Policy
Required Certificate Authority
Microsoft Office
Policy overview
Key metadata and intent for this policy.
This policy setting enables you to designate a required certificate authority for Outlook to use for encryption and digital signatures. If you enable this policy setting, you can specify a required certificate authority by entering an X.509 distinguished name in the text field that is provided. The name must conform to the X.509 certificate format exactly. For example: CN=WoodgroveBankCA, DC=WoodgroveBank, DC=com If you disable or do not configure this policy setting, Outlook trusts any certificate authorities that are represented by certificates in the Trusted Root Certification Authorities store on users' computers.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| User | X.509 issue DN that restricts choice of certifying authorities: ID L_X509issueDNthatrestrictschoiceofcertifyingauthorities | text | Path software\policies\microsoft\office\16.0\outlook\security Value name requiredca Type REG_SZ | None |