Jun 13 2018
12:40 PM
- last edited on
Feb 01 2023
02:04 PM
by
TechCommunityAP
Jun 13 2018
12:40 PM
- last edited on
Feb 01 2023
02:04 PM
by
TechCommunityAP
Hi.
Just added an E3 license to some users, a transport rule is created (and working), so all mails sent from a specific mail is sent encrypted using Azrure Right Management :)
BUT!
I have bought a certificate and added that using Powershell to the Office365 tenant, and applied it to the mailbox.
My question is: I thought, that when a certificate was added to "backend" - a rule could be created, so all mail sent from a specific mailbox is sent encrypted AND signed with the applied certificate (using S/MIME). (followed this https://blogs.technet.microsoft.com/exchange/2014/12/15/how-to-configure-smime-in-office-365/ )
Jun 13 2018 11:22 PM
S/MIME signing/encrypting is a client-based operation, you can only do it via Outlook or OWA. There is no transport rule action that corresponds to this. You can use OME instead, as you've already discovered.
Jun 13 2018 11:27 PM
Hi Vasil
Thanks for responding.
But is it possible to add the certificate using OME then?
Jun 13 2018 11:39 PM
I'm not entirely sure what you mean by that. OME does not need any certificate, it generates all the needed cryptographic components on the backend. The process is explained here: https://docs.microsoft.com/en-us/azure/information-protection/understand-explore/how-does-it-work
Jun 13 2018 11:48 PM
Well..
We have bought a certificate to sign all outgoing mails with a company signing (Company certificate). I want to add this certificate AND use the OME encryption features.
So when sending an email, its encrypted from OME AND signed using the certificate (Even though it should be added local from Outlook.)
If I add S/MIME certificate from Outlook, the encryption from OME is removed???
Jun 14 2018 03:29 AM
Decide whether you want Microsoft to manage the root key for Azure Information Protection (the default), or generate and manage this key yourself (known as bring your own key, or BYOK). If you want to generate and manage this key yourself, you need to complete some steps before you set up the new capabilities for OME. For more information, see Planning and implementing your Azure Information Protection tenant key. Microsoft recommends that you complete these steps before you set up OME.