Bobcares

Encrypt email messages in Outlook – Methods to encrypt

by | Mar 20, 2021

Don’t know how to Encrypt email messages in Outlook? We can help you.

To protect the privacy of an email message, we encrypt it. Encrypting an email message in Outlook means it is converted from readable plain text into scrambled ciphertext.

As part of our Server Management Services, we assist our customers with several Outlook queries.

Today, let us see how to encrypt email messages in Outlook.

 

When we need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it is converted from readable plain text into scrambled ciphertext.

Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading.

Any recipient without the corresponding private key, however, sees indecipherable text. Outlook supports two encryption options:

  • S/MIME encryption

To use S/MIME encryption, the sender and recipient must have a mail application that supports the S/MIME standard. Outlook supports the S/MIME standard.

  • Microsoft 365 Message Encryption (Information Rights Management)

To use Microsoft 365 Message Encryption, the sender must have Microsoft 365 Message Encryption.

  • Using Email Encryption Add-ins

The right Outlook email encryption add-in can let us send encrypted to any recipient (any email address, including free webmail users) using any email account. So this option to encrypt email in Outlook combines the best of both the previous two options. Also, this is likely the lowest cost option, or even free.

 

New Encrypt button and updates to email encryption

With the new Office update, email encryption in Outlook got better.

  • The Permissions button is replaced with the Encrypt button.
    The new Encrypt button contains both encryption options (S/MIME and IRM). The S/MIME option is only visible if we have the S/MIME certificate configured in Outlook.

 

Encrypt email messages in Outlook

The best Outlook email encryption option depends on the ease of use for us and our recipients, available features such as access to encrypted messages outside Outlook, costs, and other capabilities.

Moving ahead, let us see methods to encrypt email messages in Outlook.

 

Method 1: Encrypting with S/MIME

Configure certificate installed in the computer

Before we start this procedure, we must first have added a certificate to the keychain on our computer. Once we have our signing certificate set up on the computer, we will need to configure it in Outlook.

  1. Under the File menu, select Options > Trust Center > Trust Center Settings.
  2. In the left pane, select Email Security.
  3. Under Encrypted email, choose Settings.
  4. Under Certificates and Algorithms, click Choose and select the S/MIME certificate.
  5. Choose OK
  6. Finish composing the email and then select Send.

In between, for Office Insiders with Microsoft 365 subscription, we follow:

In the email message, choose Options, select Encrypt, and pick Encrypt with the S/MIME option from the drop-down.

On the other hand, for Outlook 2019 and Outlook 2016:

In the email message, choose Options, select Permissions.

 

Import the certificate that is not installed on the computer

Once we have purchased the certificate, open or go to the Outlook application on the computer and follow these steps:

  1. On the top left, click File >> Options
  2. In the new window that opens, click Trust Center >> Trust Center Settings.
  3. Then click Email Security in the left pane.
  4. Under the heading Digital IDs (Certificates), click Import/Export.
  5. A window opens, here, make sure to select Import existing ID. Then browse for the certificate file (typically a .pfx file). Enter the password associated with the certificate file and click OK.
  6. A pop-up informs us that the security level is set to Medium. It is best to leave it at Medium. Click OK.
  7. At times, free certificates cause a warning, informing us that Windows cannot validate that the certificate is actually from the claimed certificate authority. If we get such a warning and wish to use the certificate anyway, click Yes to continue.
  8. The Import/Export window will now close automatically. Click OK on the Trust Center window to close it.

Share the certificate with each recipient

To share the certificate, send a digitally signed message to each email recipient to whom we intend to send encrypted email in the future.

Here is how our Support Techs do it:

  1. Compose a new email in Outlook.
  2. On the new message window, click Options.
  3. Then click the little icon next to More Options.
  4. The Properties window will open, click on Security Settings.
  5. In the Security Properties window that opens, click Add digital signature to this message and then Close the Properties window.
  6. Send the message to the intended email recipient(s).

In addition, we sent the public key portion of the certificate. So others can encrypt the message they need to send to us.

Add Recipient’s Certificate to Contact Data

Every email recipient who receives an encrypted email should follow the following steps:

  1. Open the digitally signed email.
  2. Where the “From” information for the message is shown, right-click the sender’s name and click Add to Outlook Contacts. However, if we already have the contact, we use the option to Edit/Update contact.
  3. In the contact card that opens, click Certificates.
  4. The contact card will show a list of certificates with at least one certificate for that contact and when we select that certificate, it will show a message informing us that we can use the certificate to encrypt messages that we send to this contact.

