MC1310680 - New Outlook for Windows: LDAP support for S/MIME certificate lookup

Updated May 27, 2026: We have updated the timeline. Thank you for your patience. 

Introduction

New Outlook for Windows now supports Lightweight Directory Access Protocol (LDAP) directories for S/MIME certificate lookup. This enables tenants to configure LDAP directories for their organization as well as enabling users to configure LDAP directories themselves. Once configured, users can find recipients’ public encryption certificates from the directories when sending encrypted email, improving secure collaboration with external partners. This is especially valuable for tenants who collaborate with external partners and rely on public/partner LDAP directories to store public S/MIME certificates of users. 

This message is associated with Microsoft 365 Roadmap ID 518287.

When this will happen:

• General Availability (Worldwide): We will begin rolling out in late May 2026 and expect to complete by mid-June 2026 (previously late May 2026May).
• General Availability (GCC): We will begin rolling out in early mid-June 2026 (previously early June) and expect to complete by late June 2026.

How this affects your organization:

Who is affected:

•  Organizations that use S/MIME encryption with external recipients whose public certificates are hosted in third-party LDAP directories 
•  Admins managing Exchange Online

What will happen:

• Admins can configure LDAP directories using Exchange Online PowerShell.
• Users can add LDAP directories in Settings > Mail > S/MIME in new Outlook.
• When composing an S/MIME encrypted email, users can select recipients from the LDAP directory via the To field. This will directly enable Outlook to retrieve the certificate from the selected LDAP directory. If users add a recipient directly to the 'To list', Outlook will scan all available certificate sources, including the configured LDAP directories.
• LDAP endpoints must not require authentication, as authentication is not currently supported.

Screenshot: “Add LDAP directory” option in Settings > Mail > S/MIME and LDAP recipient picker in the To field during message composition:



• Feature is enabled by default once available.
• No impact to:
  • Classic Outlook for Windows users
  • Organizations not using LDAP for S/MIME certificate discovery

What you can do to prepare:

• No action is required to enable this feature
• If your organization uses LDAP for S/MIME certificates:
  • Identify LDAP directory endpoints used by your organization
  • Run the Add-LdapDirectory cmdlet to register a new directory:

  Add-LdapDirectory -Organization "contoso.com" -Id "corp-ldap" -Host "ldap.corp.com" -Port 636 -UseSsl

  • Configure directories using Exchange Online PowerShell (Add-LdapDirectory).
  • Ensure LDAP endpoints do not require authentication.
  • Communicate guidance to users transitioning to new Outlook: Set up Outlook to use S/MIME encryption | Microsoft Support.

Learn more: Configure S/MIME in Exchange Online | Microsoft Learn (will be updated before we complete rollout)

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.