Ever wondered if it's possible to send encrypted emails via Microsoft Outlook? Well, good news – it is! Whether you're uncertain if a friend's email provider is legit or if you're concerned about sending confidential files and information for work, Outlook supports a number of means to encrypt your messages.
Types of encryption for Outlook emails
First thing's first, it's a good idea to get an idea of what encrypting an email actually entails. When you encrypt an email, you're turning it into undecipherable ciphertext, whereas before it was plain text that anybody could read. Encryption requires the use of a set of keys – a public key (used to do the encrypting) and a private one (used for both encrypting and decrypting). The recipient of your message will therefore require the private key that matches up with the public one – or else they won't be able to see what you've written!
Currently, there are three ways to encrypt Outlook emails. We'll take a brief look at each method below, then dive into some step-by-step setup guides later in the article.
S/MIME Encryption for Outlook
S/MIME encryption can be tricky to configure – namely because your intended recipient will need to be using an email service that supports S/MIME and have it set up and ready to rock. This is pretty unlikely. S/MIME requires that you acquire a certificate to validate your identity and, of course, requires that your recipient have one, too. It's a lot of legwork, and to make matters worse, S/MIME can be rendered totally ineffective if an encryption key gets lost or falls into the wrong hands.
All in all, S/MIME is probably only going to be used effectively by folks whose workplaces already have it set up.
OME Encryption for Outlook
You won't need any certificates to send encrypted messages via Office 365 Message Encryption (OME). Unfortunately, OME is only available as part of a handful of plans – and you'll need to be subscribed to one of these in order to use the encryption feature:
- Office 365 Enterprise E3 and E5
- Microsoft 365 Enterprise E3 and E5
- Microsoft 365 Business Premium
- Office 365 A1, A3, and A5
- Office 365 Government G3 and G5
Users with the following plans can also add Azure Information Protection Plan 1 to their subscription to receive access to the OME feature:
- Exchange Online Plan 1 or 2
- Office 365 F1
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
- Office 365 Enterprise E1
Sending an encrypted email via OME is a straightforward process, though you recipients will have a bit of legwork to do to get their hands on your message. OME requires recipients to sign in to an Office 365 account or confirm their identity via a single-use password, which is sent as a code to a mobile device or an email account. For most recipients, this won’t be too much of a hassle – others, however, may struggle to understand which steps to take to access their encrypted message, or be unable to confirm their identity at that point in time.
What about Encryption Add-ons for Outlook
So, considering some of the pitfalls that come along with S/MIME and OME, you might not be champing at the bit to use either method. This is where third-party encryption services come in handy. There's a number of them available – at varying costs – and all it takes is a quick installation and a few clicks to get setup. Then, sending encrypted emails is as simple as clicking one button. No certificates, no codes, regardless of the mail service your recipient is using.
Now that our whistle-stop tour of Outlook's encryption has come to a stop, let's take a closer look at just how to get these encryption methods setup and running. We'll start with S/MIME.
How to use S/MIME encryption on Outlook Emails
Before you send or receive any emails via S/MIME, you and your recipient are going to need a digital certificate (also known as a digital ID). You can follow the links that Outlook provides to get your hands on one, or do your own research to find a certifier online. Once you have your password, the first thing you'll need to do is back it up somewhere! You won't want to purchase a new one if you lose it, or if you install Outlook on a different device. Without your certificate, you won't be able to read any previously sent or received encrypted emails, either.
The first thing you need to do is import your S/MIME certificate to Outlook. To do this, simply follow the steps below:
- Mouse over the top-left of your Outlook window and navigate through File > Options > Trust Center > Trust Center Settings > Email Security.
- You should see an option to import your certificate, labeled Import/Export, so give it a click.
- A new window will pop up, and you'll need to make sure that the option to Import existing ID from file is highlighted.
- Next, select Browse to find your certificate.
- You'll be prompted to enter the password associated with the certificate, so do so, and confirm.
The Import/Export window will close by itself, and you'll have finished importing your certificate!
Next up, you'll need to share your certificate with your intended recipient. To do so, simply:
- Type up your email.
- Navigate to the top of the message window and select Options, then More Options.
- Next, click on Security Settings.
- At this point, you'll need to click on Add digital signature to this message.
- Send your email, and that's it! The recipient will now be able to use the public key associated with your digital certificate to encrypt their emails to you.
Then, it's time to update the recipient's contact information with their certificate. You can do this as soon as the recipient has sent you an email of their own, via Outlook, containing a digital signature. This is an important step, as you'll need the public key associated with your recipient's certificate in order to send an encrypted message.
