Microsoft Office 365
Administrator Guide – Installing and Configuring S/MIME in Outlook
Overview
S/MIME provides certificate-based email encryption and digital signatures. This guide explains how to install and configure S/MIME in Outlook.
Step 1: Obtain an S/MIME Certificate
Purchase or obtain an S/MIME certificate from a trusted Certificate Authority (CA), such as:
- DigiCert
- GlobalSign
- Sectigo
The certificate must include:
- Email address
- Public and private key pair
Certificate format typically: .pfx or .p12
Step 2: Install Certificate in Windows
- Double-click the certificate file.
- Select Install Certificate.
- Choose Current User.
- Enter the certificate password.
- Store in Personal Certificate Store.
- Complete the installation wizard.
Step 3: Configure Outlook for S/MIME
- Open Outlook.
- Go to File → Options → Trust Center.
- Click Trust Center Settings.
- Select Email Security.
- Under Encrypted email, click Settings.
- Select your installed certificate.
- Enable:
- Encrypt contents and attachments
- Add digital signature (optional)
Save settings.
Step 4: Exchange Certificates with Recipient
For S/MIME encryption to work:
- Send a digitally signed email first.
- The recipient must also have S/MIME configured.
- Both parties must exchange public certificates.
Testing S/MIME
- Compose a new email.
- Click Options.
- Select Encrypt (S/MIME).
- Send to recipient with certificate installed.
Reference
Microsoft Learn – Configure S/MIME in Exchange Online https://learn.microsoft.com/exchange/security-and-compliance/smime-exo/smime-exo