MVP - Most Valuable Professional

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

The Outlook on the web S/MIME implementation supports a variation of encryption algorithms like

  • RC2 (supported key lengths are 40, 56, 64, and 128)
  • DES (56-bit)  
  • 3DES (168-bit)
  • AES128  
  • AES192  
  • AES256

When you want to configure the OWAEncryptionAlgorithms or OWASigningAlgorithms attributes to support more than one algorithm, you have to follow a certain format. The attribute itself is stored as String and not being validated when using Set-SMimeConfig. Beware of this when you configure S/MIME settings and the S/MIME Plugin is not available in your Outlook on the web client.

TechNet states clearly:

“If the encryption algorithm or minimum key length is not available on a client, Outlook on the web does not allow encryption.”


The string to used when configuring the OWAEncryptionAlgorithms for AES256 and AES128  is

Set-SmimeConfig –OWAEncryptionAlgorithms "6610;660E"

When not using quotation marks, you will receive an error message. But the cmdlet will accept a comma separated list. A comma separated list results in the follow Get-SMimeConfig output

Set-SmimeConfig –OWAEncryptionAlgorithms 6610,660E

OWAEncryptionAlgorithms                          : 660E 6610

This setting results in S/MIME not being available in Outlook on the web.


To successfully apply S/MIME configuration changes, restart the application or restart the Exchange server.

Get-ExchangeServer | ? { $_.AdminDisplayVersion -like '*15.*'} | % { Invoke-Command -ComputerName $_.Name -ScriptBlock {Restart-WebAppPool MSExchangeOWAAppPool} }


Read More »