Windows.Security.ExchangeActiveSyncProvisioning.EasContract

Modern mail apps evaluate and apply the EAS security policies. An EasClientSecurityPolicy object is constructed by the caller app to set policies received from the Exchange server or application.

Creates an instance of an object that allows the caller app to set policies received from the Exchange server for evaluation or application.

Gets or sets the ability to prevent convenience logons. DisallowConvenienceLogon is not defined in MS-ASPROV. It is mapped from MS-ASPROV AllowSimplePassword with respect to the Windows password policies.

TRUE prevents convenience logons.

Gets or sets the maximum length of time the computer can remain inactive before it is locked. The MS-ASPROV name is MaxInactivityTimeDeviceLock.

The length of time allows for inactivity before the computer is locked.

Gets or sets the maximum number of failed password attempts for logging on. The MS-ASPROV name is MaxDevicePasswordFailedAttempts.

The range is between 4 and 16.

Gets or sets the minimum number of complex characters that are required for a password. The MS-ASPROV name is MinDevicePasswordComplexCharacters.

The range is between 1 and 4.

Gets or set the minimum length of password allowed. The MS-ASPROV name is MinPasswordLength.

The range is between 1 and 16.

Gets or set the length of time that a password is valid. The MS-ASPROV name is DevicePasswordExpiration.

The length of time before the password expires and must be reset.

Gets or set the password information previously used. The MS-ASPROV name is DevicePasswordHistory.

The password information that was previously used.

Gets or sets whether encryption is required. The MS-ASPROV name is RequireDeviceEncryption.

TRUE means encryption is required.

Applies the EAS policies in asynchronous mode once the user consents.ApplyAsync is called by a UWP app for mail any time the app wants to make the local computer compliant.

Returns the evaluation of the callback results, in asynchronous mode, back to the calling app.

Evaluates the EAS policies.CheckCompliance is called by a UWP app for mail any time the app wants to evaluate whether the local computer is compliant to the given EAS policies. Because this call doesn't involve any UI interactions, it is a synchronous call.

Returns the results of the compliance check, in synchronous mode.

Provides the mail app with the results of the evaluation of the EAS security policies. Every policy being evaluated returns an enumerated value indicating the evaluation results against the policy. The evaluations results are encapsulated in the EasComplianceResults object for the caller app to retrieve.

Returns the result of whether the computer is compliant with the EAS policies.

The result of whether the computer is compliant with the EAS policies. The Compliant property is set to TRUE if all of the policies being evaluated are compliant. Otherwise, it is set to FALSE.

Returns the result of whether convenience logons are disallowed.

The result of whether convenience logons are disallowed.

Gets the type of the Exchange ActiveSync encryption provider.

The type of the Exchange ActiveSync encryption provider.

Returns the result of the maximum time of inactivity allowed before the computer is locked.

The result of the maximum time of inactivity allowed before the computer is locked.

Returns the result of the maximum number of failed password attempts allowed.

The result of the maximum number of failed password attempts allowed.

Returns the result of the minimum number of complex password characters required.

The result of the minimum number of complex password characters required.

Returns the result of the minimum length of the password required.

The result of the minimum length of the password required.

Returns the result of whether the password is expired.

The result of whether the password is expired.

Returns the result of the history of passwords.

The result of the history of passwords.

Returns the result of whether encryption is required.

The result of whether encryption is required.

Results of whether the logon can occur. These values are mapped against the HRESULT codes returned from the EAS policy engine.

This computer can be compliant by using the ApplyAsync method.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is an admin.

This computer is compliant to the policy.HRESULT: S_OK and the user is controlled.

The policy is not set for evaluation.

The requested policy is stricter than the computer policies.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

Describes the type of Exchange ActiveSync encryption provider.

The encryption provider type has not yet been determined.

The encryption provider is a non-Windows provider.

The encryption provider is a Windows provider.

Represents the maximum length of time result before locking the computer. These values are mapped against the HRESULT codes returned from the EAS policy engine.

This computer can be compliant by using the ApplyAsync method.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is an admin.

This computer is compliant to the policy.HRESULT: S_OK and the user is controlled.

The policy value is not in a valid range.HRESULT: HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER)

The policy is not set for evaluation.

The requested policy is stricter than the computer policies.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

Represents the maximum number of password attempts results. These values are mapped against the HRESULT codes returned from the EAS policy engine.

