I'm searching for answer to the following topic:
We need to deploy S/MIME to our mobile users to allow them to send and receive S/MIME signed/encrypted mails inside our organisation.
Problem: Microsoft shows the S/MIME solution for Outlook on Windows, OWA (implemented not so long ago) and Windows Phone, but situation for devices/mail clients on Apple and Android devices regarding using S/MIME certificates is unclear.
In our scenario we must decide to purchase Office 365 (at least Exchange Online Plan1 and Azure Rights Management) for every user to accomplish basic requirements for such setup (now we using third party hosted mail) so this rather expensive decision.
We know that we need to setup:
- AD Certificate Services in our on-premise system
- Dirsync AD Certs with Azure Active Directory (then with Exchange Online tenant)
- rules for mail encryption on Office 365
so that is clear.
What is unclear - are the Office 365 via EAS distribute:
1. all internal users public certificates to Apple/Android devices Address Books to use when device user try to send S/MIME encrypted message inside organistation ?
2. private certificate of device user to use when user receiving S/MIME encrypted mail (this is less problematic as we can distribute this via other methods)?
thx in advance for any help