To Send Encrypted Email:

As always, start a new email message.

  1. In the new message window, click Options in the top menu.
  2. Then click the little icon next to More.
  3. In the Properties window that opens, click Security Settings.
  4. In there, click the checkbox next to Encrypt message content and attachments.
    Since we can’t encrypt the subject line, it is good to include something insensitive but appropriate to the content.
  5. Then click OK on this window and then Close on the previous one.
  6. Finally, Send.

 

Method 2: Encrypt with Microsoft 365 Message Encryption

Microsoft 365 subscribers can follow the below steps:

  1. In the email message, choose Options >> Encrypt
  2. Pick the encryption that has the restrictions we want to enforce.

For Outlook 2019 and 2016:

  1. In the email message, select Options >> Permissions
  2. Pick the encryption that has the restrictions we like to enforce.
  • Encrypt a single message:
  1. In the message that we are composing, click File >> Properties.
  2. Click Security Settings and then select the Encrypt message contents and attachments check box.
  3. Then click Send.
  • Encrypt all outgoing messages:
  1. On the File tab. choose Options >> Trust Center >> Trust Center Settings.
  2. On the Email Security tab, under Encrypted email, select the Encrypt contents and attachments for outgoing messages check box.
  3. To change additional settings, such as choosing a specific certificate to use, click Settings.
  • Send encrypted mails:
  1. Compose a New Email.
  2. Click Options in the top menu and then click Encrypt.
  3. We can see a message informing us that encryption is applied to this message.
  4. Finally, click Send as usual to send it.

 

Method 3: Outlook Encryption Add-ins

This is likely the best method to send encrypted messages to recipients who may not have any encryption set up in their own email accounts.

On the web page that displays our secure message:

  • The user may view the message and download any attachments.
  • Choose to set a password: For security reasons, the message will automatically expire, unless the recipient selects the option to set a password and retain indefinite access.
  • Choose to send a secure reply.

The add-ins fall into two types:

  • Stand-alone Add-ins: These encrypt the email purely on our and our recipient’s computers.
  • Packaged Add-ins: These add-ins are offered as part of a package that additionally includes a client portal or file sharing service.

 

Encrypt email messages in Outlook – Possible error

Recently we had a customer who came across an error while sending S/MIME encrypted mails from OWA.

A dialog box displays the following error message.

Outlook Web Access could not find your digital ID for encryption. If your digital ID is on a smart card, insert the card in the card reader, and then try to send the message again. You may also try sending the message unencrypted.

If your digital ID is not trusted by the Exchange server, you cannot use it to encrypt messages. For more information, contact technical support for your organization.
Cause:

In a default installation of Exchange Server 2007 or Exchange Server 2010, if the user certificate is issued to an SMTP address that’s not listed on the Active Directory account, then OWA won’t use the certificate.

Solution:

To resolve this issue, we must obtain a digital ID.

If we have a Digital ID for S/MIME emails, but the SMTP address doesn’t match the Exchange Server mailbox account, the Exchange Administrator can enable the following registry value to allow for the selection of the user certificate.

This allows users to select the certificate to sign outgoing messages. The OWA client will bypass the SMTP name check.

Use the steps below to enable this OWA feature.

  1. Click Start >> Run >> regedit, and press Enter.
  2. Expand HKLM\System\CurrentControlSet\services\MSExchangeOWA\SMIME
  3. Right-click the SMIME key and click New > DWORD (32-bit).
  4. Name the new DWORD value AllowUserChoiceOfSigningCertificate
  5. Then double-click AllowUserChoiceOfSigningCertificate and set the value to 1.
  6. Eventually, close the registry editor.
  7. Then click Start > Run, type cmd, and click Enter.
  8. From the command prompt run IISReset /noforce. Or, we can restart the IIS Admin service in Services.msc.

Once we configure the registry key, the user will see a new option under the E-Mail security section in the OWA options.

  1. Sign in to OWA and click Options.
  2. Then click Email security.
  3. Under the Select Certificate for Mail Signing section, change the radio button to manually pick the certificate.
  4. Click Choose Signing Certificate…. A new window will open displaying available user certificates.
  5. Then select the appropriate certificate and click OK.

[Need help with encryption? Feel free to contact us]

 

Conclusion

To conclude, we saw three methods to encrypt email messages in Outlook: using certificates (S/Mime), Office 365 Message Encryption (OME), and using encryption add-ins.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF