Skip to Content

MC395208: Public preview: Configure a label to apply S/MIME protection in Outlook

Updated September 12, 2022: We have updated the rollout timeline below. Thank you for your patience.

Coming soon to public preview, Outlook clients will support S/MIME (Secure/Multipurpose Internet Mail Extensions) signature and encryption as a sensitivity label outcome for built-in labeling. This message is associated with Microsoft 365 Roadmap ID 93199.

Outlook clients will support S/MIME (Secure/Multipurpose Internet Mail Extensions) sign and encryption as sensitivity label outcome. Customer admins could use set-label advanced setting to define the label to have S/MIME sign or encryption or both, and emails with those labels applied will enforce S/MIME sign and encrypt accordingly.

MC395208: Public preview: Configure a label to apply S/MIME protection in Outlook

When this will happen

Rollout to public preview will begin in late June as part of the following channel releases and is expected to be complete by end of September (previously end of August).

  • Outlook for Windows: Rolling out to Beta Channel
  • Outlook for Mac: Rolling out: 16.61+
  • Outlook on iOS: Rolling out: 4.2208+
  • Outlook on Android: Rolling out: 4.2203+
  • Outlook on the web: Under review

How this will affect your organization

When you have published sensitivity labels from the Microsoft Purview compliance portal, they start to appear in Office apps for users to classify and protect data as it’s created or edited. We’re rolling out the ability to further apply S/MIME protection to emails within Outlook apps for Win32, Mac, iOS, Android, and Web.

Note: This configuration option is not currently available in the Microsoft Purview compliance center. You must use PowerShell advanced settings with the Set-Label or New-Label cmd after you’ve connected to Office 365 Security & Compliance Center PowerShell.

Use these settings only when you have a working S/MIME deployment and want a label to automatically apply this protection method for emails rather than the default protection that uses Rights Management encryption from Azure Information Protection. The resulting protection will be the same as when a user manually selects S/MIME options from Outlook.


Advanced setting key/value S/MIME digital signatureSMimeSign=”True”

S/MIME encryptionSMimeEncrypt=”True”

The label you configure for these settings doesn’t have to be configured for encryption in the compliance portal. But if it is, S/MIME protection replaces the Rights Management encryption only in Outlook. For other apps, the label applies the encryption settings specified in the Microsoft Purview compliance portal.

What you need to do to prepare

Learn more: Manage sensitivity labels in Office apps

Message ID: MC395208
Published: 27 June 2022
Updated: 12 September 2022
Cloud instance(s): Worldwide (Standard Multi-Tenant)
Platform(s): Android, iOS, Mac, Web, Windows Desktop, World tenant

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.