This computer can be compliant by using the ApplyAsync method.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is an admin.

This computer is compliant to the policy.HRESULT: S_OK and the user is controlled.

The policy value is not in a valid range.HRESULT: HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER)

The policy is not set for evaluation.

The requested policy is stricter than the computer policies.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

Represents the minimum complexity result for passwords. These values are mapped against the HRESULT codes returned from the EAS policy engine.

One or more admins are not allowed to change their passwords. HRESULT: EAS_E_ADMINS_CANNOT_CHANGE_PASSWORD

The EAS password policies cannot be evaluated as one or more admins have blank passwords. HRESULT: EAS_E_ADMINS_HAVE_BLANK_PASSWORD

This computer can be compliant by using the ApplyAsync method.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is an admin.

There is at least one administrator whose connected account password must be changed for EAS password policy compliance.HRESULT: EAS_E_CONNECTED_ADMINS_NEED_TO_CHANGE_PASSWORD

The connected account password for the current user must be changed for EAS password policy compliance.HRESULT: EAS_E_CURRENT_CONNECTED_USER_NEED_TO_CHANGE_PASSWORD

This computer is compliant to the policy.HRESULT: S_OK and the user is controlled.

The EAS password policy cannot be enforced by the connected account provider of at least one administrator.HRESULT: EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CONNECTED_ADMINS

The EAS password policy cannot be enforced by the connected account provider of the current user.HRESULT: EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CURRENT_CONNECTED_USER

The EAS password policies for the user cannot be evaluated as the user has a blank password.HRESULT: EAS_E_CURRENT_USER_HAS_BLANK_PASSWORD

The policy value is not in a valid range.HRESULT: HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER)

There are other standard users present who are not allowed to change their passwords. HRESULT: EAS_E_LOCAL_CONTROLLED_USERS_CANNOT_CHANGE_PASSWORD

The policy is not set for evaluation.

The requested policy is stricter than the computer policies.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

The EAS policy being evaluated cannot be enforced by the system.HRESULT: EAS_E_REQUESTED_POLICY_NOT_ENFORCEABLE

The user is not allowed to change the password. HRESULT: EAS_E_USER_CANNOT_CHANGE_PASSWORD

Represents the minimum length result for passwords. These values are mapped against the HRESULT codes returned from the EAS policy engine.

One or more admins are not allowed to change their passwords. HRESULT: EAS_E_ADMINS_CANNOT_CHANGE_PASSWORD

The EAS password policies cannot be evaluated as one or more admins have blank passwords. HRESULT: EAS_E_ADMINS_HAVE_BLANK_PASSWORD

This computer can be compliant by using the ApplyAsync method.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

There is at least one administrator whose connected account password must be changed for EAS password policy compliance.HRESULT: EAS_E_CONNECTED_ADMINS_NEED_TO_CHANGE_PASSWORD

The connected account password for the current user must be changed for EAS password policy compliance.HRESULT: EAS_E_CURRENT_CONNECTED_USER_NEED_TO_CHANGE_PASSWORD

This computer is compliant to the policy.HRESULT: S_OK and the user is controlled.

The EAS password policy cannot be enforced by the connected account provider of at least one administrator.HRESULT: EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CONNECTED_ADMINS

The EAS password policy cannot be enforced by the connected account provider of the current user.HRESULT: EAS_E_PASSWORD_POLICY_NOT_ENFORCEABLE_FOR_CURRENT_CONNECTED_USER

The EAS password policies for the user cannot be evaluated as the user has a blank password.HRESULT: EAS_E_CURRENT_USER_HAS_BLANK_PASSWORD

The policy value is not in a valid range.HRESULT: HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER)

There are other standard users present who are not allowed to change their passwords. HRESULT: EAS_E_LOCAL_CONTROLLED_USERS_CANNOT_CHANGE_PASSWORD

The policy is not set for evaluation.

The requested policy is stricter than the computer policies.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

The EAS policy being evaluated cannot be enforced by the system.HRESULT: EAS_E_REQUESTED_POLICY_NOT_ENFORCEABLE

The user is not allowed to change the password. HRESULT: EAS_E_USER_CANNOT_CHANGE_PASSWORD

Results of querying on the password expiration information. These values are mapped against the HRESULT codes returned from the EAS policy engine.

One or more admins are not allowed to change their passwords. HRESULT: EAS_E_ADMINS_CANNOT_CHANGE_PASSWORD

The computer can be compliant using the ApplyAsync method.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is an admin.