- Open up the email from your recipient – the one containing their digital signature.
- Highlight the recipient's name and right-click, then select Add to Outlook Contacts.
- You can also use the Edit/Update button if the recipient is already a contact.
- Select Certificates and browse for the appropriate certificate from the list provided.
Viola! Now, your contact card will be updated with at least one certificate. By clicking this certificate, you'll be able to confirm that it's available to use to encrypt messages intended for the contact.
Finally, after completing the steps above, you'll be able to send an encrypted email. To send a secure email using S/MIME, you'll need to:
- Compose your email as you normally would.
- Select Options from the top of the new message window, and then More Options.
- Click Security Settings.
- You'll see a new Security Properties window, where you'll need to click Encrypt message content and attachments.
- Confirm this by hitting OK, and then close the window.
- Polish off your email, don't forget any important attachments, and send it on its way!
Bear in mind, however, that whilst the contents of your email will be encrypted, the email's subject will not be. So, keep your subjects brief and don't include anything you wouldn't want to be intercepted. If you want to find more about encrypting attachments, check out our guide on how to send a secure email attachment.
How does the recipient read an Outlook email encrypted by S/MIME?
As mentioned above, there are a lot of hoops to jump through before you or your intended recipient can send and or receive S/MIME emails. Ultimately, your recipient will need to have S/MIME ready to go on their device, but so long as you've both exchanged certificates, emails will be automatically decrypted and ready to read.
How to use OME encryption with Outlook
You'll be relieved to know that OME does not involve certificates at all – in fact, Office 365 Message Encryption is pretty straightforward in comparison to S/MIME. So long as you have a valid Office 365 subscription, you'll be able to send encrypted messages to anyone, regardless of what mail client they use, so long as they don't mind doing a bit of legwork to read what you've written.
Before you can send an encrypted email via OME, you'll need to make sure that your current subscription supports the feature. Luckily, this can be done in a few clicks.
Head to Outlook.com and sign in as usual, or open up your Outlook ProPlus app, and open up a new email. If OME is enabled, the Encrypt button in the top menu should not be grayed out.
Once you've confirmed that you can use OME, you can send an encrypted email right away! To do so, follow along with these simple steps:
- Type up your email.
- Navigate to Options in the top menu and hit Encrypt. You can also prevent your encrypted email from being forwarded by selecting the arrow beneath this Encrypt button.
- You'll be notified by a pop-up that encryption will be applied to your email.
- You're all set! Finish your email and send it when you're ready.
How does the recipient read an Outlook email encrypted by OME?
Your recipient will initially receive an email that seems unreadable – they won't be able to check out the content or any attachments until they verify their identity. They can do this by logging in to a valid academic or work account associated with the email address the message was sent to. Otherwise, they can request a single-use password. This password will be emailed to them, and they'll need to paste it into the appropriate Office 365 webpage. The email will then be made readable – but they'll need to download any attachments before they can open them.
Using Add-ons to encrypt Outlook emails
If you don't work for a large corporation with a team of IT staff that can help you with S/MIME certificates or access to OME-enabled accounts, then third party add-ons are going to be the better option. You can use add-ons with any email client, and send encrypted emails to recipients using any email client, too. The most difficult part of using add-ons is going to be deciding which to use – the market is saturated with options, and some are incredibly low-cost!
Getting your encryption add-on ready to go is incredibly simple. Download the file from the provider site, click the download when it's complete, and you'll be walked through a simple installation process that typically only takes a minute or two.
Once that's done and dusted, you're ready to send some encrypted emails! It's simple to do so:
- Begin composing a new email – and be sure to include your attachments, too.
- Don't hit send. Instead, hit the Secure Send button when you're ready.
And that's it! Recipients will similarly have an easy time of reading your encrypted email, too. No certificates are required, and there's no need for single-use passwords – though you can set your emails to expire after a certain time. Upon receiving your email, the recipient will click it and be taken to a separate page where they can view the encrypted message.
The three encryption methods we looked at in this guide come with their own pros and cons, and ultimately you'll need to decide which form of encryption best suits your resources, budget, and skill level. S/MIME works well if your company has already taken the steps to get it set up and running, OME is quicker and more lightweight but depends on the recipient to verify their own identity, and add-ons can render the entire process even more straightforward, but can be costly.
We'd certainly recommend investing in one of these methods, however. Particularly if you frequently send or retrieve sensitive information that could land you with fines if mishandled. Your right to online privacy should extend to your email accounts, too, so look after yourself and make sure no snoopers can intercept your messages.