Hi @all in the Exchange Hub,

I have some questions regarding the possibility to allow users uploading S/MIME certificates to the global adress list. We get the certificates from a third-party supplier (no self-generation via AD)

At the moment we are using an on-premise mail server (no Exchange) and want to migrate to Exchange Online. We built a test-environment with a local Active Directory and a Microsoft 365 Tenant.

I´ve done a test with my account in Outlook 365. All works. I was able to import the certificate and publish it in the GAL. A pop-up confirmed the successfull upload to the GAL

On another account we tried the same and got following message:

"There are no valid security settings to publish. Do you want to remove the previously published settings?" (sorry, translated it from german).

If I press no --> nothing happens
If I press yes --> following message appears:

"Your certificates were successfully removed" --> and nothing happens (no confirmation of successfull uploading)

Where is the error? What I have to configurate that it works?

And another essential question:

If I search in the microsoft docs how users can publish certificates I can only find the path:
Outlook --> local Active Directory --> AD Connect --> Exchange Online

Is this the only way of publishing?

Background of this question:

I mentioned above that the GAL publishing of my certificate worked. I can't find the certificate in the local Active Directory in the userCertificate attribute. But I can find a certificate (via PowerShell) in ExchangeOnline.

Hope you understand my questions.

Thanks in advance for answering :)