Microsoft Supporting S/MIME Security for Exchange Server, Outlook and Office 365

Microsoft has implemented the S/MIME e-mail security standard across its hosted and server-based Exchange products, the company announced this month.

The Secure/Multipurpose Internet Mail Extensions standard, currently at version 3, has been used in past Microsoft e-mail solutions, including older Outlook client products and Exchange Server 5.5 on up, according to Microsoft's TechNet description of S/MIME. However, this month, Microsoft added it to Exchange Online as part of its Office 365 services, as well as to Exchange Server 2013 via this week's release of Service Pack 1.

In addition, Microsoft disclosed this week that Outlook Web App, its browser-based version of the Outlook e-mail client, will be getting support for S/MIME by "early April" this year. However, the use of S/MIME in the Outlook Web App is only supported using Microsoft's Internet Explorer 9 browser or later versions at present. In contrast to Outlook Web Apps, the Outlook desktop e-mail client already has S/MIME support via the use of Microsoft's Exchange ActiveSync protocol, according to Microsoft's announcement today.

S/MIME offers both digital signatures for e-mail traffic along with message encryption. The certificates and keys are controlled by the sending organization, which has to set up the S/MIME process. With S/MIME support now enabled across both Office 365 and Exchange Server 2013 SP1, it's now possible to organizations tapping hybrid e-mail infrastructures using Microsoft's hosted and server products to exchange S/MIME e-mails, Microsoft explained.

One key piece for IT pros managing hybrid e-mail scenarios is the use of Microsoft's DirSync protocol, which synchronizes local Active Directory log-on identities with the cloud-based Windows Azure Active Directory. However, for its Outlook Web App, Microsoft indicated that it is planning to introduce "a new OWA control that helps in creating and consuming S/MIME mails," according to the announcement, although the details weren't explained.

Microsoft also will be bringing PowerShell commands that IT pros can use to manage the behavior of S/MIME on Outlook Web Apps. The PowerShell scripts will work across both Exchange Online and Exchange Server 2013 SP1, according to Microsoft's announcement.

When S/MIME is implemented this spring for Microsoft's Outlook Web App, users also will have some control options. They will have the ability to encrypt messages or add digital signatures to them through a checkbox control. They also will be able to apply those actions to some messages or to all messages, according to Microsoft's explanation.

Microsoft's announcement took pains to distinguish the S/MIME e-mail protection scheme from the new Office 365 Message Encryption service, which Microsoft started offering last week. Microsoft's hasn't explained it in great detail, but the upshot seems to be that the Office 365 Message Encryption service adds more controls for IT pros.

"Office 365 Message Encryption is a policy-based encryption service that can be configured and enforced by an administrator to encrypt mail sent to anyone inside or outside of the organization," Microsoft's announcement explained.

Presumably, it's easier to set up and use Microsoft's Message Encryption service in comparison with S/MIME. Organizations using S/MIME have to set up a local Certificate Authority for on-premises users and use DirSync to connect the local Active Directory with Windows Azure Active Directory for hosted e-mail support, among other details.

In addition to Microsoft's approaches, encryption protections are offered by various providers, typically leveraging cloud services. A profile of five such vendors can be found in this Redmond article.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Dynamics 365: Why It May Not Be What You Think

    For starters, the cloud-based CRM/ERP software has some surprising integrations with PowerApps, Microsoft's low-code developer environment.

  • Microsoft 365 Insider Test Program Emerges for Organizations

    Microsoft has started a new Microsoft 365 Insider Program for organizations to test its software, but the program's name and scope could be changing.

  • IT Pros: Don't Forget To Protect Your Personal Security

    Don't be the IT pro who spends way too many hours each day keeping their users secure only to neglect their own home networks. Brien describes the two steps he took to avoid this trap.

  • Microsoft Edge Browser Shifting to Open Source Chromium Platform

    Microsoft plans to align its Microsoft Edge browser production efforts with the open source Chromium Web platform for the desktop version of the browser, the company announced on Thursday.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.