Solved

S\MIME Encryption on Outlook

Posted on 2016-08-14
12
44 Views
Last Modified: 2016-09-24
hello,

We have enabled S\MIME encryption on outlook for some users but we are facing issue once we send signed message or encrypted that it is received as attachment. can we solve this ?

Regards,
0
Comment
Question by:fadyaz
  • 4
  • 2
  • 2
  • +2
12 Comments
 
LVL 13

Expert Comment

by:Alexei Kuznetsov
Comment Utility
What email clients are on the recipient side?
0
 
LVL 2

Author Comment

by:fadyaz
Comment Utility
Outllok on windows

It is happened with all clients recipients on windows or phone.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
have you exchanged public keys? The recipient must have your public key
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
Comment Utility
On mobile check
Enable S/MIME on the device

From the Windows Phone device perform the following steps:

Open the company email account.

Tap the … to open the menu window.

Tap settings.

Tap sync settings.

To sign messages with S/MIME, slide the Sign with S/MIME bar to the On position.

To encrypt messages with S/MIME, slide the Encrypt with S/MIME bar to the On position.

Tap the Check mark to save the sync settings.
https://msdn.microsoft.com/en-us/library/dn643699.aspx

Also check the EAS setting

Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users.

Enable S/MIME for Exchange ActiveSync following these steps:

Open the Exchange Management Shell
Run the command Get-Mobile

Verify that the policy settings in the following table are configured:
....
see any specific exchange errors and see if the user can to themselves to test as well.
0
 
LVL 39

Assisted Solution

by:noci
noci earned 125 total points (awarded by participants)
Comment Utility
Before you can encrypt you need to exchange public keys. And all devices you want to transmit from needs the private key for the mail address.

Be careful with hosted services, the SMTP sending device needs the keys, with hosted services the device is owned by the hoster (so it conectent is accessible to the hoster) , that hoster can disguise as you indistinguishable from you. So there is never security there, for some things like confidentiality the cloud, as such, is not a solution.
IMHO Windows 10 devices count as hosted devices as Microsoft reserved the right to upload anything from your device, that might include the private keys needed for encryption.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
Comment Utility
Do ensure the below certificate are installed e.g.
- Trusted root CA certificate (Computer certificate store - Root)
- User certificate (Include email address in subject name, Email address, User principal name (UPN)) stated in the cert and for your account cert store in the Certificates – Current User)

As a whole you need to setup the digital ID, based on how you get the certificate, you can provision SMIME as per the link

http://searchexchange.techtarget.com/tutorial/Using-S-MIME-in-Microsoft-Outlook
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 125 total points (awarded by participants)
Comment Utility
The easiest way to exchange keys is for each user in the conversation to send a signed message and each recipient double clicks the certificate and installs it.
0
 
LVL 2

Author Comment

by:fadyaz
Comment Utility
is this working on mac also?
0
 
LVL 39

Assisted Solution

by:noci
noci earned 125 total points (awarded by participants)
Comment Utility
If S/MIME is supported by your mail package Yes.
After the association of the email address with a public key (using a signed message)
Encryption can be used.  Note that your private key should always be with you, and never be uploaded to some web-based service unless you control (have physical owner ship & posession) of the system the service is placed on.
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
Comment Utility
Mac outlook client support SMIME as long as you import the certificate (PFX for containing private key) into the Mac Keyring.

https://technet.microsoft.com/en-us/library/jj984223(v=office.16).aspx
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
As shared and advised in the post.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

As with any other System Center product, the installation for the Authoring Tool can be quite a pain sometimes. This article serves to help you avoid making these mistakes and hopefully save you a ton of time on troubleshooting :)  Step 1: Make sur…
If you don't know how to downgrade, my instructions below should be helpful.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now