If you're an IT admin or a user dealing with an atypical Exchange setup, look out for two issues that confused Exchange when I tried to set it up outside the corporate network through an Internet connection -- the norm for users with tablets, home computers, and other BYOD items:
- Our company uses one Exchange domain for its multiple business units, so the domain name for our individual email addresses doesn't match that of the actual Exchange server's domain. That caused the error message saying the server connection couldn't be made via the Internet. EAS connections on Android, iOS, and OS X use an Outlook Web Access (OWA) address for making the Exchange connection, and OWA can handle that mapping, whereas a straight Exchange connection to the presumed domain cannot. Users need to know the OWA server address, but that's a small and easy price to pay.
- Once we figured that out, I still couldn't get connected because of two issues in the Exchange user directory. One is Microsoft's fault: The username is case-sensitive, but I didn't enter it the same way. It never occurred to be that capitalization of my username would matter, as it does not via OWA. The other was our Exchange admins' fault: My username had a numeral appended to it, rather than match the credentials I use for Active Directory and OWA. It's unclear how that happened, but without an exact username match, Exchange simply blocks access.
I see no reason Microsoft couldn't make Exchange access as simple for users (and IT) as OWA access. Our IT support staff said a situation like this is why you have IT support in the first place; they prefer to do the setup for users on the local network, then hand over the equipment to avoid such issues. Of course, that's not how business computing is going these days, so that's an unrealistic prerequisite.
[ADDED OCT. 23, 2012] But two months later, when testing Windows 8's ability to join Active Directory domains using the final version of the OS, the problem occurred again -- even on a PC validated to the domain. The issue: I tried to set up the Exchange account from outside the office, and it simply would not let me do so. Even the tricks above did not work. What did work was a complete shutdown and restart -- but I still had to connect through OWA, as Windows 8 would not connect to Exchange directly when outside the office. If you're an Exchange support tech, prepare for major headaches.
Windows 8's approach to encryption will not mesh with typical IT policies
Now to the final issue that shows how Microsoft's overly strict approach to email will cause fun problems for users and admins alike: One of my test tablets is about a year old and has no Trusted Platform Module (TPM) -- same with most laptops and tablets. That means you can't use Windows 8's BitLocker encryption on that tablet (unless you're an admin and try this convoluted process).
Here's where it gets Kafkaesque. Most companies require device encryption be enabled to gain access to Exchange and other corporate assets. It's a policy built in to EAS and used by all MDM products. But if your Windows 8 tablet doesn't have a TPM, you can't encrypt it, so you can't access email -- at least not from Metro's Mail app.
If you install outlook on the Windows Desktop portion of a Windows 8 tablet -- that is, the segment that runs Windows 7 -- you can access Exchange on an unencrypted tablet. That's because almost every company requires encryption on mobile devices but not on PCs, a silly and dangerous divergence of security requirements, especially since PCs usually have much more sensitive data on them than tablets and smartphones.
On the same tablet, Metro's Mail can't access Exchange because the tablet is not encrypted, but the Windows Desktop's Outlook can access Exchange because encryption is not required of PCs. Try explaining that to users!
How Windows 8 could end up promoting OS X, iOS, and Android
A hallmark of the post-PC shift is that technology is driven by users and therefore is designed to be set up and used by users. The iPhone and iPad showed how to do that. Windows 8 remains an uncomfortable mix of user-friendly (some Metro apps are very engaging and easy to use once you understand how to navigate them) and user-hostile (the inflexible approach to Exchange and schizophrenic approach to encryption). There's one foot in the bad past and one in the good future.
With Windows 8 now final and in the hands of manufacturers for products coming in late October, early adopters will have to deal with this awkward straddle. They'll let their friends, families, and colleagues know how discomforting that straddling can be. And their friends using Macs, iPhones, iPads, and Androids will smile and point out, "We don't have these issues. Maybe you should use what we do instead."
This article, "Why I couldn't connect my Windows 8 tablet to Exchange," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.