Dave Stork writes about an interesting find in the Exchange 2013 Preview:

Suddenly I noticed something very interesting in the Exchange Admin Center.

Outlook App for Exchange.

Not Outlook Web App. Outlook App for Exchange. It took a while to sink in.

I like Dave’s theories on what this might mean, and why it would be a good thing.

1. Control Over Exchange ActiveSync Compatibility

Dave says:

Microsoft itself would have control over which feature is implemented in the app, not device vendors.

Mobile operating systems have wildly varying implementations of ActiveSync, primarily I suspect because they are consumer devices first with enterprise integration a secondary consideration.

But in this increasingly “BYOD world” we need more reliable compatibility with ActiveSync, and a dedicated app is one way to achieve that.

2. More Secure Handling of SSL Certificates

Dave says:

Currently there are also security issues present in EAS implementations or better: certificate handling by the device OS.

As we’ve seen recently, the way that iOS and Android deal with untrusted or invalid SSL certificates could be exploited. Again, a dedicated app would help customers avoid this apparent vulnerability.

What other clues are there on this one? Well, consider that Outlook 2007 and 2010 present SSL certificate warnings to the end user but let them accept them and continue connecting. That is essentially the same issue as is presented with iOS and Android.

One of the things I quickly found with Outlook 2013 is that it will not connect to the server if the SSL certificate fails validation (eg, it would not connect to my Exchange server while it still had the self-signed certificate installed, I had to install a trusted SSL cert on the server first).

Delivering that same security in a mobile app would be great for customers.

3. Improves the BYOD Scenario with Data Encryption and Remote Wipes

Dave says:

Another possibility with a dedicated app is the option for a Remote Wipe of the device to factory default settings or just the locally cached data within the app (just like the Windows 8 Mail app). It would be likely the app wouldn’t allow (via policy?) data to be cached unencrypted or outside the app (such as something like a SD card).

A lack of device encryption hampers BOYD quite a bit, and so to does the prospect of wiping out the user’s personal data when you remote wipe their device.

Some third party mobile device management solutions have solved this with a dedicated mobile app, so this would seem to be a natural thing for Microsoft to do as well.

4. Integration with FAST Search

This is one that Dave didn’t mention but that I think might be relevant. A big feature of the 2013 wave of Office servers is the FAST search integration across the multiple products.

It isn’t clear to me whether ActiveSync would allow mobile email clients to hook into that functionality. But a dedicated Outlook app could be given that feature perhaps.


This is an interesting find by Dave and just goes to show some of the neat stuff that can be found digging through pre-release software.

Although it is all speculation at this point it is interesting that rumors of an Outlook app for mobile devices have surfaced already some months ago. The October time frame in that article does align with the rumored RTM date for Exchange Server 2013.

It certainly makes sense to me, but we’ll just have to wait for October to find out.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Leave a Reply