SharePoint 2016 Email Settings, Sending Encrypted Email

With the introduction of SharePoint 2016 (Preview), we now have the ability to encrypt emails sent from SharePoint using SMTP connection encryption.

First of all, your SMTP server must support STARTTLS and have it enabled. It must also support the TLS 1.0, TSL 1.1, or TLS 1.2 protocol. The MSDN New and improved features in SharePoint Server 2016 page also notes that SSL 2.0 and SSL 3.0 protocols are not supported.

SharePoint Server 2013 Outgoing Email Settings
SharePoint Server 2013 Outgoing Email Settings

Compared to the 2013 Outgoing E-Mail Settings page, the SharePoint 2016 Outgoing E-Mail Settings page has two new settings – Use Secure Sockets Layer (SSL) and SMTP server port.

SharePoint Server 2016 Outgoing E-Mail Settings
SharePoint Server 2016 Outgoing E-Mail Settings

To use email encryption, select ‘Yes’ in the Use Secure Sockets Layer (SSL) drop-down. It is important to remember that SharePoint 2016 will not “fall-back” to sending unencrypted email if the encryption negotiation fails, so testing is required to make sure it is working. Also, having good documentation of all settings is important for when changes are made on the SMTP server that impact communication to/from SharePoint.

There is also an option to use a non-default port for communication with your SMTP server. This is a new security feature with SharePoint Server 2016, as we had to use the default port with previous versions.

The addition of encryption and non-default port SMTP traffic is Microsoft’s answer to the community’s pleas for a more robust solution to sending email. It is a great step in making our environments more secure.

SharePoint Server 2016 (Preview)

On August 24th, 2015, Microsoft announced the availability of SharePoint Server 2016 IT Preview with a blog post by Bill Baer, senior technical product manager for the SharePoint team.

I of course started downloading the software and began the SharePoint farm build. I built a small environment to begin testing: I am using two servers running Windows Server 2012 R2 – one with the Active Directory role & SQL Server 2014 with Service Pack 1 installed & on the second server I performed a simple install using the GUI.

SharePoint 2016 Preview Installation GUI
SharePoint 2016 Preview Installation GUI

There is plenty of coverage on the web describing the different installation options (MinRole), so i won’t go into a lot of detail in this post. For my first test, I selected Single-server farm and used minimal service accounts. I also selected to install every service just to get a feel for the process and functionality.

For this first post, I want to mention the experience of managing the services has been improved – especially in knowing their health.

SharePoint Server 2016 Preview: Services On Server
SharePoint Server 2016 Preview: Services On Server

The image above shows the addition of an In Compliance column and the configured Role to the listing of the services on the current server. For comparison, I have included the Services on Server view on SharePoint Server 2013 below.

SharePoint Server 2013: Services On Server
SharePoint Server 2013: Services On Server

More to come – stay tuned!