Is a CRES administrator supposed to be able to generate and sign a BCE configuration XML file for a user outside his organization? I have tested this feature and it seems to work. That is, an admin for "mycompany.com" can create BCE config file for "firstname.lastname@example.org" to activate John's BCE app on his iPhone. It seems that if "encryption" option is used (instead of "flag" option), email@example.com can even send encrypted messages from his BCE mobile app.
Is this a supported feature of CRES? I thought the encryption in BCE was supposed to be constrained for organizational user and not the external users. If supported, could I assume that an external user could even install the Outlook plugin 7.3 and, after activation, send encrypted email from Outlook?
It has always been the case that if you sent an email via CRES to an external user, once they registered, they are able to send secure emails themselves to anyone else using CRES secure compose. Although it seemed Cisco were giving CRES away for free, it would not be very convenient to have to send all your email using CRES secure compose, and the upside for Cisco and all CRES users is that more people use the CRES service. It seems like the same kind of principle applies when using the BCE plug-ins. Whether that is the intention we will have to wait for Cisco to answer. However it is not quite as open ended as you suggest, as the Outlook plug-in download is not available anyone, you have to have a Cisco service contract, and if you are in a corporate environment you may not be able or allowed to install software without IT involvement and blessing.
Thanks David. I was not making any comments about openness (or not) of the process. I'm well aware of the need for admin to issue the XML config file for the external users to activate encryption on their devices.
I'm simply interested in finding out if this is a "supported" use case for EXTERNAL users so that people could simply use it (it is especially handy for mobile users).
You have to send them a signed config file from a CRES account admin id. On the CRES admin console there is an option to send such an email using a CSV file of addressees. This is explained in CRES admin guide here:
Correct - the BCE signed XML is a feature directly signed and sent from a CRES admin for the domain. The admin can send directly from CRES admin account, or send encrypted directly to the end user(s). As long as the end user receieves and opens the encypted email directly in Outlook - the automatic process of installing the XML should occur.
Now - for the iPhone BCE app - there is no configuration needed. As long as you install the app as instructed - and that user has already created or tied their email address to a CRES account for the email address in use.
Hope that helps a little more --- if not, reply, let me know what I can further answer.