Outlook Enhancements

Tip! For a full description of the Microsoft Outlook Usability Enhancements feature, see Configuring and Using Microsoft Outlook Usability Enhancements.

The ActivClient Outlook Enhancements policies complement certain Microsoft Outlook Policies related to the Microsoft Outlook security profile.

The following sections detail the ActivClient policy settings for the Microsoft Outlook Usability Enhancements feature.

Important: Restart Outlook

For the Outlook Enhancements policy changes to be applied, you must restart Outlook.

Description

Specifies whether ActivClient checks if the email address in the smart card certificate matches the email address configured for the user’s Microsoft Exchange account.

This validation ensures that the smart card certificates used to configure the Microsoft Outlook profile (and published to the GAL) are associated with the current Microsoft Outlook user.

Behavior

  • Disabled or Not Configured: ActivClient only updates the Microsoft Outlook profile and publishes certificates to the GAL if the email address in the smart card certificate matches the email address configured in the user’s Microsoft Exchange account.

  • Enabled: If this setting is enabled and the addresses do not match, and if the email address needs to be updated, ActivClient prompts the user to confirm whether to proceed with updating the Outlook profile and publishing to the GAL.

Description:

Specifies whether a Certificate Revocation List (CRL) check is required before completing either the automatic configuration of the Microsoft Outlook security profile and/or certificate publication to the Global Address List (GAL).

Behavior

  • Disabled or Not Configured: If the policy is disabled or not configured, it defaults to Enabled and enforced, i.e., the operation is not performed if the CRL is unavailable, or the certificate status is revoked or on hold.

  • Enabled (policy level): If the policy is enabled, any of the following values can be selected (the default value Enabled and enforced is pre-selected).

  • Enabled and enforced (default): The operation is not performed if the CRL is unavailable, or if the certificate status is revoked or on hold.

  • Enabled and not enforced: The operation is performed even if the CRL is unavailable, or the certificate status is revoked or on hold. In this case, a Microsoft Windows event warning is created.

  • Disabled: The operation is performed regardless of the CRL check status.

Description

Specifies the encryption algorithm configured in the Microsoft Outlook security profile on smart card insertion.

Behavior

  • Disabled or Not Configured: The encryption algorithm is set to AES (256-bit).

  • Enabled: Users can select an encryption algorithm from the options available in the drop-down list:

  • 3DES

  • AES (128-bit)

  • AES (192-bit)

  • AES (256-bit) (default)

  • DES

  • RC2 (40-bit)

  • RC2 (64-bit)

  • RC2 (128-bit)

Description

Specifies the hashing algorithm that is configured in the Microsoft Outlook security profile when a smart card is inserted.

Behavior

  • Disabled or Not Configured: The hashing algorithm is set to SHA-256.

  • Enabled: Users can select a hashing algorithm from the options available in the drop-down list:

    • SHA-1

    • SHA-256 (default)

    • SHA-384

    • SHA-512

    • MD5

      Note: The MD5 algorithm is not supported in Microsoft Outlook 2010.

Description

Specifies the location where contacts are updated in Microsoft Outlook. The specified folder must already exist before it can be used.

Behavior

  • Disabled or Not Configured: Contacts are updated in the default Microsoft Outlook Contacts folder.

  • Enabled: The default value (Contacts) is used or a custom folder can be specified in the Options field.

Description

Disables the automatic creation or update of contact information in Microsoft Outlook using the sender's certificate attached to an opened email.

Behavior

  • Disabled or Not Configured: Sender's certificates are automatically added to the Microsoft Outlook contacts.

  • Enabled: The automatic addition of sender's certificates to contacts is disabled.

Description

Disables the automatic configuration of the Microsoft Outlook security profile on smart card insertion.

Behavior

  • Disabled or Not Configured: The Microsoft Outlook security profile is updated with the certificate from the smart card upon insertion.

  • Enabled: The automatic configuration of the Microsoft Outlook security profile on smart card insertion is disabled.

Description

Enables the automatic decryption of opened emails. It also allows saving copies of emails locally in non-encrypted format.

Behavior

  • Disabled or Not Configured: Encrypted emails are not automatically decrypted, and non-encrypted copies cannot be saved locally.

  • Enabled: Emails are automatically decrypted upon opening, and users can save non-encrypted copies locally.

Important: Automatically decrypted emails remain decrypted. Consider the security implications before using this setting.

Description

Enables the automatic publication of the user encryption certificate to the Global Address List (GAL) on smart card insertion.

Behavior

  • Disabled or Not Configured: Certificates are not automatically published to the GAL when a smart card is inserted.

  • Enabled: The user's encryption certificate is automatically published to the GAL upon smart card insertion.