(Updated) New Outlook for Windows: LDAP support for S/MIME certificate lookup

Message ID

MC1310680

Service

Exchange Online

Summary

New Outlook for Windows will support LDAP directories for S/MIME certificate lookup, enabling secure encrypted email with external partners. Rollout begins late May 2026 worldwide, mid-June in GCC. Admins configure LDAP via Exchange Online PowerShell; users add directories in Outlook settings. LDAP must not require authentication.

Details

Updated May 27, 2026: We have updated the timeline. Thank you for your patience.

[Introduction]

New Outlook for Windows now supports Lightweight Directory Access Protocol (LDAP) directories for S/MIME certificate lookup. This enables tenants to configure LDAP directories for their organization as well as enabling users to configure LDAP directories themselves. Once configured, users can find recipients’ public encryption certificates from the directories when sending encrypted email, improving secure collaboration with external partners. This is especially valuable for tenants who collaborate with external partners and rely on public/partner LDAP directories to store public S/MIME certificates of users.

This message is associated with Microsoft 365 Roadmap ID 518287.

[When this will happen:]

General Availability (Worldwide): We will begin rolling out in late May 2026 and expect to complete by mid-June 2026 (previously late May).
General Availability (GCC): We will begin rolling out in mid-June 2026 (previously early June) and expect to complete by late June 2026.

[How this affects your organization:]

Who is affected:

Organizations that use S/MIME encryption with external recipients whose public certificates are hosted in third-party LDAP directories
Admins managing Exchange Online

What will happen:

Admins can configure LDAP directories using Exchange Online PowerShell.
Users can add LDAP directories in Settings > Mail > S/MIME in new Outlook.
When composing an S/MIME encrypted email, users can select recipients from the LDAP directory via the To field. This will directly enable Outlook to retrieve the certificate from the selected LDAP directory. If users add a recipient directly to the 'To list', Outlook will scan all available certificate sources, including the configured LDAP directories.
LDAP endpoints must not require authentication, as authentication is not currently supported.

Screenshot: “Add LDAP directory” option in Settings > Mail > S/MIME and LDAP recipient picker in the To field during message composition:

Add LDAP directory settings in new Outlook.

Feature is enabled by default once available.
No impact to:
- Classic Outlook for Windows users
- Organizations not using LDAP for S/MIME certificate discovery

[What you can do to prepare:]

No action is required to enable this feature
If your organization uses LDAP for S/MIME certificates:
- Identify LDAP directory endpoints used by your organization
- Run the Add-LdapDirectory cmdlet to register a new directory:
- Configure directories using Exchange Online PowerShell (Add-LdapDirectory).
- Ensure LDAP endpoints do not require authentication.
- Communicate guidance to users transitioning to new Outlook: Set up Outlook to use S/MIME encryption | Microsoft Support.

Learn more: Configure S/MIME in Exchange Online | Microsoft Learn (will be updated before we complete rollout)

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Change History

Show

Published: May 14, 2026

Last Updated: May 27, 2026

May 27, 2026 at 6:30 PM Updated

Summary

New Outlook for Windows supports LDAP directories for S/MIME certificate lookup, enabling secure encrypted email with external partners. Admins configure LDAP via Exchange Online PowerShell; users add directories in Outlook settings. Rollout starts late May 2026 worldwide, early June in GCC. Feature enabled by default, no authentication supported.

New

Last Updated Date

2026-05-21T20:28:39.780Z

New

2026-05-27T17:00:54.150Z

Body Content

Updated May 21, 2026: We have updated the content. Thank you for your patience.

[Introduction]

This message is associated with Microsoft 365 Roadmap ID 518287.

[When this will happen:]

General Availability (Worldwide): We will begin rolling out in late May 2026 and expect to complete by late May 2026.
General Availability (GCC): We will begin rolling out in early June 2026 and expect to complete by late June 2026.

