MC1105021 – M365 Change Digest

One-line summary

New Intune policy lets admins set SMIME certificate lookup order in Outlook mobile, enhancing control over certificate selection from multiple sources.

Similar updates

Details

Summary

A new Intune policy allows admins to set the priority order for SMIME certificate lookup in Outlook mobile, enhancing control and security. Rolling out on August 29, 2025, it is off by default. Configuration details and examples are provided. More information is available [here](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune#smime-settings).

Body (from Message Center)

We're introducing a new Intune policy that allows admins to define the priority order for SMIME certificate lookup in Outlook mobile. This gives organizations more control over how certificates are selected when multiple sources are available, improving flexibility and alignment with internal security practices.

[When this will happen:]

This change will begin rolling out on August 29, 2025.

[How this affects your organization:]

You're receiving this message because our reporting indicates that one or more users in your organization may be using SMIME in Outlook mobile. With this update, administrators can configure a new Intune policy to control the order in which SMIME certificates are retrieved from different sources.

This policy is off by default. If not configured, Outlook mobile will continue using the default lookup order.

[What you can do to prepare

Once the policy becomes available, you can configure it using the following key:

Key: com.microsoft.outlook.Mail.SMIMEEnabled.CertificatesLookupOrder
Type: String
Accepted Values:
- 0 (Contacts)
- 1 (GAL)
- 2 (Device)
- 3 (LDAP)
- Format: "X", "X, X", "X, X, X", or "X, X, X, X"
- Default (if not specified): "0, 1, 2, 3"
- Example: "3, 2, 0, 1"

To learn more about configuring SMIME settings in Outlook mobile with Intune, visit: Deploying Outlook for iOS and Android app configuration settings in Exchange Online.

Raw JSON (for debugging)

Expand/collapse the full payload below.

Show/hide raw

{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Review SMIME usage in Outlook mobile",
      "Plan certificate lookup order policy",
      "Configure new Intune policy after rollout"
    ],
    "ai_master_tags": [
      "Admin",
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "New Intune policy lets admins set SMIME certificate lookup order in Outlook mobile, enhancing control over certificate selection from multiple sources.",
    "ai_topics": [
      "Intune",
      "Outlook"
    ],
    "category": "planForChange",
    "details_map": {
      "Summary": "A new Intune policy allows admins to set the priority order for SMIME certificate lookup in Outlook mobile, enhancing control and security. Rolling out on August 29, 2025, it is off by default. Configuration details and examples are provided. More information is available [here](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune#smime-settings)."
    },
    "id": "MC1105021",
    "importance": 2,
    "is_major_change": false,
    "last_modified": "2025-06-27T23:25:59Z",
    "ms_products": [
      "Intune"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Microsoft Intune"
    ],
    "severity": "normal",
    "tags": [
      "New feature",
      "Admin impact"
    ],
    "title": "Intune policy to determine SMIME cert lookup priority"
  }
}