Home
%3CLINGO-SUB%20id%3D%22lingo-sub-735108%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-735108%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20progress!%20However%20not%20everyone%20has%20the%20knowledge%20to%20use%20S%2FMIME%20or%20PGP%20and%20also%20both%20standards%20are%20not%20compatible%20with%20each%20other.%20We%20build%20a%20product%20(based%20on%20MICROSOFT%20Azure)%20which%20works%20for%20everyone%20and%20is%20simple%20even%20it%20cannot%20be%20compared%201%3A1.%20Check%20out%20MAILINJA%20-%20Encrypt%20%26amp%3B%20Legitimate%20E-Mails.%20But%20Simple.%20(%3CA%20href%3D%22https%3A%2F%2Fmailinja.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmailinja.com%3C%2FA%3E).%20Greetings%20from%20Germany%2C%20Volkan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-734885%22%20slang%3D%22en-US%22%3ES%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-734885%22%20slang%3D%22en-US%22%3E%3CP%3ESecure%2FMultipurpose%20Internet%20Mail%20Extension%20(S%2FMIME)%20functionality%20in%20Outlook%20for%20iOS%20and%20Android%20has%20been%20a%20top%20request%20for%20several%20of%20our%20enterprise%20customers.%20As%20some%20of%20you%20may%20have%20heard%2C%20late%20last%20week%20we%20released%20support%20for%20S%2FMIME%20in%20Outlook%20for%20iOS%20in%20%3CA%20href%3D%22https%3A%2F%2Finsider.office.com%2Fen-us%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOffice%20Insiders%3C%2FA%3E%20via%20TestFlight%20(v3.30.0%20and%20later).%20For%20those%20not%20familiar%20with%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.apple.com%2Ftestflight%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ETestFlight%3C%2FA%3E%2C%20it%20is%20Apple%E2%80%99s%20platform%20for%20distributing%20pre-release%20builds.%20This%20allows%20us%20to%20get%20features%20in%20the%20hands%20of%20early%20adopters%20to%20gather%20feedback%20before%20releasing%20to%20all%20customers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ES%2FMIME%20provides%20encryption%2C%20which%20protects%20the%20content%20of%20e-mail%20messages%2C%20and%20digital%20signatures%2C%20which%20verify%20the%20identity%20of%20the%20sender%20of%20an%20e-mail%20message.%20In%20order%20to%20use%20S%2FMIME%20with%20Outlook%20for%20iOS%2C%20the%20user%E2%80%99s%20mailbox%20must%20be%20in%20Exchange%20Online.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%20id%3D%22toc-hId-1790624574%22%3EDeploying%20S%2FMIME%20certificates%3C%2FH2%3E%0A%3CP%3EOutlook%20for%20iOS%20supports%20manual%20certificate%20delivery.%20Manual%20certificate%20delivery%20is%20when%20the%20certificate%20is%20emailed%20to%20the%20user%20and%20the%20user%20taps%20on%20the%20certificate%20attachment%20within%20Outlook%20for%20iOS%20to%20initiate%20the%20certificate%E2%80%99s%20installation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSTRONG%3ENote%3C%2FSTRONG%3E%3A%20Outlook%20for%20iOS%20and%20Android%20will%20support%20automated%20certificate%20delivery%20in%20future%20releases.%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121948i6EA54F8168357A3B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22Image1.png%22%20title%3D%22Image1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20italic%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CFONT%20size%3D%222%22%20style%3D%22box-sizing%3A%20border-box%3B%22%3EFigure%201%3A%20Outlook%20for%20iOS%20manual%20certificate%20delivery%20installation%3C%2FFONT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUsers%20can%20export%20their%20own%20certificate%20and%20mail%20it%20to%20themselves%20using%20Outlook%20desktop%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EOpen%20Outlook%202013%2C%202016%20or%202019%20that%20has%20%3CSTRONG%3Ealready%20been%20configured%20for%20S%2FMIME%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3EFile%3C%2FSTRONG%3E%20-%26gt%3B%20%3CSTRONG%3EOptions%3C%2FSTRONG%3E%20-%26gt%3B%20%3CSTRONG%3ETrust%20Center%3C%2FSTRONG%3E%20-%26gt%3B%20%3CSTRONG%3ETrust%20Center%20Settings%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3EEmail%20Security%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EUnder%20%3CSTRONG%3EDigital%20ID%E2%80%99s%3C%2FSTRONG%3E%20click%20%3CSTRONG%3EImport%2FExport%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3EExport%20Your%20Digital%20ID%20to%20a%20file%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3ESelect%3C%2FSTRONG%3E%20and%20select%20the%20correct%20certificate%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3EBrowse%3C%2FSTRONG%3E%20and%20select%20a%20%3CSTRONG%3Elocation%3C%2FSTRONG%3E%20to%20save%20the%20file%3C%2FLI%3E%0A%3CLI%3EComplete%20your%20%3CSTRONG%3Epassword%3C%2FSTRONG%3E%20and%20then%20click%20OK%3C%2FLI%3E%0A%3CLI%3ECreate%20a%20new%20%3CSTRONG%3EE-mail%3C%2FSTRONG%3E%20and%20%3CSTRONG%3Eattach%20the%20exported%20PFX%20file%3C%2FSTRONG%3E.