![]() With Endpoint Manager, organizations can import encryption certificate histories from any Certification Authority. ![]() ![]() Automatic certificate delivery is supported with Android enrollment scenarios: device administrator, Android Enterprise work profile, and Android Enterprise fully managed. Outlook for Android relies on Endpoint Manager to deliver and approve the S/MIME certificates. Only Microsoft published apps, like the Company Portal, can place certificates into the Microsoft publisher keychain. In order to deliver certificates that can be accessed by Outlook for iOS, the certificates must reside in the Microsoft publisher keychain to which Outlook for iOS has access. iOS prevents third-party apps from accessing the system keychain (only first-party apps and the Safari webview controller can access the system keychain). iOS offers a system keychain and publisher keychains. Outlook for iOS and Android only supports automated certificate delivery when Microsoft Endpoint Manager is the enrollment provider.įor Outlook for iOS, this is due to the iOS keychain architecture. For more information, see Exporting a digital certificate. The following image shows how manual certificate delivery works in iOS.Ī user can export their own certificate and mail it to themselves using Outlook. Outlook for iOS and Outlook for Android both support manual certificate delivery, which is when the certificate is emailed to the user and the user taps on the certificate attachment within the app to initiate the certificate's installation. The S/MIME certificate used by Outlook for iOS and Android is calculated by comparing the user's primary SMTP address as defined in the account profile with the certificate's subject value or the subject alternative name value if these do not match, then Outlook for iOS and Android will report that a certificate is not available (see Figure 7) and will not allow the user to sign and/or encrypt messages. Outlook for iOS and Android leverages the user's primary SMTP address for mail flow activities, which is configured during account profile setup. If Exchange Online fails to locate a trusted root certificate or fails to contact the certificate revocation list for the certificate authority, that certificate is considered invalid and is not trusted. If Exchange Online locates a trusted root certificate and can query the certificate revocation list for the certificate authority, the digital certificate's chain for that digital certificate is considered valid and trusted and can be used. Intermediate certificates can also be included with digitally signed email messages. This verification is done by obtaining the intermediate certificates through the authority information access attribute in the certificate until a trusted root certificate is located. Exchange Online validates the certificate by validating each certificate in the certificate chain until it reaches a trusted root certificate. Trust verification is performed on all digital certificates. In manual and automated certificate delivery solutions, it's expected that the certificate's trusted root chain is available and discoverable within your Exchange Online tenant's virtual certificate collection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |