S\MIME Encryption on Outlook


We have enabled S\MIME encryption on outlook for some users but we are facing issue once we send signed message or encrypted that it is received as attachment. can we solve this ?

Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
Mac outlook client support SMIME as long as you import the certificate (PFX for containing private key) into the Mac Keyring.

Alexei Kuznetsov (Outlook MVP)CEOCommented:
What email clients are on the recipient side?
fadyazAuthor Commented:
Outllok on windows

It is happened with all clients recipients on windows or phone.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

David Johnson, CD, MVPOwnerCommented:
have you exchanged public keys? The recipient must have your public key
btanConnect With a Mentor Exec ConsultantCommented:
On mobile check
Enable S/MIME on the device

From the Windows Phone device perform the following steps:

Open the company email account.

Tap the … to open the menu window.

Tap settings.

Tap sync settings.

To sign messages with S/MIME, slide the Sign with S/MIME bar to the On position.

To encrypt messages with S/MIME, slide the Encrypt with S/MIME bar to the On position.

Tap the Check mark to save the sync settings.

Also check the EAS setting

Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users.

Enable S/MIME for Exchange ActiveSync following these steps:

Open the Exchange Management Shell
Run the command Get-Mobile

Verify that the policy settings in the following table are configured:
see any specific exchange errors and see if the user can to themselves to test as well.
nociConnect With a Mentor Software EngineerCommented:
Before you can encrypt you need to exchange public keys. And all devices you want to transmit from needs the private key for the mail address.

Be careful with hosted services, the SMTP sending device needs the keys, with hosted services the device is owned by the hoster (so it conectent is accessible to the hoster) , that hoster can disguise as you indistinguishable from you. So there is never security there, for some things like confidentiality the cloud, as such, is not a solution.
IMHO Windows 10 devices count as hosted devices as Microsoft reserved the right to upload anything from your device, that might include the private keys needed for encryption.
btanConnect With a Mentor Exec ConsultantCommented:
Do ensure the below certificate are installed e.g.
- Trusted root CA certificate (Computer certificate store - Root)
- User certificate (Include email address in subject name, Email address, User principal name (UPN)) stated in the cert and for your account cert store in the Certificates – Current User)

As a whole you need to setup the digital ID, based on how you get the certificate, you can provision SMIME as per the link

David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
The easiest way to exchange keys is for each user in the conversation to send a signed message and each recipient double clicks the certificate and installs it.
fadyazAuthor Commented:
is this working on mac also?
nociConnect With a Mentor Software EngineerCommented:
If S/MIME is supported by your mail package Yes.
After the association of the email address with a public key (using a signed message)
Encryption can be used.  Note that your private key should always be with you, and never be uploaded to some web-based service unless you control (have physical owner ship & posession) of the system the service is placed on.
btanExec ConsultantCommented:
As shared and advised in the post.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.