%20%3CSTRONG%3ESend%20the%20E-mail%20to%20yourself%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSTRONG%3EImportant%3C%2FSTRONG%3E%3A%20When%20exporting%20the%20certificate%2C%20ensure%20the%20exported%20certificate%20is%20password%20protected%20with%20a%20strong%20password.%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CH2%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%20id%3D%22toc-hId--761532387%22%3EEnabling%20S%2FMIME%20in%20the%20app%3C%2FH2%3E%0A%3CP%3ES%2FMIME%20must%20be%20enabled%20for%20Outlook%20for%20iOS%20and%20Android%20to%20view%20or%20create%20S%2FMIME-related%20content.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEnd%20users%20will%20need%20to%20enable%20S%2FMIME%20functionality%20manually%20by%20accessing%20their%20account%20settings%2C%20tapping%20Security%2C%20and%20tapping%20the%20S%2FMIME%20control%2C%20which%20is%20off%20by%20default.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20378px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121949iE3261E811091B5D9%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22Image2.png%22%20title%3D%22Image2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20italic%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CFONT%20size%3D%222%22%20style%3D%22box-sizing%3A%20border-box%3B%22%3EFigure%202%3A%20Outlook%20for%20iOS%20S%2FMIME%20security%20setting%3C%2FFONT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20the%20S%2FMIME%20setting%20is%20enabled%2C%20Outlook%20for%20iOS%20and%20Android%20will%20automatically%20disable%20the%20%3CSTRONG%3EOrganize%20By%20Thread%3C%2FSTRONG%3E%20setting.%20This%20is%20because%20S%2FMIME%20encryption%20becomes%20more%20complex%20as%20a%20conversation%20thread%20grows.%20By%20removing%20the%20threaded%20conversation%20view%2C%20Outlook%20for%20iOS%20and%20Android%20reduces%20the%20opportunity%20for%20issues%20with%20certificates%20across%20recipients%20during%20signing%20and%20encryption%3CSTRONG%3E.%3C%2FSTRONG%3E%20As%20this%20is%20an%20app-level%20setting%2C%20this%20change%20affects%20all%20accounts%20added%20to%20the%20app.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSTRONG%3ENote%3C%2FSTRONG%3E%3A%20Outlook%20for%20iOS%20and%20Android%20will%20support%20the%20ability%20for%20IT%20administrators%20to%20manage%20the%20S%2FMIME%20setting%20via%20general%20app%20configuration%20for%20enrolled%20devices%20in%20future%20releases.%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CH2%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%20id%3D%22toc-hId-981277948%22%3EConsuming%20and%20Creating%20S%2FMIME%20messages%3C%2FH2%3E%0A%3CP%3EAfter%20the%20certificates%20have%20been%20installed%20and%20S%2FMIME%20has%20been%20enabled%20in%20the%20app%2C%20users%20can%20read%20S%2FMIME%20related%20content%20and%20compose%20using%20S%2FMIME%20certificates.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20the%20message%20view%2C%20users%20can%20view%20messages%20that%20are%20S%2FMIME%20signed%20or%20encrypted.%20In%20addition%2C%20users%20can%20tap%20the%20S%2FMIME%20status%20bar%20to%20view%20more%20information%20about%20the%20message%E2%80%99s%20S%2FMIME%20status.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121951iE49C6393C183A3C3%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22Image3.png%22%20title%3D%22Image3.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20italic%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CFONT%20size%3D%222%22%20style%3D%22box-sizing%3A%20border-box%3B%22%3EFigure%203%3A%20Consuming%20S%2FMIME%20messages%20in%20Outlook%20for%20iOS%3C%2FFONT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUsers%20can%20install%20a%20sender%E2%80%99s%20public%20certificate%20key%20by%20tapping%20the%20S%2FMIME%20status%20bar.