Outlook is unable to send an encrypted email to recipients in my company

Outlook is unable to send an encrypted email to recipients in my company
10 Mar ‘23

When sending S/MIME encrypted emails within your company using Outlook, your Outlook will lookup the public key of the recipient(s) in the Global Address List (GAL).

As such the administrator of your company must ensure that all company users have their valid S/MIME certificate registered in the company Active Directory and/or Active Directory.

AD/AAD will, by default, synchronize the email address and S/MIME certificate details to GAL every 30 minutes.

While Outlook for Mobile always does a live lookup in the connected GAL, Outlook for Windows and Mac, will by default always do the lookup in the Offline Global Address List.

The Offline GAL is generated once every 24 hours measured from the last time the Offline GAL sync with AD/AAD was successful.

As a result, when relying on default automated processes and your user’s client being online, it can take 48 hours before the Offline GAL is synchronized, and the most recent S/MIME certificates of other users in the company are available in Outlook.

To manually enforce synchronizing your Offline GAL for Outlook for Mac or Windows: On the Send/Receive tab in the Ribbon, click Send/Receive Groups, and then click Download Address Book. Click OK.

To manually enforce AD to AAD sync: As an Admin open Powershell on the AD that runs AD Sync and run: Start-ADSyncSyncCycle -PolicyType Delta

To manually enforce AD to GAL sync to your on-prem Exchange: As an Admin open Powershell on the AD and run: Update-GlobalAddressList -Confirm

 

Sources: