Microsoft Supporting S/MIME Security for Exchange Server, Outlook and Office 365

Microsoft has implemented the S/MIME e-mail security standard across its hosted and server-based Exchange products, the company announced this month.

The Secure/Multipurpose Internet Mail Extensions standard, currently at version 3, has been used in past Microsoft e-mail solutions, including older Outlook client products and Exchange Server 5.5 on up, according to Microsoft's TechNet description of S/MIME. However, this month, Microsoft added it to Exchange Online as part of its Office 365 services, as well as to Exchange Server 2013 via this week's release of Service Pack 1.

In addition, Microsoft disclosed this week that Outlook Web App, its browser-based version of the Outlook e-mail client, will be getting support for S/MIME by "early April" this year. However, the use of S/MIME in the Outlook Web App is only supported using Microsoft's Internet Explorer 9 browser or later versions at present. In contrast to Outlook Web Apps, the Outlook desktop e-mail client already has S/MIME support via the use of Microsoft's Exchange ActiveSync protocol, according to Microsoft's announcement today.

S/MIME offers both digital signatures for e-mail traffic along with message encryption. The certificates and keys are controlled by the sending organization, which has to set up the S/MIME process. With S/MIME support now enabled across both Office 365 and Exchange Server 2013 SP1, it's now possible to organizations tapping hybrid e-mail infrastructures using Microsoft's hosted and server products to exchange S/MIME e-mails, Microsoft explained.

One key piece for IT pros managing hybrid e-mail scenarios is the use of Microsoft's DirSync protocol, which synchronizes local Active Directory log-on identities with the cloud-based Windows Azure Active Directory. However, for its Outlook Web App, Microsoft indicated that it is planning to introduce "a new OWA control that helps in creating and consuming S/MIME mails," according to the announcement, although the details weren't explained.

Microsoft also will be bringing PowerShell commands that IT pros can use to manage the behavior of S/MIME on Outlook Web Apps. The PowerShell scripts will work across both Exchange Online and Exchange Server 2013 SP1, according to Microsoft's announcement.

When S/MIME is implemented this spring for Microsoft's Outlook Web App, users also will have some control options. They will have the ability to encrypt messages or add digital signatures to them through a checkbox control. They also will be able to apply those actions to some messages or to all messages, according to Microsoft's explanation.

Microsoft's announcement took pains to distinguish the S/MIME e-mail protection scheme from the new Office 365 Message Encryption service, which Microsoft started offering last week. Microsoft's hasn't explained it in great detail, but the upshot seems to be that the Office 365 Message Encryption service adds more controls for IT pros.

"Office 365 Message Encryption is a policy-based encryption service that can be configured and enforced by an administrator to encrypt mail sent to anyone inside or outside of the organization," Microsoft's announcement explained.

Presumably, it's easier to set up and use Microsoft's Message Encryption service in comparison with S/MIME. Organizations using S/MIME have to set up a local Certificate Authority for on-premises users and use DirSync to connect the local Active Directory with Windows Azure Active Directory for hosted e-mail support, among other details.

In addition to Microsoft's approaches, encryption protections are offered by various providers, typically leveraging cloud services. A profile of five such vendors can be found in this Redmond article.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.