S/MIME in Office 365



  • So we have been using certificates here to encrypt local emails. We've just been using OpenSSL to generate them along with our Root and Intermediate certs. The management overhead on this has been really high since when a new employee starts they have to send out a signed email so that everyone can add their key and then everyone replies back with a signed email so that the new employee has their key.

    Now that my head is approaching the surface of the water I'm starting to look for ways to improve efficiencies, and this is an obvious need.

    Our email service is provided through Office 365 and our clients include Outlook 2013 and 2016 for PC, MacMail, Outlook 2011 (going away), and Outlook 2016 on Mac.

    Aside from the easily searchable TechNet articles and whatnot, have any of you done this and have any feedback or caveats to share?



  • You want the local emails encrypted at the payload level? Office 365 is encrypted end to end, but not at rest, already.



  • Yes. Because of ITAR and some other DoD requirements we can't rely on O365 encryption and remain compliant.



  • I did this one, installed my own cert into Outlook 2013 - my boss hated it - the little certificate icon made her think all of my emails were marked high priority.



  • @Dashrender said:

    I did this one, installed my own cert into Outlook 2013 - my boss hated it - the little certificate icon made her think all of my emails were marked high priority.

    "It is actually a finger extended in the traditional Native American greeting that contains all the respect you deserve."