Exchange profile S/MIME

jason_bracy
Contributor III

Just wondering if anyone has figured out how to enable S/MIME in an Exchange profile that is distributed via MDM (Casper).

If I enable S/MIME in the profile it asks me to provide a certificate. Obviously I don’t want a different profile for every user. If I keep it set to none, and have the user manually install their certificate, the cert installs fine, however, the setting to select a certificate is greyed out. So the user is able to read encrypted messages, but cannot send encrypted messages.

Am I missing something?

5 REPLIES 5

cubandave
Contributor

I'm just curios did you get anywhere in your search? My IT security team is also now demanding this from me.

beatlemike
Release Candidate Programs Tester

I was interested in this as well

TreviñoL
Contributor

Add the SCEP profile to your current Mail profile to be given the option for SCEP authentication using a user certificate for authentication.

You can find a few articles online how to setup SCEP templates for Mac and iOS.

bofh
New Contributor III

@TreviñoL It's not about Certificate Login. It's about signing and encrypting mails.

@Rest: It seems to be an issue of how the Profile itsself is handled. JAMF has opened a RADAR Ticket for this issue. 32947989.
I asked them to put it on openradar now, maybe we can see it publicly.
If you want more info about all that, contact me using slack. (same nickname).

fabian_may
New Contributor

Hello there,

guess I'm a little late.. but I just found the solution for the S/MIME problem..
It seems like Jamf just isn't using all the available parameters for Mail settings.

Solution is pretty simple..

1) Download the Software Profile Creator
https://github.com/ProfileCreator/ProfileCreator
(Big Sur Version is working fine, you'll might have to join the Mac Admins Slack)

2) Export your current mail configuration profile from Jamf

3) Import the configuration profile into Profile Creator

4) Edit all the additional options Jamf "forgot":
(attached screenshot is for IMAP, Exchange has mostly the same options))
fc8d16aedc3842d18af4cdd0dbbb1756

5) Save the profile and sign it (so Jamf won't change anything when importing it)

6) Import configuration profile to Jamf and deploy it

Hope this helps other stressed out Jamf admins.. ;)

Greetings from Germany