%20The%20certificate%20will%20be%20installed%20on%20the%20user%E2%80%99s%20device%2C%20specifically%20in%20the%20Microsoft%20publisher%20keychain%20in%20iOS.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20378px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121953iFF7B272942C8DE5B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22Image4.png%22%20title%3D%22Image4.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20italic%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CFONT%20size%3D%222%22%20style%3D%22box-sizing%3A%20border-box%3B%22%3EFigure%204%3A%20Outlook%20for%20iOS%20sender%20public%20certificate%20key%20installation%3C%2FFONT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20composing%20an%20email%20in%20Outlook%20for%20iOS%20and%20Android%2C%20the%20sender%20can%20choose%20to%20encrypt%20and%2For%20sign%20the%20message%20(signed%20messages%20are%20sent%20clear-signed).%20By%20tapping%20on%20the%20%3CSTRONG%3Eellipse%3C%2FSTRONG%3E%20and%20tapping%20%3CSTRONG%3ESign%20and%20Encrypt%3C%2FSTRONG%3E%2C%20the%20various%20S%2FMIME%20options%20are%20presented.%20Selecting%20an%20S%2FMIME%20option%20enables%20the%20respective%20action%20on%20the%20email%20when%20it%20is%20sent%20(drafts%20are%20not%20signed%20or%20encrypted)%2C%20assuming%20the%20sender%20has%20a%20valid%20certificate.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSTRONG%3EImportant%3C%2FSTRONG%3E%3A%26nbsp%3BIn%20order%20to%20compose%20an%20encrypted%20message%2C%20the%20target%20recipient%E2%80%99s%20public%20certificate%20key%20must%20be%20available%20either%20in%20the%20Global%20Address%20List%20or%20stored%20on%20the%20local%20device.%20In%20order%20to%20compose%20a%20signed%20message%2C%20the%20sender%E2%80%99s%20private%20certificate%20key%20must%20be%20available%20on%20the%20device.%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121954iBC340F3EA10A5389%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22Image5.png%22%20title%3D%22Image5.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20italic%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CFONT%20size%3D%222%22%20style%3D%22box-sizing%3A%20border-box%3B%22%3EFigure%205%3A%20Outlook%20for%20iOS%20options%20for%20applying%20S%2FMIME%20to%20a%20message%3C%2FFONT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOutlook%20for%20iOS%20will%20evaluate%20all%20recipients%20prior%20to%20sending%20an%20encrypted%20message%20and%20confirm%20that%20a%20valid%20public%20certificate%20key%20exists%20for%20each%20recipient.%20The%20Global%20Address%20List%20()%20is%20checked%20first%3B%20if%20a%20certificate%20for%20the%20recipient%20does%20not%20exist%20in%20the%20GAL%2C%20Outlook%20queries%20the%20Microsoft%20publisher%20keychain%20in%20iOS%20to%20locate%20the%20recipient%E2%80%99s%20public%20certificate%20key.%20For%20recipients%20without%20a%20public%20certificate%20key%20(or%20an%20invalid%20key)%2C%20Outlook%20will%20prompt%20for%20their%20removal.%20The%20message%20will%20not%20be%20sent%20unencrypted%20to%20any%20recipient%20unless%20the%20encryption%20option%20is%20disabled%20by%20the%20sender%20during%20composition.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%20id%3D%22toc-hId--1570879013%22%3ESummary%3C%2FH2%3E%0A%3CP%3EIf%20you%20are%20interested%20in%20testing%20S%2FMIME%20in%20Outlook%20for%20iOS%2C%20sign-up%20for%20TestFlight%20access%20at%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Foutlookinsiders%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Faka.ms%2Foutlookinsiders%3C%2FA%3E.%20Apple%20imposes%20a%20limit%20to%20the%20volume%20of%20available%20testers%20per%20app.%20If%20TestFlight%20link%20indicates%20the%20program%20is%20full%20check%20back%20in%20a%20few%20weeks%20as%20we%20routinely%20scrub%20inactive%20accounts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20hope%20access%20to%20S%2FMIME%20in%20TestFlight%20will%20enable%20you%20to%20validate%20S%2FMIME%20functionality%20in%20your%20environments.%20For%20any%20issues%2C%20please%20file%20an%20in-app%20support%20ticket%20with%20clear%20instructions%2Fdetails%20on%20the%20issue.