Windows 8 Policy Conflict Between Active Directory and Exchange

Windows 8 Policy Conflict Between Active Directory and Exchange

Q: When a Windows 8 machine is part of an Active Directory (AD) domain and is also connected to an Exchange mailbox with ActiveSync policies, which policy wins if there's a conflict?

A: Exchange ActiveSync allows policies such as security and lock-out requirements to be enforced on client machines. These settings can also be configured using Group Policy. Like most security implementations, if there's a conflict between AD Group Policy and Exchange ActiveSync, then the most restrictive policy wins.

There is one exception: The password complexity requirements set by Group Policy always win even if they're less complex than the ActiveSync policy. However, even though the winning policy is less complex than required by ActiveSync, the ActiveSync policy will still report compliance on the machine. Microsoft confirms this in a TechNet blog post

Also check out the FAQ answer "Doing an ActiveSync Remote Wipe of a Windows 8 or Windows RT Device."

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.