S/MIME on M365 quick tips

S/MIME is used to encrypt and/or sign email sent to another recipient. It uses a combination of a private and a public key. On Exchange, the public keys can be published to the Global Address List (GAL).

If you have a Hybrid environment for Exchange or you are using just Exchange Online managing the certificates can be challenging,

Here are some quick tips to perform some tasks

Create an address list with only the users that have an S/MIME certificate

New-AddressList -Name "S/MIME Users" -RecipientFilter {(((RecipientType -eq 'MailUser') -or (RecipientType -eq 'UserMailbox'))) -and (SMimeCertificate -ne $null)}

Check the members of a dynamic address list

Get-Recipient -RecipientPreviewFilter (Get-AddressList -Identity {S/MIME Users}).RecipientFilter

Delete the S/MIME certificate of a user

set-mailbox -identity <UPN> -UserSMimeCertificate $null

Export a csv file with them email addresses of the users plus their Base64 certificate

$OutputFileName = "C:\temp\CERTS.txt"

del $outputfilename

Get-Recipient -RecipientPreviewFilter (Get-AddressList -Identity {S/MIME Users}).RecipientFilter |
ForEach-Object {
$mbx=Get-Mailbox -Identity $email 
$email+";"+[Convert]::ToBase64String($mbx.userSmimeCertificate[0]) | out-file $OutputFileName -append


Leave a Reply

Your email address will not be published. Required fields are marked *