Sync user certificates to Office 365 for S/MIME
Before anyone can send S/MIME-protected messages, the appropriate certificates must be set up. In order to send encrypted messages through Exchange Online, the sender's email program uses the public certificate of the recipient to encrypt the message. This public X.509 certificate has to be published to Office 365.
To Sync certificates that support S/MIME
Begin setting up S/MIME by issuing certificates and publishing them in your local Active Directory Domain Service. For more information about managing certificates in Exchange 2013, see Digital Certificates and SSL.
After your certificates are published, use the Azure Active Directory Sync tool to synchronize user data from your on-premises Exchange environment to Office 365. For more information on this process, see DirSync: Directory Sync Tool Version Release History.
Along with synchronizing other directory data, for S/MIME purposes, the tool will synchronize the
userSMIMECertificate attributes for each user object so the data can be used to sign and encrypt messages.