Hi ChristyZhang-MSFT,
This post is exactly my question - thank you so much!!! And in Outlook that method does really work - from Contact's property the certificate can be exported and then (if needed) imported onto the workstation:
This technique, however, can not be applied in Outlook on the Web - at least I failed to find the way to add the sender to the Contacts list:
According to the screenshot above the sender's certificate seems to be contained (~ somehow embedded ) in the signed message sent from a sender to a recipient and provided I'm really able to encrypt messages using this embedded certificate later on, the main question for me is still the same - where is this certificate stored if at that moment no sender's certificate has been added to the recipient's workstation certificate stores (Outlook may contain certificates somewhere in its installation folders but Outlook on the Web is just a web page!!!).
"By the way, what are you doing to study the storage of this certificate?" - I didn't have the purpose of specifically studing that question, I just don't like putting in production the technologies I don't fully understand and the questions I'm asking are really that simple, for example: if the textbook says "the certificate is sent with the signed message" then I'd like to know where can I find this sent certificate - doesn't it the simple question? And it sounds weird to me that the answer (part of the answer indeed!) to that simple question can be found only in the thread you posted above!
Currently my company uses PGP for encrypting emails and the theory behind it is very straightforward: every user generates a couple of keys and sends other his/her public key (or uploads it to the server) - that's all! Everyone knows where is his/her private and/or public key stored. Why can't I have the same knowledge for Outlook/S-MIME even after reading a lot of textbooks (including MS official curriculums) and technet articles???