Learn How to Encrypt Email Messages in MS Outlook

Siddharth Rawat Siddharth Rawat Published On - 04 Nov 2019

In present times encrypting confidential information has become a necessity. Every now and then, we hear horror stories related to data breaches and data theft. Since Outlook is a widely used email client for communication, encrypting any confidential MS Outlook emails is necessary. In this article, we will be covering methods, which can be beneficial for anyone looking for encrypting MS Outlook emails.

In general, encrypting an email simply means converting the plaintext (email message) to a scrambled ciphertext. Decrypting the encrypted message is a straightforward task as only the recipient has the private key that is identical to the public key (that was earlier used to encrypt the plaintext) can decipher the message for further reading. Anyone without this private key will see indecipherable text only. MS Outlook supports the following two encryption options:

  • S/MIME Encryption: S/MIME is an abbreviation for Secure/Multipurpose Internet Mail Extensions and is based on asymmetric cryptography to protect your mails from unauthorized access. In order to use this encryption method, the sender and the receiver must have a mail application that supports S/MIME standard. In addition to this, it allows the sender to digitally sign the email messages, which is highly effective in tackling various phishing attacks.
  • Office 365 Message Encryption: It is an online service that is built on Microsoft Azure Rights Management (Azure RMS). Using this, you can now encrypt messages by using the rights management templates, Do Not Forward option, and encrypt-only option. All office 365 users that use Outlook clients to send/receive the mails receive a smooth reading experience for encrypted or rights-protected mails even if the sender-receiver duo is from two different organizations. The supported Outlook clients include Outlook desktop, Outlook Mac, Outlook mobile on iOS and Android, and Outlook on the web. If the receiver of the encrypted or rights-protected email is using a third-party email client such as Outlook.com, Gmail, or Yahoo, then they will receive a wrapper mail that takes them to the OME portal where they can easily authenticate using their account credentials.

How to Encrypt Emails in MS Outlook?

With the new Office update, the encryption in Outlook has been improved. For the Office 365 subscribers, the older Permission button is replaced with the Encrypt button. In this section, we will go through the S/MIME and Office 365 Message Encryption methods.

Encrypting with S/MIME

Before getting started, it is required to add a certificate to the keychain on your computer. Once you have set up the signing certificate, you’ll need to configure it in Outlook.

  1. Go to the File menu and select Options > Trust Center > Trust Center Settings.
  2. Trust Center Settings

  3. This will open the Trust Center dialog box. Next, select Email Security from the left pane.
  4. Next, under the Encrypted email section, choose Settings.
  5. Email Security

  6. This will open the Email Security dialog box. Click on the Get Digital ID button to get a new certificate from a third-party if the certificate was not purchased already or already installed on your PC by your IT admin. Consulting the IT admin should help you select the right certificate.
  7. Get Digital ID

  8. If you have already purchased the certificate previously, then select the Import/Export tab under the Digital IDs (certificates).
  9. export Digital IDs (certificates)

  10. This will open a new dialog box. Click on the Browse button and search for the certificate (usually a .pfx file) that you previously purchased and enter the password associated with it and click OK.
  11. search for the certificate

  12. Next, you will get a popup, as shown below. Keep the security level to Medium and click OK.
  13. set security level

The next step is to share the certificate with your recipients. Prior to sharing the certificate, you must send the recipients a digitally signed message whom you will be sending encrypted email messages in the future. To do so, follow the steps outlined below:

  1. Compose a new email in Outlook
  2. Compose a new email

  3. Now, click on the Options tab in the new message and click on the More Options icon.
  4. click the Options

  5. In the Properties, tab click on the Security Settings tab.
  6. Security Settings

  7. In the Security, Properties dialog box, check the Add digital signature to this message. One can also check which certificate is being used by clicking on the Change Settings button. Next, click OK and close the System Properties window.
  8. close System Properties

Next, Send the message to the email recipient(s). In the mail body, one can include the instructions so that the recipient(s) to add your certificate to your contact data in their address book, as well as to send you a digitally signed message so you can get the certificate as well.

It is to note that the Public key portion of your certificate is sent, so others too can also encrypt they need to send to you. Due to this, you can decrypt such mails with your Private key.

How to Send an Encrypted S/MIME Email?

One can now proceed to send an encrypted email to a recipient. You need their certificate (Public key) to perform this operation. So, if your contacts already have acquired their own encryption certificate and have sent you a digitally signed one from their Outlook client then follow the below-mentioned steps:

  1. Open the digitally signed email from your contact (your contact must have sent you a digitally signed email using their email encryption certificate).
  2. Right-clicking on the sender’s name, click on Add to Outlook Contacts. If the contact is already in the contact list, then you may Edit/Update the contact instead of adding it again.
  3. Add to Outlook Contacts

  4. This will open up the contact card, click on the Certificates button in the top ribbon. This will show you the associated certificates with the contact.
  5. connect certificates with the contact

    Congratulations! Now you are all set to send an encrypted message to this contact.
    To send an encrypted mail to follow the below steps:

    1. Compose a new mail and click on the Options tab.
    2. Click on the little icon (next to More Options) in the top ribbon.
    3. This will open up the Properties window, click Security Settings.
    4. In the Security properties dialog box, check the Encrypt message contents and attachments. Click OK to proceed.
    5. Encrypt message contents and attachments

    6. Compose your email and add any attachments. Since your contact/recipient has the Private key to decrypt this message.

Caution: The S/MIME encryption method is prone to Message Takeover Attack. This allows the attacker to add their own signatures Impersonating you. It is to note that the attacker can only decrypt the replies to the original mail but not the original email message.

Encrypting with Office 365 Message Encryption (OME)

The OME email encryption options let the user send an encrypted email to any Outlook or a third-party email client. This method only works with your Office 365 subscription (Exchange online). The only downside of this method is that the receiver has to perform a couple of extra steps every time they receive an encrypted email message.

To encrypt, follow the steps outlined below:

  1. Compose a new email message and select Options > select Encrypt > from the drop-down apply the restrictions that you want to enforce.
  2. apply the restrictions

When you send an encrypted email message suing the OME, your recipient gets an email from you without the actual content but with a link to the email. Upon clicking this link, your receiver will be taken to a webpage where they must sign in with an Outlook work or school account or with a one-time passcode. The former option will only work for those receivers who have an active Office 365 subscription. If your receiver chooses the latter authentication option, it will take them to another webpage. A one-time password will be sent to their registered email account, which they must enter in the provided text box on this webpage.

Kernel for Outlook PST Repair

Due to numerous reasons, your encrypted and password protected Outlook mails can get corrupted in such troubling times, Kernel for Outlook PST Repair could become your beacon of light as it has the capability to repair heavily corrupted encrypted and password protected messages with ease. Alongside it can be used to accomplish various PST related tasks such as PST file repair and recovery of deleted messages and attachments. In addition to this this tool has the capability to save the recovered PST to DBX, MBOX, MSG, EML, TXT, RTF, HTML, and MHTML formats. One can also import the recovered PST files to Office365, email servers, and Web mails. We highly recommend Kernel for Outlook PST Repair for all your PST related needs.

Download Now

Conclusion

In this article, we have extensively looked at the working of the two most common email encryption methods in Outlook. In the S/MIME encryption method, we have discussed how to add the encryption certificate, which is required prior to sending the encrypted email. The working of the second encryption method, i.e. Office 365 Messages Encryption (OME) is also discussed. Due to numerous reasons the encrypted emails and their attachments can become corrupt. To counter these issues, we have recommended Kernel for Outlook PST Repair, which works like a charm in these dire circumstances.