%20S%2FMIME%20support%20in%20Outlook%20for%20iOS%20and%20Android%20will%20begin%20rolling%20out%20for%20general%20availability%20later%20this%20summer.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20recognize%20that%20not%20all%20customers%20need%20S%2FMIME%20functionality%3B%20in%20fact%2C%20many%20of%20our%20customers%20are%20adopting%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Ftechnology%2Finformation-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Information%20Protection%3C%2FA%3E%20to%20classify%20and%20protect%20content.%20We%E2%80%99re%20busy%20putting%20the%20final%20touches%20on%20sensitive%20labeling%20support%20in%20Outlook%20for%20iOS%20and%20Android.%20Stay%20tuned!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20have%20any%20questions%2C%20please%20let%20us%20know.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%23ff6600%22%3E%3CSTRONG%3ERoss%20Smith%20IV%3C%2FSTRONG%3E%3C%2FFONT%3E%3CBR%20%2F%3EPrincipal%20Program%20Manager%3CBR%20%2F%3ECustomer%20Experience%20Engineering%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-734885%22%20slang%3D%22en-US%22%3E%3CP%3EOutlook%20for%20iOS%20TestFlight%20supports%20reading%20and%20creating%20S%2FMIME%20messages.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-734885%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEMS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EiOS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-776080%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-776080%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F70852%22%20target%3D%22_blank%22%3E%40Ross%20Smith%20IV%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20eagerly%20awaiting%20the%20S%2FMIME%20functionality%20in%20iOS%2C%20thanks%20for%20your%20very%20informative%20post.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThree%20questions%20I%20really%20hope%20you%20can%20answer%3A%3C%2FP%3E%3CP%3E1)%20Will%20Outlook%20for%20iOS%20support%20fetching%20public%20S%2FMIME%20details%20from%20AD%2FAAD%20from%20the%20UserCertificate%20and%2For%20UserSmimeCertificate%20attribute%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20Will%20Outlook%20for%20iOS%20support%26nbsp%3B%26nbsp%3Bfetching%20public%20S%2FMIME%20details%20from%20a%20connected%20LDAP%20Address%20book%2C%20just%20like%20Outlook%20for%20Windows%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3)%20Will%20Outlook%20for%20iOS%20support%20a%20way%20for%20third%20party%20solutions%20such%20as%20MDM%20or%20other%20Certificate%20Life%20Cycle%20Management%20solutions%20%2C%20to%20configure%20a%20present%20Outlook%20for%20iOS%20with%20relevant%20S%2FMIME%20and%20address%20book%20settings%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReason%20why%20I'm%20asking%20are%20all%20related%20to%20end-user%20experience.%3C%2FP%3E%3CP%3EA%20techie%20person%20will%20understand%20how%20to%20manually%20configure%20an%20S%2FMIME%20and%20manually%20configure%20an%20addressbook%2C%20and%20will%20likely%20be%20annoyed%20but%20understand%20why%20a%20recipients%20certificate%20will%20first%20need%20to%20be%20save%20and%20installed%20onto%20iOS%20before%20being%20able%20to%20send%20a%20message.%3C%2FP%3E%3CP%3EBut%20most%20users%20have%20no%20clue%20and%20need%20to%20be%20able%20to%20simply%20use%20the%20Outlook%20for%20iOS%20app%20with%20S%2FMIME%20support%20for%20encryption%20and%2For%20signing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20you%20state%20that%20not%20everybody%20needs%20S%2FMIME%20and%20likely%20will%20have%20sufficient%20use%20with%20Microsoft's%20proprietary%20encryption%20solution.%20However%20many%20countries%20are%20adopting%20a%20requirement%20for%20example%20for%20S%2FMIME%20based%20email%20signing%20when%20privacy%20sensitive%20information%20is%20shared%20such%20as%20medical%20data.