Archive for June, 2014

As an addition to an excellent blog post on howto support the Windows 8.1 Mail App in Enterprise environments me and my colleague Christiaan Evenhuis did some research on which Group Policy settings matches the corresponding Exchange ActiveSync policies.

The results:

EAS AD Group Policy / Local Security policy
Require alphanumeric password Password must meet complexity requirements
Require encryption on device BitLocker Drive Encryption \ Operating System Drives (multiple settings)
On Enterprise Domain joined clients you should use SCCM to enable encryption
Require encryption on storage card BitLocker Drive Encryption \ Removable Data Drives
Allow simple password Password must meet complexity requirements
Number of failed attempts allowed Interactive logon: Machine account lockout threshold
Minimum password length Minimum password length
Time without user input before password must be re-entered Interactive logon: Machine inactivity limit
Password expiration (days) Maximum password age


Make sure the settings in AD are more locked down to prevent the Windows 8.1 Mail App to invoke configurations that will require local admin permissions. During tests we found out that the Windows Policy provider works on a per computer basis. So when testing, re-deploy your machine to undo policy settings.