Yes, there is ActiveSync in Windows 8!
*** updated: Also read the followup blog post: More about Windows 8 CP and ActiveSync
As can be seen in his screenshots, ActiveSync policies are applied to the device (or computer) and it is listed in the Exchange Control Panel.
But how should we treat the Windows 8 computer? Does it work the same as Windows Phone? Hell, does it work as Windows Mobile 6.1+ which still has (painfully…) more supported options of ActiveSync than Windows Phone 7.5? Well, let’s dig somewhat deeper.
We’ve already seen the list of Mobile devices connected with Exchange, or in this case specifically Office 365. Let’s see the specific properties. Most interestingly: we see that Windows 8 has a Device Type of WindowsMail.
Some of you may know you can Allow, Block or Quarantine ActiveSync devices since Exchange 2010. So, of course first of: can we block Windows 8? YES! After syncing the device you can make an new Device Access Rule as the device type is now selectable. Nice!
So, we can also see that the ActiveSync version used by Windows 8 (or the Mail app) is 14.0, which not the most recent version (14.1 with Exchange 2010 SP1) as can be seen in this ActiveSync Overview.
Most important difference is Information Rights Management (IRM) over AES. Perhaps this is because Windows 8 is also a Desktop OS and Microsoft wants this combined with Outlook (and an Office license). It is in any case an Enterprise feature, so consumers will feel no loss here. Business users will probably still want to use Outlook. It will however still be interesting to see how this plays out with Slates/Tablets and Windows on Arm (WOA) form factors and the combination of Office 15 or better yet Outlook 15.
I wonder if WOA does support ActiveSync 14.1. We will have to wait for that… and… As Windows Phone 7.5 now supports ActiveSync 14.1, what will happen with Windows Phone 8 (WP8) as there are rumors/indications that Windows 8 and WP8 will share more code and functionality than previous versions of the mobile/phone OS and same generation Desktop OS… Something to keep an eye on. But I digress.
The fact that there is no IRM on Windows 8 Mail app could be a very valid reason to block these clients al together with ABQ. And now I also wonder how ActiveSync Client Certificate-based authentication will work. Can we install certificates via AD? As WOA will not include domain join (can’t find a link, but it basically means that WOA is consumer focused, not enterprise), it becomes imperative to be able to install certificates on the devices. But then again, Client Certificate-Based Authentication is more a Enterprise feature than Consumer.
Another question that popped in my head was how the Remote Wipe would work. Would it reset the whole machine to factory setting as with (most) ActiveSync mobile devices? Windows 8 does have built-in Reset and Refresh functionality. Would a Remote Wipe trigger that functionality? Would a Remote Wipe even work?
As we can see the Remote Wipe works, you even get confirmation in the ECP and per mail.
But the wipe is not a reset to factory settings. It just removes the data from the device which was synced via that specific ActiveSync connection. All other information, ActiveSync accounts, apps and so forth are still present.
Before Remote Wipe:
After Remote Wipe:
You can ask yourselves how this works security wise, but I’m glad that I don’t have to reinstall my whole computer. A mobile device is much faster restored, but then again the lines of what a mobile device and a desktop is are blurring…
So far my findings around Windows 8 Consumer Preview ActiveSync. Obviously features and it’s implementation could change in next builds. But even with just the ActiveSync feature there are still a lot of questions I have about how Exchange admins have to handle ActiveSync devices and how Microsoft is going to treat it’s Windows 8 devices. Whatever the form factor may be…