S/MIME functionality available in Outlook for iOS TestFlight

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.

Important: S/MIME in Outlook for iOS is now available. The below article has been replaced by product content found at http://aka.ms/omsmime

 

Secure/Multipurpose Internet Mail Extension (S/MIME) functionality in Outlook for iOS and Android has been a top request for several of our enterprise customers. As some of you may have heard, late last week we released support for S/MIME in Outlook for iOS in Office Insiders via TestFlight (v3.30.0 and later). For those not familiar with TestFlight, it is Apple’s platform for distributing pre-release builds. This allows us to get features in the hands of early adopters to gather feedback before releasing to all customers.

 

S/MIME provides encryption, which protects the content of e-mail messages, and digital signatures, which verify the identity of the sender of an e-mail message. In order to use S/MIME with Outlook for iOS, the user’s mailbox must be in Exchange Online.

 

Deploying S/MIME certificates

Outlook for iOS supports manual certificate delivery. Manual certificate delivery is when the certificate is emailed to the user and the user taps on the certificate attachment within Outlook for iOS to initiate the certificate’s installation.

 

Note: Outlook for iOS and Android will support automated certificate delivery in future releases.

Image1.png

Figure 1: Outlook for iOS manual certificate delivery installation

 

Users can export their own certificate and mail it to themselves using Outlook desktop:

  1. Open Outlook 2013, 2016 or 2019 that has already been configured for S/MIME
  2. Click File -> Options -> Trust Center -> Trust Center Settings
  3. Click Email Security
  4. Under Digital ID’s click Import/Export
  5. Click Export Your Digital ID to a file
  6. Click Select and select the correct certificate
  7. Click Browse and select a location to save the file
  8. Complete your password and then click OK
  9. Create a new E-mail and attach the exported PFX file. Send the E-mail to yourself.

Important: When exporting the certificate, ensure the exported certificate is password protected with a strong password.

Enabling S/MIME in the app

S/MIME must be enabled for Outlook for iOS and Android to view or create S/MIME-related content.

 

End users will need to enable S/MIME functionality manually by accessing their account settings, tapping Security, and tapping the S/MIME control, which is off by default.

Image2.png

Figure 2: Outlook for iOS S/MIME security setting

 

When the S/MIME setting is enabled, Outlook for iOS and Android will automatically disable the Organize By Thread setting. This is because S/MIME encryption becomes more complex as a conversation thread grows. By removing the threaded conversation view, Outlook for iOS and Android reduces the opportunity for issues with certificates across recipients during signing and encryption. As this is an app-level setting, this change affects all accounts added to the app.

 

Note: Outlook for iOS and Android will support the ability for IT administrators to manage the S/MIME setting via general app configuration for enrolled devices in future releases.

Consuming and Creating S/MIME messages

After the certificates have been installed and S/MIME has been enabled in the app, users can read S/MIME related content and compose using S/MIME certificates.

 

In the message view, users can view messages that are S/MIME signed or encrypted. In addition, users can tap the S/MIME status bar to view more information about the message’s S/MIME status.

Image3.png

Figure 3: Consuming S/MIME messages in Outlook for iOS

 

Users can install a sender’s public certificate key by tapping the S/MIME status bar. The certificate will be installed on the user’s device, specifically in the Microsoft publisher keychain in iOS.

Image4.png

Figure 4: Outlook for iOS sender public certificate key installation

 

When composing an email in Outlook for iOS and Android, the sender can choose to encrypt and/or sign the message (signed messages are sent clear-signed). By tapping on the ellipse and tapping Sign and Encrypt, the various S/MIME options are presented. Selecting an S/MIME option enables the respective action on the email when it is sent (drafts are not signed or encrypted), assuming the sender has a valid certificate.

 

Important: In order to compose an encrypted message, the target recipient’s public certificate key must be available either in the Global Address List or stored on the local device. In order to compose a signed message, the sender’s private certificate key must be available on the device.

Image5.png

Figure 5: Outlook for iOS options for applying S/MIME to a message

 

Outlook for iOS will evaluate all recipients prior to sending an encrypted message and confirm that a valid public certificate key exists for each recipient. The Global Address List () is checked first; if a certificate for the recipient does not exist in the GAL, Outlook queries the Microsoft publisher keychain in iOS to locate the recipient’s public certificate key. For recipients without a public certificate key (or an invalid key), Outlook will prompt for their removal. The message will not be sent unencrypted to any recipient unless the encryption option is disabled by the sender during composition.

 

Summary

If you are interested in testing S/MIME in Outlook for iOS, sign-up for TestFlight access at http://aka.ms/outlookinsiders. Apple imposes a limit to the volume of available testers per app. If TestFlight link indicates the program is full check back in a few weeks as we routinely scrub inactive accounts.

 

We hope access to S/MIME in TestFlight will enable you to validate S/MIME functionality in your environments. For any issues, please file an in-app support ticket with clear instructions/details on the issue. S/MIME support in Outlook for iOS and Android will begin rolling out for general availability later this summer.

 

We recognize that not all customers need S/MIME functionality; in fact, many of our customers are adopting Microsoft Information Protection to classify and protect content. We’re busy putting the final touches on sensitive labeling support in Outlook for iOS and Android. Stay tuned!

 

If you have any questions, please let us know.

 

Ross Smith IV
Principal Program Manager
Customer Experience Engineering

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.