S/MIME stands for Secure Multipurpose Internet Mail Extension, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account on your Windows Phone (for example, Outlook).
Signing and encrypting email
S/MIME has two primary components:
- Digital signature. This checks to make sure that the email was in fact sent by the person who sent it. You need to install a signing certificate which is unique to you to sign your messages. Your company's IT administrator can remotely install the certificate on your phone, and that person will have more info about how to obtain a personal certificate for your phone.
- Encryption. This is a way of protecting information (encryption) so that it can't be read or understood until it's changed back into a decipherable form (decryption). Encryption keeps your email confidential while the message is in transit and in storage—only the intended email recipient can view the contents. Your company's IT administrator can remotely install your personal encryption key on your phone. If your email recipient is in your organization, we'll find their public encryption key while you compose an encrypted email to them. If the recipient is outside your organization, you need to install their public key on your phone when they send it to you over email. Contact your company's IT administrator for more info about how to obtain an encryption key for your phone.
You can't open S/MIME-encrypted messages on Windows Phone if they're protected by Information Rights Management (IRM).