S/MIME sensitivity options in Outlook
Published Aug 24 2024 09:09 PM 493 Views
Microsoft

(Originally published on September 14, 2022 by Hitesh Manwar and Mouli Gopalakrishnan)

 

Hi, Insiders! We are Hitesh Manwar and Mouli Gopalakrishnan from the Outlook team. We're excited to share that adding S/MIME encryption to your emails in Outlook for Windows just got easier! Admins can now add configuration options organization-wide with labels that populate to the Sensitivity drop down menu.

 

S/MIME options in Outlook

 

Many of you send digitally signed and encrypted messages using S/MIME (Secure/Multipurpose Internet Mail Extensions) to add an extra layer of security and protect message content by verifying the sender’s identity.

 

Previously, you could set up a custom configuration to enable S/MIME instead of RMS (Rights Management services) to encrypt or sign the emails using Azure Information Protection (AIP) client in Outlook. Users would then go to the Options tab to apply the S/MIME in Outlook.

 

Now we’ve made this important feature even easier to use by giving admins the ability to add S/MIME options to the Sensitivity drop down menu—no custom configuration needed! These labels allow users in their organization to easily encrypt and sign their emails with a single click.

 

How it works

For admins

  1. Make sure that your organization has a working S/MIME setup. 
  2. Click the Start button in the Windows taskbar, type PowerShell in the Search box, and then click Windows PowerShell
  3. Connect to the Security and Compliance PowerShell by importing the Exchange Online Management module and connecting to the admin account.

    Connecting to security and compliance PowerShellConnecting to security and compliance PowerShell

  4. Once the connection is established, you can use the Set-label or New-label command within the advanced settings of the PowerShell to configure an existing label to apply S/MIME encryption and signing.

     

    Example PowerShell commands where the sensitivity label GUID is ada3ca38-b2c0-468d-ac5f-656a4e0c4208 and the label is associated with both encrypt and sign:

    Assigning S/MIME encrypt and sign to an existing labelAssigning S/MIME encrypt and sign to an existing label

     

    Once the set-up is done, users within your organization will start seeing the label with GUID “ada3ca38-b2c0-468d-ac5f-656a4e0c4208” appear underneath the Sensitivity tab. Make sure to rename these labels with an easily identifiable name to avoid user confusion.

For users

Here are the steps to apply these S/MIME labels to your emails: 

  1. Once your admin has set up these new labels, open an email in Outlook.
  2. Navigate to the Message tab and click the Sensitivity button.
  3. The new S/MIME encrypt and sign options will appear on the drop-down menu with the other sensitivity labels.

    Dropdown menu of new sensitivity labels in OutlookDropdown menu of new sensitivity labels in Outlook

    Your message recipient will see a lock pad and/or a certificate icon at the top right of your email whenever you apply one of the labels.

    Sign and Encrypt icons show once applied in emailSign and Encrypt icons show once applied in email

 

Known Issues

For admins

  • Watermarking as content marking is not supported for S/MIME labels.  
  • When admins use sensitivity labels in their organization, they get an option to have header/footer or watermarking on the email that goes out. When S/MIME also comes as a label option, the header/footer content marking works but not the watermarks. Learn more about what sensitivity labels can do here
  • Configuring visual markings per Office application type by using a ${If.App.WXO} variable statement in the text string is not currently available.

For users

  • Sender may see multiple content marks multiple times if they send, recall, and resend a message.

 

Requirements

  • A Microsoft 365 E3 or E5 license. 
  • Pre-existing S/MIME deployment within your organization.

 

Availability 

This feature is rolling out to Insiders running Beta Channel Version 2208 (Build 15601.20028) or later of Outlook for Windows.  

 

Features are released over some time to ensure things are working smoothly. We highlight features that you may not have because they’re slowly releasing to larger numbers of Insiders. Sometimes we remove elements to further improve them based on your feedback. Though this is rare, we also reserve the option to pull a feature entirely out of the product, even if you, as an Insider, have had the opportunity to try it.  

 

Feedback  

We want to hear from you! Please go to Help > Feedback in Outlook to provide your thoughts about this feature.

 


Learn about the Microsoft 365 Insider program and sign up for the Microsoft 365 Insider newsletter to get the latest information about Insider features in your inbox once a month!

Co-Authors
Version history
Last update:
‎Aug 24 2024 09:13 PM
Updated by: