Is there any way to define and deploy a Digital ID for all users centrally? We`re using Exchange Online.
As of now I only see the possibility to open Outlook for every user and apply for a Digital ID.
Thankful
Asked
Active
Viewed 681 times
0
-
As of now it is not possible, as per Microsoft. – Thankful Mar 24 '16 at 11:54
1 Answers
0
It depends on how your Exchange Online environment is configured and how much money you wish to spend. What we build for a customer used a 3rd party S/MIME Autoenrollment feature and active directory features.
So here are the basics implementation steps:
- Implement an active directory triggered public trusted certification authority. There might be more but we used the one from Comodo: Feature: Automatic Deployment with Microsoft Active Directory or CSV File Upload. Rapid client certificate distribution and management achieve tight integration with many types of directory-based employee/device management systems.
- Configure the Exchange Hybrid server, so that the S/Mime elements are synced, so the user can pick them up from the GAL (see Microsoft documentation here)
- Part 3 was the tricky part and really depends on your local environment and how you can deploy something to the client PCs. The customer was using a Software Management suite which allowed us to write a small plugin which can put the correct certificate on the user PC even the user is working from home without a constant direct connection to the active directory.
- The part 4 was the tricky one, we need a way to push the certificate also to the mobile devices. The customer was using AirWatch which has an API and we where able to push the S/Mime certificate to the mobile device clients.
By the way, some important lesson here: Make a BACKUP from any S/Mime certificate you will push to the user.
BastianW
- 2,848
- 4
- 19
- 34