S/MIME in Exchange Server 2019

Exchange Server 2019 supports sending S/MIME emails from clients like MAPI, OWA & Exchange Active Sync. We will see how to send an S/MIME email from an Exchange Server 2019 Mailbox.

S/MIME can be used to send a Signed and Encrypted email.

  • Signing an email verifies the sender and ensures the message is not changed since it was sent but it will not prevent message being read by others.
  • Encrypting the email verifies the email has not changed since it was send and it can be decrypted and read by the recipient only.

Sending S/MIME email from Exchange Server 2019 mailbox using the Internal Certificate Authority.

I have an Internal Certificate PKI already configured on my lab which allows user to enroll a User certificate that can be used to Sign and Decrypt an email.

I have select 2 mailboxes from Exchange Server 2019 to show sending and receiving S/MIME email

User Vishwa configured his outlook with a certificate which was received from Internal CA to Sign / Encrypt emails.

Sending a Signed email to Dhanyashree and she can view the Signed email.

Now Sent a Encrypted email and recipient can view those email

Below message is expected, if a user tries to send an email to another user for whom a certificate was not issued / received from CA.

Similar way, we can send S/MIME emails from OWA and Exchange Active Sync Clients. We will have a look on configuring Information Rights Management configuration in Exchange Server 2019 on my Next Post.

Leave a Reply