Applies to: Microsoft Exchange

Topic last modified: 2011-03-19

You can use S/MIME to improve reliability of email messages in Outlook Web App. You can use it to encrypt outgoing messages and attachments so that only intended recipients who have the correct key can read them. With S/MIME, you can also digitally sign outgoing messages. By digitally signing a message, you provide the recipients with a way to verify that the message hasn't been tampered with.

You must obtain a digital identification (ID), also known as a certificate, from the system administrator for your organisation before you can send encrypted and digitally signed messages through Outlook Web App. You must also install the S/MIME control for Outlook Web App. Follow the instructions that are provided by your administrator to use the digital ID. A digital ID may be stored on a smart card or may be a file that you store on your computer.

This feature may not be available for your account.
This information applies to the standard version of Outlook Web App. The feature that's described isn't available in the Outlook Web App Light.

To manage S/MIME settings, click Options > See All Options > Settings > S/MIME.

A digital ID isn't necessary to verify the signatures of digitally signed messages. However, you can't read encrypted mail or digitally signed mail unless you have a digital ID and the S/MIME control is installed.
The S/MIME feature requires Internet Explorer 7, Internet Explorer 8 or Internet Explorer 9. Therefore, it doesn't appear in Outlook Web App when you use other Web browsers.
How do I install the S/MIME control?

  1. If you haven't yet downloaded and installed the S/MIME control, you'll see a link to download it on the S/MIME options page.

  2. Click the link to start the download process.

  3. When you're prompted to run or save the file, click Run.

  4. You may be prompted again to verify that you want to run the software. Click Run to continue the installation.

After you've installed the S/MIME control, the S/MIME options page will automatically update to show a link that you can use to reinstall the S/MIME control. If the control is lost or uninstalled, the original S/MIME control installation link will appear. If the S/MIME control is out of date, you'll see a warning on the S/MIME options page that the control is out of date and a link to reinstall the control.

How do I send encrypted and digitally signed messages?

When the installation is complete, the S/MIME options page will have the following new options:

  • Encrypt contents and attachment of all messages I send   Selecting this option will cause all outgoing messages to be encrypted.

  • Add a digital signature to all messages I send   Selecting this option will cause all outgoing messages to be digitally signed.

If you select or clear either of the options, you must click Save to save your changes. If you make changes and don't click Save before leaving the S/MIME options page, Outlook Web App will prompt you to save or cancel your changes.

Changes in the new message form

After the S/MIME control has been installed, you'll see two new icons at the top of outgoing messages. The new icons let you digitally sign digital signature icon or encrypt Encryption icon individual messages. You can also digitally sign or encrypt outgoing messages by selecting message optionsOptions from the toolbar in the new message and then selecting the options that you want.

Change in contacts and address book

After you've installed the S/MIME control, all entries in your Contacts folder and in your organisation's shared address book will include a note that indicates the recipient's messaging security status. For individuals, the note will say either The recipient does not have a valid digital ID for encrypting email messages or The recipient has a valid digital ID for encrypting email messages. The recipient will be able to decrypt and read encrypted messages only if the note indicates that Outlook Web App there is a valid digital ID.

For groups, the message will tell you if some, none, or all the members have a valid digital ID. The list of members will indicate which members do and don't have valid digital IDs. If a group has other groups as members, the list will indicate how many members of the embedded groups have a valid digital ID.

Change in message appearance

Messages that have been encrypted or digitally signed look slightly different from messages that haven't been encrypted or digitally signed.

List View

Messages that have been encrypted or digitally signed will appear in the List View with either an encrypted icon Encryption icon or digitally signed icon digital signature icon.

Reading Pane and open messages

Messages that have been encrypted or digitally signed will include that information in the header at the top of the message, together with their status. A message that has been digitally signed will tell you whether the digital signature is valid. A message that has been encrypted will tell you if it couldn't be decrypted and what you must do to decrypt it.

What else do I need to know?

  • You may see an option to Select Certificate for Mail Signing. If you select the option to Allow Outlook Web App to automatically pick the best certificate, Outlook Web App will try to match available certificates to the email address you are sending from. You can only select which certificate to use when you are on this page.

What if I want to know more?

Related help topics
No resources were found.