The challenges with configuring Microsoft Intune when deploying S/MIME certificates

The challenges with configuring Microsoft Intune when deploying S/MIME certificates
02 May ‘23

At KeyTalk, we see an increasing use of S/MIME certificates for safer use of (business) email, particularly in the use of digitally signed email as an important step in the fight against Business Email Compromise, the no.1 cybersecurity threat since 2019. This is not so much with a focus on fully encrypting email messages, but rather on the use of digital signatures.

In the Netherlands, KeyTalk, together with CA partner DigiCert, won a European tender from TenneT TSO at the end of last year. The assignment was to request, deploy, and manage 15,000 S/MIME certificates over a period of 5 years in an automated way. An important factor in choosing DigiCert/KeyTalk was the possibility of fully automated configuration of the S/MIME certificate for MS365/Outlook for Windows for users’ laptops, workstations, and shared mailboxes. In addition, having the MS certified Intune connection based on the KeyTalk Intune PFX connector for deploying S/MIME certificates via Intune for mobile devices was an important reason for the selection of DigiCert/KeyTalk.

With the increasing use of S/MIME for fully encrypted email communication within companies and organizations (i.e., between employees), we also see a strong growing need for expertise to deploy these S/MIME certificates via MS Intune to mobile devices. This is logical because much business email is read on mobile phones outside regular office hours. Once this phone is not provided with an exact copy of the user’s S/MIME certificate (with the same public and private encryption keys), the encrypted message cannot be read on that phone.

In this very informative whitepaper ‘Intune certificate management, trials and tribulations,’ our KeyTalk CTO, Michael van der Sman, extensively reports on his journey around the world in search of Intune expertise and insight. Highly recommended!

If you want to know more about the use of digital certificates for safer use of email, please contact us or download the product description of our Secure Email Service. If you are already further along and are facing the complexity of the right Intune configuration, download the aforementioned whitepaper on this topic.


The KeyTalk Team