Solved

S\MIME Encryption on Outlook

Posted on 2016-08-14
12
75 Views
Last Modified: 2016-09-24
hello,

We have enabled S\MIME encryption on outlook for some users but we are facing issue once we send signed message or encrypted that it is received as attachment. can we solve this ?

Regards,
0
Comment
Question by:fadyaz
  • 4
  • 2
  • 2
  • +2
12 Comments
 
LVL 14

Expert Comment

by:Alexei Kuznetsov
ID: 41755584
What email clients are on the recipient side?
0
 
LVL 2

Author Comment

by:fadyaz
ID: 41755587
Outllok on windows

It is happened with all clients recipients on windows or phone.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 41758733
have you exchanged public keys? The recipient must have your public key
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
ID: 41763995
On mobile check
Enable S/MIME on the device

From the Windows Phone device perform the following steps:

Open the company email account.

Tap the … to open the menu window.

Tap settings.

Tap sync settings.

To sign messages with S/MIME, slide the Sign with S/MIME bar to the On position.

To encrypt messages with S/MIME, slide the Encrypt with S/MIME bar to the On position.

Tap the Check mark to save the sync settings.
https://msdn.microsoft.com/en-us/library/dn643699.aspx

Also check the EAS setting

Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users.

Enable S/MIME for Exchange ActiveSync following these steps:

Open the Exchange Management Shell
Run the command Get-Mobile

Verify that the policy settings in the following table are configured:
....
see any specific exchange errors and see if the user can to themselves to test as well.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 125 total points (awarded by participants)
ID: 41764211
Before you can encrypt you need to exchange public keys. And all devices you want to transmit from needs the private key for the mail address.

Be careful with hosted services, the SMTP sending device needs the keys, with hosted services the device is owned by the hoster (so it conectent is accessible to the hoster) , that hoster can disguise as you indistinguishable from you. So there is never security there, for some things like confidentiality the cloud, as such, is not a solution.
IMHO Windows 10 devices count as hosted devices as Microsoft reserved the right to upload anything from your device, that might include the private keys needed for encryption.
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
ID: 41764250
Do ensure the below certificate are installed e.g.
- Trusted root CA certificate (Computer certificate store - Root)
- User certificate (Include email address in subject name, Email address, User principal name (UPN)) stated in the cert and for your account cert store in the Certificates – Current User)

As a whole you need to setup the digital ID, based on how you get the certificate, you can provision SMIME as per the link

http://searchexchange.techtarget.com/tutorial/Using-S-MIME-in-Microsoft-Outlook
0
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 125 total points (awarded by participants)
ID: 41764483
The easiest way to exchange keys is for each user in the conversation to send a signed message and each recipient double clicks the certificate and installs it.
0
 
LVL 2

Author Comment

by:fadyaz
ID: 41782461
is this working on mac also?
0
 
LVL 40

Assisted Solution

by:noci
noci earned 125 total points (awarded by participants)
ID: 41784379
If S/MIME is supported by your mail package Yes.
After the association of the email address with a public key (using a signed message)
Encryption can be used.  Note that your private key should always be with you, and never be uploaded to some web-based service unless you control (have physical owner ship & posession) of the system the service is placed on.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
ID: 41784510
Mac outlook client support SMIME as long as you import the certificate (PFX for containing private key) into the Mac Keyring.

https://technet.microsoft.com/en-us/library/jj984223(v=office.16).aspx
0
 
LVL 63

Expert Comment

by:btan
ID: 41813551
As shared and advised in the post.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
In-place Upgrading Dirsync to Azure AD Connect
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question