Outdated hashing algorithm for S/MIME

Mobile devices’ access to Exchange Online mailboxes is governed by EAS mobile device policies, which specify, among other things, required encryption- and digital signature algorithms for S/MIME.  According to https://technet.microsoft.com/en-us/library/jj218719(v=exchg.160).aspx#Anchor_3, the strongest supported combination is currently 3DES with SHA-1.  An EAS client will always sign messages with SHA-1, which is now obsolete, https://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx#Enforcement_details, and no longer supported by some modern applications.  (Gmail says the signed messages use “an unsupported algorithm”, and Thunderbird considers the signatures invalid.)

I’m not really into Exchange, but some quick googling suggests that “RequireSignedSMIMEAlgorithm” is https://msdn.microsoft.com/en-us/library/ee237991(v=exchg.80).aspx of EAS provisioning documents (which are https://msdn.microsoft.com/en-us/library/ee202231(v=exchg.80).aspx), and I think it ought to be possible to clear this entry from mobile device policies.  However, the Set-MobileDeviceMailboxPolicy cmdlet currently requires either “MD5” or “SHA1” for the -RequireSignedSMIMEAlgorithm switch, so I can’t really do that from Exchange Online PowerShell.

I’m wondering if any of you has any suggestions or workarounds.  Also if there are people here working on EAS in Exchange Online, I’d like to hear their responses.