
It was then a relatively simple process of reconnecting the Mail App to the school email system by first “Removing Device from List” in OWA and then repeating the process of connecting to the school email via the Mail App on the Surface.
In Summary given the significance of accessing email from Tablet type devices there appears to be a dearth of clear technical and user documentation on how everything works. I take this to be part of the unfinished software feel of the surface tablet.
As a footnote I read with interest from http://winsupersite.com/windows-rt/microsoft-prepping-outlook-2013-windows-rt that Microsoft may release Outlook for RT. Given the issues with the Mail App it would be interesting to see how that operates.
Warren Sutton's Blog 
Thanks for this. I created an IMAP account and it seems to work fine – the password thing bugged the life out of me.
Nice answer back in return of this matter with real
arguments and explaining everything concerning that.
Thank you! This write-up was just what I needed