We have exchange 2013 CU19 (on premises) and android devices 6+7. We have certificates from comodo for email signing (and encrypt). Only Sign is enabled in Outlook (2013+2016). The problem is that when an email sent as encrypted, on android devices appears as “This encrypted message can’t be displayed because this version of Exchange Server doesn’t support encrypted S/MIME messages on mobile phones. To view this message, you need to open it on a computer using Outlook.”
But they appear correctly on iPhone devices. Unfortunately we only have two iphones, all the other are android.
Sometimes, while only signed is default in Outlook, messages are sent as encrypted without the user choosing to.