[How this affects your organization:]

Who is affected:

Organizations that use S/MIME encryption with external recipients whose public certificates are hosted in third-party LDAP directories
Admins managing Exchange Online

What will happen:

Admins can configure LDAP directories using Exchange Online PowerShell.
Users can add LDAP directories in Settings > Mail > S/MIME in new Outlook.
When composing an S/MIME encrypted email, users can select recipients from the LDAP directory via the To field. This will directly enable Outlook to retrieve the certificate from the selected LDAP directory. If users add a recipient directly to the 'To list', Outlook will scan all available certificate sources, including the configured LDAP directories.
LDAP endpoints must not require authentication, as authentication is not currently supported.

Screenshot: “Add LDAP directory” option in Settings > Mail > S/MIME and LDAP recipient picker in the To field during message composition:

Add LDAP directory settings in new Outlook.

Feature is enabled by default once available.
No impact to:
- Classic Outlook for Windows users
- Organizations not using LDAP for S/MIME certificate discovery

[What you can do to prepare:]

No action is required to enable this feature
If your organization uses LDAP for S/MIME certificates:
- Identify LDAP directory endpoints used by your organization
- Run the Add-LdapDirectory cmdlet to register a new directory:
- Configure directories using Exchange Online PowerShell (Add-LdapDirectory).
- Ensure LDAP endpoints do not require authentication.
- Communicate guidance to users transitioning to new Outlook: Set up Outlook to use S/MIME encryption | Microsoft Support.

Learn more: Configure S/MIME in Exchange Online | Microsoft Learn (will be updated before we complete rollout)

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

New

Updated May 27, 2026: We have updated the timeline. Thank you for your patience.

[Introduction]

This message is associated with Microsoft 365 Roadmap ID 518287.

[When this will happen:]

General Availability (Worldwide): We will begin rolling out in late May 2026 and expect to complete by mid-June 2026 (previously late May).
General Availability (GCC): We will begin rolling out in mid-June 2026 (previously early June) and expect to complete by late June 2026.

[How this affects your organization:]

Who is affected:

Organizations that use S/MIME encryption with external recipients whose public certificates are hosted in third-party LDAP directories
Admins managing Exchange Online

What will happen:

Admins can configure LDAP directories using Exchange Online PowerShell.
Users can add LDAP directories in Settings > Mail > S/MIME in new Outlook.
When composing an S/MIME encrypted email, users can select recipients from the LDAP directory via the To field. This will directly enable Outlook to retrieve the certificate from the selected LDAP directory. If users add a recipient directly to the 'To list', Outlook will scan all available certificate sources, including the configured LDAP directories.
LDAP endpoints must not require authentication, as authentication is not currently supported.

Screenshot: “Add LDAP directory” option in Settings > Mail > S/MIME and LDAP recipient picker in the To field during message composition:

Add LDAP directory settings in new Outlook.

Feature is enabled by default once available.
No impact to:
- Classic Outlook for Windows users
- Organizations not using LDAP for S/MIME certificate discovery

[What you can do to prepare:]

No action is required to enable this feature
If your organization uses LDAP for S/MIME certificates:
- Identify LDAP directory endpoints used by your organization
- Run the Add-LdapDirectory cmdlet to register a new directory:
- Configure directories using Exchange Online PowerShell (Add-LdapDirectory).
- Ensure LDAP endpoints do not require authentication.
- Communicate guidance to users transitioning to new Outlook: Set up Outlook to use S/MIME encryption | Microsoft Support.

Learn more: Configure S/MIME in Exchange Online | Microsoft Learn (will be updated before we complete rollout)

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

May 21, 2026 at 10:31 PM Updated

Title

New Outlook for Windows: LDAP support for S/MIME certificate lookup

New

(Updated) New Outlook for Windows: LDAP support for S/MIME certificate lookup

Summary

New Outlook for Windows will support LDAP directories for S/MIME certificate lookup starting late May 2026, enabling admins and users to configure LDAP for finding recipients’ public encryption certificates when sending encrypted emails. LDAP endpoints must not require authentication. This benefits organizations collaborating with external partners.

New

Last Updated Date

2026-05-14T20:15:13.403Z

New

2026-05-21T20:28:39.780Z

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free