Sync user certificates to Office 365 for S/MIME

Before anyone can send S/MIME-protected messages in Exchange Online, the appropriate certificates must be set up. To send encrypted messages through Exchange Online, the sender's email app uses the public certificate of the recipient to encrypt the message. This public X.509 certificate has to be published to Office 365.

To Sync certificates that support S/MIME

Begin setting up S/MIME by issuing certificates and publishing them in your local Active Directory Domain Service. For more information about managing certificates in Exchange Server, see Digital Certificates and SSL.

After your certificates are published, use the Azure Active Directory Sync tool to synchronize user data from your on-premises Exchange environment to Office 365. For more information on this process, see DirSync: Directory Sync Tool Version Release History.

Along with synchronizing other directory data, for S/MIME purposes, the tool will synchronize the userCertificate and userSMIMECertificate attributes for each user object so the data can be used to sign and encrypt messages.

More Information

S/MIME for message signing and encryption

Azure Active Directory Sync tool