Microsoft 365 Message Center item MC1310680

MC1310680 - (Updated) New Outlook for Windows: LDAP support for S/MIME certificate lookup

New Outlook for Windows will support LDAP directories for S/MIME certificate lookup, enabling secure encrypted email with external partners. Rollout begins late May 2026 worldwide, mid-June in GCC. Admins configure LDAP via Exchange Online PowerShell; users add directories in Outlook settings. LDAP must not require authentication.

Message Center ID
MC1310680
Category
stay Informed
Severity
normal
Services
Exchange Online
Tags
Updated message, User impact, Admin impact
Roadmap ID
518287
Platforms
Desktop
Published
2026-05-14
Last updated
2026-05-27
Expires
2026-07-30

Updated May 27, 2026: We have updated the timeline. Thank you for your patience. [Introduction]New Outlook for Windows now supports Lightweight Directory Access Protocol (LDAP) directories for S/MIME certificate lookup. This enables tenants to configure LDAP directories for their organization as well as enabling users to configure LDAP directories themselves. Once configured, users can find recipients’ public encryption certificates from the directories when sending encrypted email, improving secure collaboration with external partners. This is especially valuable for tenants who collaborate with external partners and rely on public/partner LDAP directories to store public S/MIME certificates of users. This message is associated with Microsoft 365 Roadmap ID 518287.[When this will happen:] General Availability (Worldwide): We will begin rolling out in late May 2026 and expect to complete by mid-June 2026 (previously late May). General Availability (GCC): We will begin rolling out in mid-June 2026 (previously early June) and expect to complete by late June 2026. [How this affects your organization:] Who is affected:  Organizations that use S/MIME encryption with external recipients whose public certificates are hosted in third-party LDAP directories  Admins managing Exchange Online What will happen: Admins can configure LDAP directories using Exchange Online PowerShell. Users can add LDAP directories in Settings > Mail > S/MIME in new Outlook. When composing an S/MIME encrypted email, users can select recipients from the LDAP directory via the To field. This will directly enable Outlook to retrieve the certificate from the selected LDAP directory. If users add a recipient directly to the 'To list', Outlook will scan all available certificate sources, including the configured LDAP directories.LDAP endpoints must not require authentication, as authentication is not currently supported.Screenshot: “Add LDAP directory” option in Settings > Mail > S/MIME and LDAP recipient picker in the To field during message composition:Feature is enabled by default once available. No impact to: Classic Outlook for Windows users Organizations not using LDAP for S/MIME certificate discovery[What you can do to prepare:] No action is required to enable this feature If your organization uses LDAP for S/MIME certificates: Identify LDAP directory endpoints used by your organizationRun the Add-LdapDirectory cmdlet to register a new directory: Add-LdapDirectory -Organization "contoso.com" -Id "corp-ldap" -Host "ldap.corp.com" -Port 636 -UseSsl Configure directories using Exchange Online PowerShell (Add-LdapDirectory). Ensure LDAP endpoints do not require authentication.Communicate guidance to users transitioning to new Outlook: Set up Outlook to use S/MIME encryption | Microsoft Support.Learn more: Configure S/MIME in Exchange Online | Microsoft Learn (will be updated before we complete rollout)[Compliance considerations:] No compliance considerations identified, review as appropriate for your organization.