The computer is compliant to the policy.HRESULT: S_OK and the user is controlled.

The policy value is not in a valid range.HRESULT: HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER)

There are other standard users present who are not allowed to change their passwords. HRESULT: EAS_E_LOCAL_CONTROLLED_USERS_CANNOT_CHANGE_PASSWORD

The policy is not set for evaluation.

The EAS password expiration policy cannot be met as the password expiration interval is less than the minimum password interval for the system.HRESULT: EAS_E_REQUESTED_POLICY_PASSWORD_EXPIRATION_INCOMPATIBLE

The requested policy is stricter than the computer policies.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

The user is not allowed to change the password. HRESULT: EAS_E_USER_CANNOT_CHANGE_PASSWORD

Represents the password history. These values are mapped against the HRESULT codes returned from the EAS policy engine.

The computer can be compliant using the ApplyAsync method.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is an admin.

The computer is compliant to the policy.HRESULT: S_OK and the user is controlled.

The policy value is not in a valid range.HRESULT: HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER)

The policy is not set for evaluation.

The requested policy is stricter than the computer policies.HRESULT: EAS_E_POLICY_COMPLIANT_WITH_ACTIONS and the user is not an admin.

Represents the type of encryption required. These values are mapped against the HRESULT codes returned from the EAS policy engine.

This computer can be compliant by using the ApplyAsync method.HRESULT: S_OK but the user is not controlled.

This computer is already DeviceProtected.HRESULT: S_OK and the user is controlled.

This value is no longer supported. Starting with Windows 8.1, use **FixedDataNotSupported**.

DeFixedDataNotSupported may be altered or unavailable for releases after Windows 8.1. Instead, use FixedDataNotSupported.

This value is no longer supported. Starting with Windows 8.1, use **HardwareNotCompliant**.

DeHardwareNotCompliant may be altered or unavailable for releases after Windows 8.1. Instead, use HardwareNotCompliant.

This value is no longer supported. Starting with Windows 8.1, use **OsVolumeNotProtected**.

DeOsVolumeNotProtected may be altered or unavailable for releases after Windows 8.1. Instead, use OsVolumeNotProtected.

This value is no longer supported. Starting with Windows 8.1, use **ProtectionNotYetEnabled**.

DeProtectionNotYetEnabled may be altered or unavailable for releases after Windows 8.1. Instead, use ProtectionNotYetEnabled.

This value is no longer supported. Starting with Windows 8.1, use **ProtectionSuspended**.

DeProtectionSuspended may be altered or unavailable for releases after Windows 8.1. Instead, use ProtectionSuspended.

This value is no longer supported. Starting with Windows 8.1, use **LockNotConfigured**.

DeWinReNotConfigured may be altered or unavailable for releases after Windows 8.1. Instead, use LockNotConfigured.

This computer cannot support device encryption because unencrypted fixed data volumes are present.HRESULT: FVE_E_DE_FIXED_DATA_NOT_SUPPORTED

This computer does not meet the hardware requirements to support device encryption.HRESULT: FVE_E_DE_HARDWARE_NOT_COMPLIANT

This computer cannot support device encryption because WinRE is not properly configured.HRESULT: FVE_E_DE_WINRE_NOT_CONFIGURED

This computer does not have a feature license.HRESULT: FVE_E_NO_FEATURE_LICENSE

The policy is not set for evaluation.

This computer is not provisioned to support device encryption. Enable BitLocker on all volumes to comply with device encryption policy. HRESULT: FVE_E_NOT_PROVISIONED_ON_ALL_VOLUMES

The operating system drive is not protected by BitLocker drive encryption.HRESULT: FVE_E_OS_NOT_PROTECTED

This computer is not provisioned with device encryption. Enable Device encryption on all volumes to comply with device encryption policy if it is supported. HRESULT: FVE_E_DE_OS_VOLUME_NOT_PROTECTED

Protection has not been enabled on the volume. Enabling protection requires a connected account. If you already have a connected account and are seeing this error, refer to the event log for more information.HRESULT: FVE_E_DE_PROTECTION_NOT_YET_ENABLED

Protection is enabled on this volume but has been suspended. This is most likely due to an update of your computer. Reboot and try again.HRESULT: FVE_E_DE_PROTECTION_SUSPENDED

An unexpected failure occurred.