cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Office 365 - Message Encryption - and sign using S/MIME

Michael Jensen
Brass Contributor

‎Jun 13 2018 12:40 PM - last edited on ‎Feb 01 2023 02:04 PM by

‎Jun 13 2018 12:40 PM - last edited on ‎Feb 01 2023 02:04 PM by

Office 365 - Message Encryption - and sign using S/MIME

Hi.

Just added an E3 license to some users, a transport rule is created (and working), so all mails sent from a specific mail is sent encrypted using Azrure Right Management :)

BUT!

I have bought a certificate and added that using Powershell to the Office365 tenant, and applied it to the mailbox.

My question is: I thought, that when a certificate was added to "backend" - a rule could be created, so all mail sent from a specific mailbox is sent encrypted AND signed with the applied certificate (using S/MIME). (followed this https://blogs.technet.microsoft.com/exchange/2014/12/15/how-to-configure-smime-in-office-365/ )

 

Labels:
4,316 Views
0 Likes
5 Replies
Reply
5 Replies
Vasil Michev

‎Jun 13 2018 11:22 PM

‎Jun 13 2018 11:22 PM

Re: Office 365 - Message Encryption - and sign using S/MIME

S/MIME signing/encrypting is a client-based operation, you can only do it via Outlook or OWA. There is no transport rule action that corresponds to this. You can use OME instead, as you've already discovered.

0 Likes
Reply
Michael Jensen

‎Jun 13 2018 11:27 PM

‎Jun 13 2018 11:27 PM

Re: Office 365 - Message Encryption - and sign using S/MIME

Hi Vasil


Thanks for responding.

But is it possible to add the certificate using OME then?

0 Likes
Reply
Vasil Michev

‎Jun 13 2018 11:39 PM

‎Jun 13 2018 11:39 PM

Re: Office 365 - Message Encryption - and sign using S/MIME

I'm not entirely sure what you mean by that. OME does not need any certificate, it generates all the needed cryptographic components on the backend. The process is explained here: https://docs.microsoft.com/en-us/azure/information-protection/understand-explore/how-does-it-work

0 Likes
Reply
Michael Jensen

‎Jun 13 2018 11:48 PM

‎Jun 13 2018 11:48 PM

Re: Office 365 - Message Encryption - and sign using S/MIME

Well..

We have bought a certificate to sign all outgoing mails with a company signing (Company certificate). I want to add this certificate AND use the OME encryption features.

So when sending an email, its encrypted from OME AND signed using the certificate (Even though it should be added local from Outlook.)

If I add S/MIME certificate from Outlook, the encryption from OME is removed???

0 Likes
Reply
Hans van der Meer

‎Jun 14 2018 03:29 AM

‎Jun 14 2018 03:29 AM

Re: Office 365 - Message Encryption - and sign using S/MIME

Decide whether you want Microsoft to manage the root key for Azure Information Protection (the default), or generate and manage this key yourself (known as bring your own key, or BYOK). If you want to generate and manage this key yourself, you need to complete some steps before you set up the new capabilities for OME. For more information, see Planning and implementing your Azure Information Protection tenant key. Microsoft recommends that you complete these steps before you set up OME.

 

https://support.office.com/en-us/article/set-up-new-office-365-message-encryption-capabilities-7ff0c...

0 Likes
Reply