Enrolling S/MIME certificates for email encryption/signing is such a pain. Could Microsoft team up with a 3rd Party CA like Thawte and easily enroll and configure this certificate to users in the organization? Microsoft should be able to configure the certificate in Outlook Client, Web Access and Outlook Apps without any user interaction required.