Directory Synchronization - Email Encryption Guide

This article details how to configure Directory Synchronization with secure SSL-based encryption methods, including TLS, LDAPS, and POP3, to enhance security for email delivery, directory sync, and journaling. 

We can connect or synchronize with your infrastructure utilizing secure SSL-based encryption methods. Using encryption increases the security of your traffic and requires a valid SSL certificate to be installed. Encryption can be applied to email delivery (TLS), Directory Sync (LDAPS), and Journaling (POP3S).

Configuring Certificates

To implement certificates in your environment, you will need to install and configure the certificate on the relevant server, i.e. the directory server for LDAPS and your mail server for TLS and POP3S. A valid SSL certificate (public or, in certain instances, a self-signed certificate) is required.
See Secure Socket Layers (SSL) Certificates.

Obtaining / Installing Exchange Certificates

The first step in obtaining an SSL certificate is to generate a certificate signing request (CSR). The method used is determined by the Microsoft Exchange Server version. For a public certificate, the request should then be submitted to one of the supported Certificate Authorities. Once the certificate has been issued by the Certificate Authority, import the certificate into the relevant server. After installing the certificate, you must enable it with the relevant service.

• Obtain and install SSL certificates - Exchange 2019.
• Obtain and install SSL certificates - Exchange 2016.
• Obtain and install SSL certificates - Exchange 2013.

Transport Layer Security (TLS)

TLS provides an encrypted end-to-end tunnel for the secure transmission of emails. TLS can be configured on Mimecast using policies and can be enabled based on the sender, recipient, and content of the email.

• Configuring Secure Delivery Definitions and Policies
• Configuring Secure Receipt Policies