Applies to: Microsoft Exchange
Topic Last Modified: 2011-03-19
You can use S/MIME to improve reliability of e-mail messages in Outlook Web App. You can use it to encrypt outgoing messages and attachments so that only intended recipients who have the correct key can read them. With S/MIME, you can also digitally sign outgoing messages. By digitally signing a message, you provide the recipients with a way to verify that the message hasn't been tampered with.
You must obtain a digital identification (ID), also known as a certificate, from the system administrator for your organization before you can send encrypted and digitally signed messages through Outlook Web App. You must also install the S/MIME control for Outlook Web App. Follow the instructions that are provided by your administrator to use the digital ID. A digital ID may be stored on a smart card or may be a file that you store on your computer.
|This feature may not be available for your account.|
|This information applies to the standard version of Outlook Web App. The feature that's described isn't available in the Outlook Web App Light.|
To manage S/MIME settings, click Options > See All Options > Settings > S/MIME.
|A digital ID isn't necessary to verify the signatures of digitally signed messages. However, you can't read encrypted mail or digitally signed mail unless you have a digital ID and the S/MIME control is installed.|
|The S/MIME feature requires Internet Explorer 7, Internet Explorer 8 or Internet Explorer 9. Therefore, it doesn't appear in Outlook Web App when you use other Web browsers.|
If you haven't yet downloaded and installed the S/MIME control, you'll see a link to download it on the S/MIME options page.
Click the link to start the download process.
When you're prompted to run or save the file, click Run.
You may be prompted again to verify that you want to run the software. Click Run to continue the installation.
After you've installed the S/MIME control, the S/MIME options page will automatically update to show a link that you can use to reinstall the S/MIME control. If the control is lost or uninstalled, the original S/MIME control installation link will appear. If the S/MIME control is out of date, you'll see a warning on the S/MIME options page that the control is out of date and a link to reinstall the control.
When the installation is complete, the S/MIME options page will have the following new options:
- Encrypt contents and attachment of all messages I send Selecting this option will cause all outgoing messages to be encrypted.
- Add a digital signature to all messages I send Selecting this option will cause all outgoing messages to be digitally signed.
If you select or clear either of the options, you must click Save to save your changes. If you make changes and don't click Save before leaving the S/MIME options page, Outlook Web App will prompt you to save or cancel your changes.
After the S/MIME control has been installed, you'll see two new icons at the top of outgoing messages. The new icons let you digitally sign or encrypt individual messages. You can also digitally sign or encrypt outgoing messages by selecting Options from the toolbar in the new message and then selecting the options that you want.
After you've installed the S/MIME control, all entries in your Contacts folder and in your organization's shared address book will include a note that indicates the recipient's messaging security status. For individuals, the note will say either The recipient does not have a valid digital ID for encrypting e-mail messages or The recipient has a valid digital ID for encrypting e-mail messages. The recipient will be able to decrypt and read encrypted messages only if the note indicates that Outlook Web App there is a valid digital ID.
For groups, the message will tell you if some, none, or all the members have a valid digital ID. The list of members will indicate which members do and don't have valid digital IDs. If a group has other groups as members, the list will indicate how many members of the embedded groups have a valid digital ID.
Messages that have been encrypted or digitally signed look slightly different from messages that haven't been encrypted or digitally signed.
Messages that have been encrypted or digitally signed will appear in the List View with either an encrypted icon or digitally signed icon .
Messages that have been encrypted or digitally signed will include that information in the header at the top of the message, together with their status. A message that has been digitally signed will tell you whether the digital signature is valid. A message that has been encrypted will tell you if it couldn't be decrypted and what you must do to decrypt it.
What else do I need to know?
You may see an option to Select Certificate for Mail Signing. If you select the option to Allow Outlook Web App to automatically pick the best certificate, Outlook Web App will try to match available certificates to the email address you are sending from. You can only select which certificate to use when you are on this page.
What if I want to know more?