%20So%20expect%20hundreds%20of%20thousands%20if%20not%20millions%20worldwide%20of%20non-techie%20people%20who%20professionally%20are%20being%20forced%20into%26nbsp%3B%20S%2FMIME%20simply%20due%20to%20(GDPR)%20regulations%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-777965%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-777965%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383059%22%20target%3D%22_blank%22%3E%40Mike22April%3C%2FA%3E%26nbsp%3Bthanks%20for%20the%20questions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20order%20to%20compose%20an%20encrypted%20message%2C%20the%20target%20recipient%E2%80%99s%20public%20certificate%20key%20must%20be%20available%20either%20in%20the%20Global%20Address%20List%20or%20stored%20on%20the%20local%20device%20(in%20the%20Microsoft%20publisher%20keychain).%20The%20cert%20gets%20populated%20in%20the%20GAL%20using%20the%26nbsp%3B%3CSPAN%3EUserCertificate%26nbsp%3B%2F%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EUserSmimeCertificate%20attributes%3C%2FSPAN%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOutlook%20for%20iOS%20and%20Android%20does%20not%20support%20use%20of%20an%20LDAP%20directory%20for%20obtaining%20certificates%20(or%20connecting%20to%20an%20LDAP%20directory%20for%20address%20book%20functionality).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20automated%20certificate%20delivery%2C%20Outlook%20for%20iOS%20will%20only%20support%20Intune%20for%20enrollment.%26nbsp%3BiOS%20has%20two%20keychains%20%E2%80%93%20system%20and%20publisher.%26nbsp%3B%20Any%20MDM%20can%20push%20certs%20to%20the%20system%20keychain.%26nbsp%3B%20However%2C%20only%20first%20party%20Apple%20apps%20can%20use%20that%20keychain.%26nbsp%3BOutlook%20only%20has%20access%20to%20Microsoft%20publisher%20keychain.%20Intune%20is%20building%20a%20cert%20delivery%20channel%20(outside%20of%20the%20MDM%20channel)%2C%20to%20securely%20deliver%20certs%20into%20the%20Microsoft%20publisher%20keychain.%26nbsp%3BThird-party%20MDMs%20won%E2%80%99t%20have%20access%20to%20the%20Microsoft%20publisher%20keychain%20because%20they%20are%20not%20a%20Microsoft%20signed%20application%20and%20thus%2C%20can%E2%80%99t%20deliver%20certs%20there%20for%20Outlook%20to%20use.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778067%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778067%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F70852%22%20target%3D%22_blank%22%3E%40Ross%20Smith%20IV%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAgain%20thanks%20for%20your%20time%20answering%20my%20questions%2C%20really%20helpful.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20looking%20forward%20to%20seeing%20%2F%20reading%20more%20information%20once%20available%20on%20the%20separate%26nbsp%3B%20channel%20via%20Intune%20to%20deliver%20certificates%20into%20the%20Microsoft%20publisher%20keychain%2C%20especially%20those%20that%20normally%20would%20reside%20in%20an%20LDAP%20key%20server%20related%20to%20email%20addresses%20outside%20the%20corporate%20domain%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-807779%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-807779%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20really%20an%20enterprise%20grade%20feature%20we%20are%20long%20waiting%20for%20and%20already%20opened%20dozens%20of%20tickets%20for%20it.%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuestions%3A%3C%2FP%3E%3CP%3E-%20Are%20S%2FMIME%20signed%20mails%20always%20verified%20-%20even%20when%20there%20is%20no%20local%20S%2FMIME%20certificate%20installed%20on%20the%20device%3F%26nbsp%3B%20I'm%20asking%20that%20because%20a%20lot%20of%20companies%20use%20central%20S%2FMIME%20gateways%20for%20e-mail%20signing%20and%20do%20not%20deploy%20the%20S%2FMIME%20certs%20directly%20on%20the%20device.%3C%2FP%3E%3CP%3E-%20When%20is%20the%20Global%20Go%20Live%20expected%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-813445%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-813445%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F393337%22%20target%3D%22_blank%22%3E%40M_LE_%3C%2FA%3E%26nbsp%3B-%20In%20order%20to%20validate%20that%20the%20signature%20is%20valid%2C%20S%2FMIME%20must%20be%20enabled%20in%20the%20app%20and%20the%20user's%20certificate%20must%20be%20installed.%20Clear-signed%20messages%20will%20always%20have%20their%20message%20bodies%20rendered%2C%20even%20if%20the%20S%2FMIME%20functionality%20is%20disabled%20in%20the%20app.%20Regarding%20when%20this%20functionality%20will%20ship%2C%20please%20follow%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fm365roadmap%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Faka.ms%2Fm365roadmap%3C%2FA%3Eto%20keep%20up%20to%20date.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-816748%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-816748%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ross%20-%20thanks%20for%20quick%20answer.%3C%2FP%3E%3CP%3EDoes%20that%20mean%20if%20S%2FMIME%20is%20enabled%20and%20no%20local%20S%2FMIME%20certificate%20is%20installed%20then%20a%20S%2FMIME%20signed%20mail%20still%20does%20not%20show%20up%20as%20signed%20with%20a%20seal%2Fmark%2Fbanner%20and%20just%20the%20attachment%20smime.p7m%20is%20added%20as%20in%20current%20iOS%20Outlook%20mobile%20versions%3F%3C%2FP%3E%3CP%3ENative%20iOS%20mail%20validates%20every%20signature%20even%20when%20no%20local%20S%2FMIME%20cert%20is%20installed%20-%20it%20would%20be%20great%20if%20outlook%20also%20offers%20that%20functionality.%20Verifying%20identities%20is%20crucial%20sometimes...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-823130%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-823130%22%20slang%3D%22en-US%22%3EWhen%20testing%20this%20functionality%20my%20SMIME%20certificate%20installed%20fine%2C%20however%20when%20I%20go%20to%20compose%20a%20message%20it%20says%20%22We%20couldn't%20find%20your%20S%2FMIME%20certificate.%20Install%20a%20certificate%20or%20contact%20your%20IT%20help%20desk.%22%20Any%20idea%20why%20it's%20not%20picking%20up%20my%20certificate%3F%20If%20I%20try%20to%20install%20it%20again%20it%20states%20that%20it%20is%20already%20installed.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-828426%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-828426%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F79247%22%20target%3D%22_blank%22%3E%40Michael%20Nickels%3C%2FA%3E%26nbsp%3B-%20it's%20possible%20that%20Exchange%20Online%20isn't%20properly%20configured.%26nbsp%3BEnsure%20S%2FMIME%20has%20been%20properly%20configured%20in%20Exchange%20Online%20by%20following%20the%20steps%20outlined%20in%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Foffice365%2FSecurityCompliance%2Fs-mime-for-message-signing-and-encryption%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ES%2FMIME%20for%20message%20signing%20and%20encryption%20in%20Exchange%20Online%3C%2FA%3E.%20This%20includes%20setting%20up%20the%20virtual%20certificate%20collection%20and%20publishing%20the%20certificate%20revocation%20list%20to%20the%20Internet.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20those%20items%20have%20been%20configured%2C%20the%20best%20thing%20to%20do%20is%20open%20an%20in-app%20support%20ticket%20so%20we%20can%20analyze%20the%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-859517%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-859517%22%20slang%3D%22en-US%22%3EHello%2C%20is%20any%20ETA%20available%20for%20Outlook%20for%20android%20s%2Fmime%20support%20even%20beta%20testing%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-859529%22%20slang%3D%22en-US%22%3ERe%3A%20S%2FMIME%20functionality%20available%20in%20Outlook%20for%20iOS%20TestFlight%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-859529%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F410494%22%20target%3D%22_blank%22%3E%40techcommunity965%3C%2FA%3E%26nbsp%3B-%20See%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fm365roadmap%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Faka.ms%2Fm365roadmap%3C%2FA%3E%20for%20up%20to%20date%20information%20on%20release%20plans.%20We%20have%20nothing%20to%20announce%20at%20the%20moment%20regarding%20an%20early%20access%20program%20for%20Outlook%20for%20Android%2C%20but%20the%20feedback%20is%20noted.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Secure/Multipurpose Internet Mail Extension (S/MIME) functionality in Outlook for iOS and Android has been a top request for several of our enterprise customers. As some of you may have heard, late last week we released support for S/MIME in Outlook for iOS in Office Insiders via TestFlight (v3.30.0 and later). For those not familiar with TestFlight, it is Apple’s platform for distributing pre-release builds. This allows us to get features in the hands of early adopters to gather feedback before releasing to all customers.

