M
MikeB-2020
Guest
My team recently made the decision to enforce the use of digital email signing, and offering at least for internal purposes the option of email encryption.
We will be purchasing S/MIME certificates from one of the top 3 globally trusted certificate service providers, whereby the CSR will be generated by my team, and therefor will end-up with roughly 150 PFX files, 1 for every mail address used and defined on our Office 365 environment. This way we can also support certificate and key-roll over as we as the IT team generated the CSR and not relying on the end-user (device) to create it.
We make use of a local AD that syncs to AAD.
Me and my team know how to manually install the certificate for a user, and we know how to manually configure Outlook for Windows (most commonly used). We also understand how to automatically get a certificate from ADCS to a domain joined end-point.
My first question is:
How do I import these 150 PFX files and their relevant passwords in such a way that these certificates and keys are automatically pushed to every relevant user who makes use of a domain joined (Windows) device?
My second question is:
Is there a way, that enables automated configuration of Outlook, so that Outlook by default always digitally signs new and reply emails, and optionally allows for encryption to target recipients, using the installed/pushed S/MIME certificate?
Continue reading...
We will be purchasing S/MIME certificates from one of the top 3 globally trusted certificate service providers, whereby the CSR will be generated by my team, and therefor will end-up with roughly 150 PFX files, 1 for every mail address used and defined on our Office 365 environment. This way we can also support certificate and key-roll over as we as the IT team generated the CSR and not relying on the end-user (device) to create it.
We make use of a local AD that syncs to AAD.
Me and my team know how to manually install the certificate for a user, and we know how to manually configure Outlook for Windows (most commonly used). We also understand how to automatically get a certificate from ADCS to a domain joined end-point.
My first question is:
How do I import these 150 PFX files and their relevant passwords in such a way that these certificates and keys are automatically pushed to every relevant user who makes use of a domain joined (Windows) device?
My second question is:
Is there a way, that enables automated configuration of Outlook, so that Outlook by default always digitally signs new and reply emails, and optionally allows for encryption to target recipients, using the installed/pushed S/MIME certificate?
Continue reading...