S\MIME Encryption on Outlook


We have enabled S\MIME encryption on outlook for some users but we are facing issue once we send signed message or encrypted that it is received as attachment. can we solve this ?

Who is Participating?
btanExec ConsultantCommented:
Mac outlook client support SMIME as long as you import the certificate (PFX for containing private key) into the Mac Keyring.

Alexei KuznetsovMicrosoft Outlook MVPCommented:
What email clients are on the recipient side?
fadyazAuthor Commented:
Outllok on windows

It is happened with all clients recipients on windows or phone.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

David Johnson, CD, MVPOwnerCommented:
have you exchanged public keys? The recipient must have your public key
btanExec ConsultantCommented:
On mobile check
Enable S/MIME on the device

From the Windows Phone device perform the following steps:

Open the company email account.

Tap the … to open the menu window.

Tap settings.

Tap sync settings.

To sign messages with S/MIME, slide the Sign with S/MIME bar to the On position.

To encrypt messages with S/MIME, slide the Encrypt with S/MIME bar to the On position.

Tap the Check mark to save the sync settings.

Also check the EAS setting

Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users.

Enable S/MIME for Exchange ActiveSync following these steps:

Open the Exchange Management Shell
Run the command Get-Mobile

Verify that the policy settings in the following table are configured:
see any specific exchange errors and see if the user can to themselves to test as well.
nociSoftware EngineerCommented:
Before you can encrypt you need to exchange public keys. And all devices you want to transmit from needs the private key for the mail address.

Be careful with hosted services, the SMTP sending device needs the keys, with hosted services the device is owned by the hoster (so it conectent is accessible to the hoster) , that hoster can disguise as you indistinguishable from you. So there is never security there, for some things like confidentiality the cloud, as such, is not a solution.
IMHO Windows 10 devices count as hosted devices as Microsoft reserved the right to upload anything from your device, that might include the private keys needed for encryption.
btanExec ConsultantCommented:
Do ensure the below certificate are installed e.g.
- Trusted root CA certificate (Computer certificate store - Root)
- User certificate (Include email address in subject name, Email address, User principal name (UPN)) stated in the cert and for your account cert store in the Certificates – Current User)

As a whole you need to setup the digital ID, based on how you get the certificate, you can provision SMIME as per the link

David Johnson, CD, MVPOwnerCommented:
The easiest way to exchange keys is for each user in the conversation to send a signed message and each recipient double clicks the certificate and installs it.
fadyazAuthor Commented:
is this working on mac also?
nociSoftware EngineerCommented:
If S/MIME is supported by your mail package Yes.
After the association of the email address with a public key (using a signed message)
Encryption can be used.  Note that your private key should always be with you, and never be uploaded to some web-based service unless you control (have physical owner ship & posession) of the system the service is placed on.
btanExec ConsultantCommented:
As shared and advised in the post.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.