 

S/MIME provides encryption, which protects the content of e-mail messages, and digital signatures, which verify the identity of the sender of an e-mail message. In order to use S/MIME with Outlook for iOS, the user’s mailbox must be in Exchange Online.

 

Deploying S/MIME certificates

Outlook for iOS supports manual certificate delivery. Manual certificate delivery is when the certificate is emailed to the user and the user taps on the certificate attachment within Outlook for iOS to initiate the certificate’s installation.

 

Note: Outlook for iOS and Android will support automated certificate delivery in future releases.

Image1.png

Figure 1: Outlook for iOS manual certificate delivery installation

 

Users can export their own certificate and mail it to themselves using Outlook desktop:

  1. Open Outlook 2013, 2016 or 2019 that has already been configured for S/MIME
  2. Click File -> Options -> Trust Center -> Trust Center Settings
  3. Click Email Security
  4. Under Digital ID’s click Import/Export
  5. Click Export Your Digital ID to a file
  6. Click Select and select the correct certificate
  7. Click Browse and select a location to save the file
  8. Complete your password and then click OK
  9. Create a new E-mail and attach the exported PFX file. Send the E-mail to yourself.

Important: When exporting the certificate, ensure the exported certificate is password protected with a strong password.

Enabling S/MIME in the app

S/MIME must be enabled for Outlook for iOS and Android to view or create S/MIME-related content.

 

End users will need to enable S/MIME functionality manually by accessing their account settings, tapping Security, and tapping the S/MIME control, which is off by default.

Image2.png

Figure 2: Outlook for iOS S/MIME security setting

 

When the S/MIME setting is enabled, Outlook for iOS and Android will automatically disable the Organize By Thread setting. This is because S/MIME encryption becomes more complex as a conversation thread grows. By removing the threaded conversation view, Outlook for iOS and Android reduces the opportunity for issues with certificates across recipients during signing and encryption. As this is an app-level setting, this change affects all accounts added to the app.

 

Note: Outlook for iOS and Android will support the ability for IT administrators to manage the S/MIME setting via general app configuration for enrolled devices in future releases.

Consuming and Creating S/MIME messages

After the certificates have been installed and S/MIME has been enabled in the app, users can read S/MIME related content and compose using S/MIME certificates.

 

In the message view, users can view messages that are S/MIME signed or encrypted. In addition, users can tap the S/MIME status bar to view more information about the message’s S/MIME status.

Image3.png

Figure 3: Consuming S/MIME messages in Outlook for iOS

 

Users can install a sender’s public certificate key by tapping the S/MIME status bar. The certificate will be installed on the user’s device, specifically in the Microsoft publisher keychain in iOS.

Image4.png

Figure 4: Outlook for iOS sender public certificate key installation

 

When composing an email in Outlook for iOS and Android, the sender can choose to encrypt and/or sign the message (signed messages are sent clear-signed). By tapping on the ellipse and tapping Sign and Encrypt, the various S/MIME options are presented. Selecting an S/MIME option enables the respective action on the email when it is sent (drafts are not signed or encrypted), assuming the sender has a valid certificate.

 

Important: In order to compose an encrypted message, the target recipient’s public certificate key must be available either in the Global Address List or stored on the local device. In order to compose a signed message, the sender’s private certificate key must be available on the device.

Image5.png

Figure 5: Outlook for iOS options for applying S/MIME to a message

 

Outlook for iOS will evaluate all recipients prior to sending an encrypted message and confirm that a valid public certificate key exists for each recipient. The Global Address List () is checked first; if a certificate for the recipient does not exist in the GAL, Outlook queries the Microsoft publisher keychain in iOS to locate the recipient’s public certificate key. For recipients without a public certificate key (or an invalid key), Outlook will prompt for their removal. The message will not be sent unencrypted to any recipient unless the encryption option is disabled by the sender during composition.

 

Summary

If you are interested in testing S/MIME in Outlook for iOS, sign-up for TestFlight access at http://aka.ms/outlookinsiders. Apple imposes a limit to the volume of available testers per app. If TestFlight link indicates the program is full check back in a few weeks as we routinely scrub inactive accounts.

 

We hope access to S/MIME in TestFlight will enable you to validate S/MIME functionality in your environments. For any issues, please file an in-app support ticket with clear instructions/details on the issue. S/MIME support in Outlook for iOS and Android will begin rolling out for general availability later this summer.

 

We recognize that not all customers need S/MIME functionality; in fact, many of our customers are adopting Microsoft Information Protection to classify and protect content. We’re busy putting the final touches on sensitive labeling support in Outlook for iOS and Android. Stay tuned!

 

If you have any questions, please let us know.

 

Ross Smith IV
Principal Program Manager
Customer Experience Engineering

11 Comments
Occasional Visitor

Great progress! However not everyone has the knowledge to use S/MIME or PGP and also both standards are not compatible with each other. We build a product (based on MICROSOFT Azure) which works for everyone and is simple even it cannot be compared 1:1. Check out MAILINJA - Encrypt & Legitimate E-Mails. But Simple. (https://mailinja.com). Greetings from Germany, Volkan

Visitor

@Ross Smith IV 

I'm eagerly awaiting the S/MIME functionality in iOS, thanks for your very informative post.

 

Three questions I really hope you can answer:

1) Will Outlook for iOS support fetching public S/MIME details from AD/AAD from the UserCertificate and/or UserSmimeCertificate attribute?

