Outlook Enhancements

Note: For a full description of Outlook enhancements, see Outlook Usability Enhancements.

ActivClient policies complement some Microsoft Outlook policies related to the Microsoft Outlook security profile. See Microsoft Outlook Policies for details.

The following tasks detail the ActivClient policy settings for the Microsoft Outlook enhancements.

Important: Restart Outlook

For the Outlook Enhancements policy changes to be applied, you must restart Outlook.

Allow Different Email Addresses in Smart Card Certificate and Microsoft Exchange Account

Description:

Defines if ActivClient checks that the smart card certificates used to configure the Microsoft Outlook profile (and also published to the GAL) are associated to the current Microsoft Outlook user. Specifically, it validates that the certificate email address corresponds to the email address configured for the Microsoft Exchange account.

If this setting is not configured or disabled, then the email address in certificate is checked against the address configured for the user in Microsoft Exchange account.

Check CRL for Microsoft Outlook Security Profile Creation and Publish to GAL

Description:

Defines if a CRL check is required in order to automatically configure email certificates in Microsoft Outlook and to automatically publish certificates to the GAL. If 'enabled and enforced', the operation is not performed if the CRL is unavailable or if the certificate status is revoked or on hold. If 'enabled and not enforced', the operation is performed and a Microsoft Windows event warning is created if the CRL is unavailable or if the certificate status is revoked or on hold. If disabled, the operation is performed regardless of the CRL check status.

If the setting is not configured, it is set to 'Enabled and enforced'.

Possible Values:

  • 0: Disabled

  • 1: Enabled and enforced (default)

  • 2: Enabled and not enforced

Check CRL Timeout for Microsoft Outlook Security Profile Creation and Publish to GAL

Description:

Defines the timeout in milliseconds (ms) for each certificate CRL check. Recommended values are between 0 and 50000.

0 is used to represent the system default of 20000 ms.

If this setting is not configured or disabled, the value is set to 0.

Possible Values:

  • Not Configured

  • Enabled – displays the default value, 20000, and can be updated

  • Disabled

Disable Audit for Microsoft Outlook Security Profile Creation and Publish to GAL

Description:

Disables the audit of Microsoft Outlook security profile creation and certificate publication to the Global Address List.

If this setting is not configured or disabled, then audit is performed.

Encryption Algorithm Configured in Security Profile on Card Insertion

Description:

Defines the encryption algorithm configured in the Microsoft Outlook security profile on smart card insertion.

If this setting is not configured or disabled, then AES (256-bit) is used.

Possible Values:

  • Not Configured

  • Enabled – select one of the following values from the drop-down list:

  • 3DES

  • AES (128-bit)

  • AES (192-bit)

  • AES (256-bit) (default)

  • DES

  • RC2 (40-bit)

  • RC2 (64-bit)

  • RC2 (128-bit)

  • Disabled

Hash Algorithm Configured in Security Profile on Card Insertion

Description:

Defines the hashing algorithm configured in the Microsoft Outlook security profile on smart card insertion.

If this setting is not configured or disabled, then SHA-256 is used.

Possible Values:

  • Not Configured

  • Enabled – select one of the following values from the drop-down list:

  • SHA-1

  • SHA-256 (default)

  • SHA-384

  • SHA-512

  • MD5

    Note: The MD5 algorithm is not supported in Microsoft Outlook 2010.

  • Disabled

Microsoft Outlook Auto-Contact Destination Folder

Description:

Specifies the location where contacts are updated in Microsoft Outlook. This folder must already have been created.

If this setting is not configured or disabled, contacts are updated in the Microsoft Outlook Contacts folder.

Possible Values:

  • Not Configured

  • Enabled – displays the default value, Contacts, and can be updated

  • Disabled

Turn Off Automatic Addition of Sender's Certificates to Microsoft Outlook Contacts

Description:

Disables the automatic creation and update of contact information with the sender's certificate attached to the opened email.

If this setting is not configured or disabled, then the sender's certificates are automatically added to the Microsoft Outlook contacts.

Turn Off Setup Email Certificates in Microsoft Outlook on Card Insertion

Description:

Disables the automatic configuration of the Microsoft Outlook security profile on smart card insertion.

If this setting is not configured or disabled, the Microsoft Outlook security profile is updated with the certificate from the smart card on card insertion.

Turn On Automatic Decryption of Encrypted Emails

Description:

Enables the automatic decryption of opened emails. It also allows saving copies of emails locally in non-encrypted format.

Automatically decrypted emails remain decrypted. Consider the security implications before using this setting.

Turn On Automatic Publication of Certificates to the Global Address List

Description:

Enables the automatic publication of the user encryption certificate to the Global Address List (GAL) on smart card insertion.

If this setting is not configured or disabled, then certificates are not published to the GAL on card insertion.