Why I couldn’t connect my Windows 8 tablet to Exchange

[UPDATED OCT. 23, 2012] As Windows 8 approaches and we all wonder whether tablets like the Microsoft Surface running it will gain the upper hand in the battle for dominance with the iPad, it’s easy to forget the so-called post-PC devices owe a huge debt of gratitude to Microsoft. Why? Because Microsoft licensed Exchange ActiveSync first to Apple for iOS and OS X, then Google for Android. The defunct WebOS also supported EAS; in fact, pretty much every mobile platform except the BlackBerry (which uses its proprietary BES) supports EAS.

EAS compatibility is what lets iPads, iPhones, Androids, and Macs connect to corporate servers for email, calendars, contacts, and tasks. It’s also the key mechanism through which mobile device management (MDM) tools manage and secure those devices. In truth, EAS is a cornerstone for why non-Windows PCs are increasingly used in business and why Microsoft and the PC makers are struggling to retain their monopoly. It’s ironic that Microsoft’s approach to EAS in Windows 8 is less flexible and less user-friendly than what the licensed version lets the post-PC competitors do.

[ Windows 8 is coming, and InfoWorld can help you get ready with the Windows 8 Deep Dive PDF special report, which explains Microsoft’s bold new direction for Windows, the new Metro interface for tablet and desktop apps, the transition from Windows 7, and more. | Keep up on key mobile developments and insights via Twitter and with the Mobilize newsletter. ]

When Microsoft revealed its Office 2013 apps a few weeks ago and provided reviewers like myself loaner tablets to test it on, I couldn’t get its Office client to work with my company’s Exchange server. Microsoft’s techs couldn’t, either, yet I had no trouble connecting a slew of Android smartphones and tablets like the Samsung Galaxy S III and Motorola Mobility Xyboard 10.1 to Exchange. Nor was there any trouble connecting iPads and iPhones or any issues connecting Macs — only on Windows 8 tablets and PCs.

I thought it was another example of how Windows 8 doesn’t get what it means to be a user-oriented device, but it turns out to be more complex. Yes, Windows 8 has very unfriendly aspects epitomized in an Exchange issue I’ll describe shortly, but my Exchange connection problems in both Outlook 2013 and the Mail app that comes in Metro had as much to do with a careless setup by our Exchange admins as it did with Microsoft’s excessively canonical Exchange setup. What’s ironic is that Outlook and Metro Mail couldn’t deal with that carelessness, whereas the EAS licensed to Apple, Google, and the rest could.

Windows 8’s overly strict approach to Exchange setup backfires As a user, I had no idea my company’s Exchange setup was abnormal — it worked on non-Microsoft devices. In Windows 8, the native Exchange didn’t know how to deal with the abnormality and kept telling me it couldn’t find the server on the Internet, resulting in a lot of wasted time with support staff who assumed it was an Internet problem. (Never mind that Internet Explorer and every other Internet-connected service worked just fine.)

Basically, Exchange is designed to strictly interpret the settings, whereas licensed EAS is more flexible, and when it can’t connect, it doesn’t throw up a red-herring alert message. Microsoft should ensure that Windows 8’s ability to connect to Exchange is at least as flexible and user-friendly as what it provides to Apple and Google customers.

If you’re an IT admin or a user dealing with an atypical Exchange setup, look out for two issues that confused Exchange when I tried to set it up outside the corporate network through an Internet connection — the norm for users with tablets, home computers, and other BYOD items:

• Our company uses one Exchange domain for its multiple business units, so the domain name for our individual email addresses doesn’t match that of the actual Exchange server’s domain. That caused the error message saying the server connection couldn’t be made via the Internet. EAS connections on Android, iOS, and OS X use an Outlook Web Access (OWA) address for making the Exchange connection, and OWA can handle that mapping, whereas a straight Exchange connection to the presumed domain cannot. Users need to know the OWA server address, but that’s a small and easy price to pay.
• Once we figured that out, I still couldn’t get connected because of two issues in the Exchange user directory. One is Microsoft’s fault: The username is case-sensitive, but I didn’t enter it the same way. It never occurred to be that capitalization of my username would matter, as it does not via OWA. The other was our Exchange admins’ fault: My username had a numeral appended to it, rather than match the credentials I use for Active Directory and OWA. It’s unclear how that happened, but without an exact username match, Exchange simply blocks access.

I see no reason Microsoft couldn’t make Exchange access as simple for users (and IT) as OWA access. Our IT support staff said a situation like this is why you have IT support in the first place; they prefer to do the setup for users on the local network, then hand over the equipment to avoid such issues. Of course, that’s not how business computing is going these days, so that’s an unrealistic prerequisite.

[ADDED OCT. 23, 2012] But two months later, when testing Windows 8’s ability to join Active Directory domains using the final version of the OS, the problem occurred again — even on a PC validated to the domain. The issue: I tried to set up the Exchange account from outside the office, and it simply would not let me do so. Even the tricks above did not work. What did work was a complete shutdown and restart — but I still had to connect through OWA, as Windows 8 would not connect to Exchange directly when outside the office. If you’re an Exchange support tech, prepare for major headaches.

Windows 8’s approach to encryption will not mesh with typical IT policies Now to the final issue that shows how Microsoft’s overly strict approach to email will cause fun problems for users and admins alike: One of my test tablets is about a year old and has no Trusted Platform Module (TPM) — same with most laptops and tablets. That means you can’t use Windows 8’s BitLocker encryption on that tablet (unless you’re an admin and try this convoluted process).

Here’s where it gets Kafkaesque. Most companies require device encryption be enabled to gain access to Exchange and other corporate assets. It’s a policy built in to EAS and used by all MDM products. But if your Windows 8 tablet doesn’t have a TPM, you can’t encrypt it, so you can’t access email — at least not from Metro’s Mail app.

If you install outlook on the Windows Desktop portion of a Windows 8 tablet — that is, the segment that runs Windows 7 — you can access Exchange on an unencrypted tablet. That’s because almost every company requires encryption on mobile devices but not on PCs, a silly and dangerous divergence of security requirements, especially since PCs usually have much more sensitive data on them than tablets and smartphones.

On the same tablet, Metro’s Mail can’t access Exchange because the tablet is not encrypted, but the Windows Desktop’s Outlook can access Exchange because encryption is not required of PCs. Try explaining that to users!

How Windows 8 could end up promoting OS X, iOS, and Android A hallmark of the post-PC shift is that technology is driven by users and therefore is designed to be set up and used by users. The iPhone and iPad showed how to do that. Windows 8 remains an uncomfortable mix of user-friendly (some Metro apps are very engaging and easy to use once you understand how to navigate them) and user-hostile (the inflexible approach to Exchange and schizophrenic approach to encryption). There’s one foot in the bad past and one in the good future.

With Windows 8 now final and in the hands of manufacturers for products coming in late October, early adopters will have to deal with this awkward straddle. They’ll let their friends, families, and colleagues know how discomforting that straddling can be. And their friends using Macs, iPhones, iPads, and Androids will smile and point out, “We don’t have these issues. Maybe you should use what we do instead.”

This article, “Why I couldn’t connect my Windows 8 tablet to Exchange,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen’s mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.