 

2) Will Outlook for iOS support  fetching public S/MIME details from a connected LDAP Address book, just like Outlook for Windows?

 

3) Will Outlook for iOS support a way for third party solutions such as MDM or other Certificate Life Cycle Management solutions , to configure a present Outlook for iOS with relevant S/MIME and address book settings?

 

Reason why I'm asking are all related to end-user experience.

A techie person will understand how to manually configure an S/MIME and manually configure an addressbook, and will likely be annoyed but understand why a recipients certificate will first need to be save and installed onto iOS before being able to send a message.

But most users have no clue and need to be able to simply use the Outlook for iOS app with S/MIME support for encryption and/or signing.

 

 

Also you state that not everybody needs S/MIME and likely will have sufficient use with Microsoft's proprietary encryption solution. However many countries are adopting a requirement for example for S/MIME based email signing when privacy sensitive information is shared such as medical data. So expect hundreds of thousands if not millions worldwide of non-techie people who professionally are being forced into  S/MIME simply due to (GDPR) regulations

Microsoft

@Mike22April thanks for the questions.

 

In order to compose an encrypted message, the target recipient’s public certificate key must be available either in the Global Address List or stored on the local device (in the Microsoft publisher keychain). The cert gets populated in the GAL using the UserCertificate / UserSmimeCertificate attributes.

 

Outlook for iOS and Android does not support use of an LDAP directory for obtaining certificates (or connecting to an LDAP directory for address book functionality).

 

For automated certificate delivery, Outlook for iOS will only support Intune for enrollment. iOS has two keychains – system and publisher.  Any MDM can push certs to the system keychain.  However, only first party Apple apps can use that keychain. Outlook only has access to Microsoft publisher keychain. Intune is building a cert delivery channel (outside of the MDM channel), to securely deliver certs into the Microsoft publisher keychain. Third-party MDMs won’t have access to the Microsoft publisher keychain because they are not a Microsoft signed application and thus, can’t deliver certs there for Outlook to use.

Visitor

@Ross Smith IV 

Again thanks for your time answering my questions, really helpful.

 

I'm looking forward to seeing / reading more information once available on the separate  channel via Intune to deliver certificates into the Microsoft publisher keychain, especially those that normally would reside in an LDAP key server related to email addresses outside the corporate domain domain.

 

 

Occasional Visitor

This is really an enterprise grade feature we are long waiting for and already opened dozens of tickets for it. :smile: 

 

Questions:

- Are S/MIME signed mails always verified - even when there is no local S/MIME certificate installed on the device?  I'm asking that because a lot of companies use central S/MIME gateways for e-mail signing and do not deploy the S/MIME certs directly on the device.

- When is the Global Go Live expected?

 

 

 

Microsoft

@M_LE_ - In order to validate that the signature is valid, S/MIME must be enabled in the app and the user's certificate must be installed. Clear-signed messages will always have their message bodies rendered, even if the S/MIME functionality is disabled in the app. Regarding when this functionality will ship, please follow http://aka.ms/m365roadmap to keep up to date.

Occasional Visitor

Hi Ross - thanks for quick answer.

Does that mean if S/MIME is enabled and no local S/MIME certificate is installed then a S/MIME signed mail still does not show up as signed with a seal/mark/banner and just the attachment smime.p7m is added as in current iOS Outlook mobile versions?

Native iOS mail validates every signature even when no local S/MIME cert is installed - it would be great if outlook also offers that functionality. Verifying identities is crucial sometimes...

 

When testing this functionality my SMIME certificate installed fine, however when I go to compose a message it says "We couldn't find your S/MIME certificate. Install a certificate or contact your IT help desk." Any idea why it's not picking up my certificate? If I try to install it again it states that it is already installed.
Microsoft

@Michael Nickels - it's possible that Exchange Online isn't properly configured. Ensure S/MIME has been properly configured in Exchange Online by following the steps outlined in S/MIME for message signing and encryption in Exchange Online. This includes setting up the virtual certificate collection and publishing the certificate revocation list to the Internet.

 

If those items have been configured, the best thing to do is open an in-app support ticket so we can analyze the issue.

Occasional Visitor
Hello, is any ETA available for Outlook for android s/mime support even beta testing?
Microsoft

@techcommunity965 - See http://aka.ms/m365roadmap for up to date information on release plans. We have nothing to announce at the moment regarding an early access program for Outlook for Android, but the feedback is noted.