If you use Azure Information Protection (AIP) you can now use it to apply S/MIME protection.

To enable S/MIME protection with AIP, logon to your Azure portal (https://portal.azure.com/) and reach out the Azure Information Protection configuration blade

image

Then access the Policies\<the policy you want to configure> and open the the contextual menu (available at the end) to access the Advanced Settings

image

There you have to configure the following settings and save

  • Name: LabelToSMIME
  • Value:  will be a combination of the label ID you want to use and the S/MIME configuration to apply, using the format <label ID>;<S/MIME protection>
    • Sign;Encrypt: To apply a digital signature and S/MIME encryption
    • Encrypt: To apply S/MIME encryption only
    • Sign: To apply a digital signature only

You can get the label ID by accessing the Labels blade and then select the label you want to gather the ID. The label ID value is displayed at the bottom of the blade

imageimage

For example, if you want to sign and encrypt for the label ID 22dc1ec6-19ec-4687-a5b6-36bb1fa1aa4d, the value will be 22dc1ec6-19ec-4687-a5b6-36bb1fa1aa4d;Sign;Encrypt

image

NOTE if the label you selected for the S/MIME protection is configured to apply AIP RMS protection, S/MIME will replace it only on Outlook.

If you want to get the label configured for S/MIME to be visible only on Outlook you need to apply the advanced settings to a label with the protection set to Do not forward (as shown below)

image