Important: S/MIME in Outlook for iOS is now available. The below article has been replaced by product content found at http://aka.ms/omsmime
Secure/Multipurpose Internet Mail Extension (S/MIME)...
Updated Dec 19, 2023
Version 13.0
Blog Post
Mike22April thanks for the questions.
In order to compose an encrypted message, the target recipient’s public certificate key must be available either in the Global Address List or stored on the local device (in the Microsoft publisher keychain). The cert gets populated in the GAL using the UserCertificate / UserSmimeCertificate attributes.
Outlook for iOS and Android does not support use of an LDAP directory for obtaining certificates (or connecting to an LDAP directory for address book functionality).
For automated certificate delivery, Outlook for iOS will only support Intune for enrollment. iOS has two keychains – system and publisher. Any MDM can push certs to the system keychain. However, only first party Apple apps can use that keychain. Outlook only has access to Microsoft publisher keychain. Intune is building a cert delivery channel (outside of the MDM channel), to securely deliver certs into the Microsoft publisher keychain. Third-party MDMs won’t have access to the Microsoft publisher keychain because they are not a Microsoft signed application and thus, can’t deliver certs there for Outlook to use.