Thank you for the promt reply, and insight into the problem. Great to hear from someone with experience. I cannot find any endpoints for the OWA signatures. There is a new mailboxSettings object in Graph/o365 api but that just contains autoresponses.

How are the third party providers doing it? My development team must be able to implement a similar solution as anyone else, or are the third party providers bying into some other kind of access to my tenant/exchange?

heres the settings object for anyone looking: https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/mailboxsettings

Code Two also provide centralized control over email signatures: http://www.codetwo.com/exchange-rules-pro/ 

Generally speaking, you can approach the problem in three ways:

1. Let the users do their own thing - provide them with a prototype signature file on a periodic basis and ask them to update via Outlook/OWA. This is quick, cheap, and users can modify the signature. However, it doesn't ensure consistency and users are prone to forget to apply the update.

2. Use Exchange Transport Rules - you will be guaranteed that signatures are stamped on all outgoing messages and if your Active Directory is correctly populated with the attributes you want to include (like phone number), the outbound signature will be complete. The advantage of this approach is a guaranteed consistency in signatures. The downside is that users don't get to vote and that they might add their own signature to the mix. Also, remember that ETRs can't process signed or encrypted messages.

3. Use a commerical product - you pay for someone else to do all the development, but you get the advantages of years of experience and tons of experience gained from other customer engagements. If signature consistency is important to you, this is the route you should take.

TR

@Steven Collier 

https://www.ci-solution.com/blog/outlook-roaming-signatures