Automated public S/MIME certificate distribution and configuration to domain joined devices? RRS feed

  • Question

  • My team recently made the decision to enforce the use of digital email signing, and offering at least for internal purposes the option of email encryption.

    We will be purchasing S/MIME certificates from one of the top 3 globally trusted certificate service providers, whereby the CSR will be generated by my team, and therefor will end-up with roughly 150 PFX files, 1 for every mail address used and defined on our Office 365 environment. This way we can also support certificate and key-roll over as we as the IT team generated the CSR and not relying on the end-user (device) to create it.

    We make use of a local AD that syncs to AAD.

    Me and my team know how to manually install the certificate for a user, and we know how to manually configure Outlook for Windows (most commonly used). We also understand how to automatically get a certificate from ADCS to a domain joined end-point.

    My first question is:

    How do I import these 150 PFX files and their relevant passwords in such a way that these certificates and keys are automatically pushed to every relevant user who makes use of a domain joined (Windows) device?

    My second question is:

    Is there a way, that enables automated configuration of Outlook, so that Outlook by default always digitally signs new and reply emails, and optionally allows for encryption to target recipients, using the installed/pushed S/MIME certificate?

    Sunday, March 22, 2020 4:22 PM

All replies

  • Hi,

    Welcome to our forum.

    Since here we mainly focus on general issues about Outlook desktop client but your question is more related to AD. It is suggested to post a new thread to AD related forum.

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thanks for your understanding and hope your question will be resolved soon.


    Aidan Wang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, March 23, 2020 7:20 AM