Step-by-Step Guide to Sending Encrypted Emails in Outlook


Hands holding smartphone with email

In today’s digitally-driven world, email security keeps evolving to address the challenges with more advanced and reliable encryption solutions. As leaders in the professional sector, Microsoft Outlook and Office 365, continually adapt to these challenges by developing stronger encryption solutions that protect both the interface and the emails shared within the platform. There are several ways to send secure emails through Outlook and Office 365, embracing a variety of encryption options.

Encryption in email communication isn’t just about choosing a random method, but it involves intricate decision-making. This varies from readily available built-in options to third-party add-ins. These varied offerings allow users the flexibility to both send encrypted emails and receive protected messages in a manner that suits their preferences and needs.

However, understanding the best encryption method isn’t a one-size-fits-all solution. A multitude of factors come into play when choosing the appropriate encryption for secure emailing. Key aspects include the identity of the recipient, the email account from which the encrypted emails are to be sent, the overall usability, cost, and compatibility of the chosen encryption method, as well as its feature set.

Method 1: The Certificate-based Encryption Method – S/MIME

S/MIME, otherwise known as Secure/Multipurpose Internet Mail Extensions, is an older method of email encryption, and it has some limitations. Primarily, this strategy requires both the sender and the recipient to have installed and shared their encryption certificates, which can be an expensive endeavor. This method of securing emails may not be compatible with free webmail platforms such as Gmail and Yahoo. Moreover, S/MIME encryption is not widely supported, making it potentially unsuitable for diverse recipients. In addition, this method carries risks such as vulnerability to outside attacks and possible compromises in encryption keys used.

Getting Started with S/MIME Encryption

For those who choose to utilize S/MIME encryption, the initial setup on Outlook includes few steps:

  • Procure an email encryption certificate and import it into Outlook. Subsequently, share this certificate with your desired recipients;
  • Ensuring that all recipients have installed the encryption certificate on Outlook or a compatible platform;
  • Familiarize oneself with the process of sending an encrypted email.

There are multiple certificate authorities (CAs) from which one can acquire an email encryption certificate, with notable ones being Comodo, GlobalSign, or IdenTrust. The correct certificate to purchase is the email security certificate, also referred to as an S/MIME encryption certificate or secure email certificate, as opposed to the SSL certificate.

Once you receive the certificate and password necessary for email encryption, it is a good practice to keep a backup. This backup will be crucial if your computer is damaged or if you need to set up email encryption on a new device.

The next step is to import the certificate into Outlook:

  1. Click on the ‘File’ tab on the top left of the Outlook window, followed by ‘Options’;
  2. Select the ‘Trust Center’ in the subsequent window and click on ‘Trust Center Settings’;
  3. In the left pane, select ‘Email Security’, then under the ‘Digital IDs (Certificates)’ heading, select ‘Import/Export’;
  4. Follow the prompts to confirm and complete the certificate import process.

After successfully importing the certificate, it can be shared with recipients through a digitally signed message.

Sending Encrypted Emails with S/MIME

Sending an encrypted email using S/MIME requires the public key portion of the receiver’s certificate. With this, their certificates can be added to your contact data. Here’s how you can do it:

  • Open the digitally signed email by the recipient you wish to send an encrypted message to;
  • Right-click on the sender’s name and click on ‘Add to Outlook Contacts’;
  • Select the correct certificate for your contact from the list that appears.

Following these steps, you can now send encrypted emails using S/MIME by:

  1. Composing a new message as usual;
  2. Clicking on the ‘Options’ tab;
  3. In the ‘Properties’ window that pops up, clicking on ‘Security Settings’;
  4. In the ‘Security Properties’ window, selecting ‘Encrypt message content and attachments.’;
  5. Clicking ‘OK’ and ‘Send’ after finishing your email.

Reading Encrypted Emails

Recipients can read your encrypted email on their desktop computer using the Microsoft Outlook application, which will automatically decrypt the message for them. If the sender’s encryption certificate has been added to the contact card, replies to these messages will also be automatically encrypted.

Costs and Features of S/MIME

S/MIME encryption is user-friendly once set up and can be a fitting option for companies dealing with large enterprise clients or government agencies. However, it’s not the best fit for those collaborating with small businesses or individuals, primarily because of its lack of universal compatibility and the costs involved.

Also, encrypted emails cannot be accessed outside of the Outlook application, and recipients may not be able to forward encrypted emails to others. It’s also important to note that G-Suite email accounts using GSSMO cannot use S/MIME, and will need to use IMAP instead.

In terms of cost, in 2019 the certificate prices from Microsoft’s recommended CAs ranged between $39 and $369 annually. This fee recurs every year or once every 2-3 years if the period is paid up-front. Each user within an organization will require a unique certificate.

Man sitting in front of a computer

Method 2: Office 365 Message Encryption (OME)

The Office 365 Message Encryption (OME) is a proprietary email encryption option available to Office 365 users. It offers an efficient way to send encrypted emails to any recipient, irrespective of the email service they use. However, it’s noteworthy that this encryption method requires a valid Office 365 subscription and the Outlook application installed on your device. The process for the recipient to access the email involves a few additional steps, like obtaining a unique code and using the code to decrypt the email.

Initial Setup for Office 365 Message Encryption

OME comes with certain Office 365 subscription plans. It is not included in popular plans like Office 365 Business Essentials and Business Premium. Subscription plans that have Office 365 Message Encryption include Office 365 Enterprise E3 or E5, Microsoft Enterprise E3 or E5, Microsoft 365 Business, Office 365 A1, A3, or A5, and Office 365 Government G3 or G5. As an alternative, you could add Azure Information Protection Plan 1 to your Office 365 subscription, although this could be complicated and cost-intensive.

The steps to upgrade your Office 365 subscription are as follows:

  1. Visit the Office 365 website and login with an admin account;
  2. Navigate to Admin > Billing > Subscriptions;
  3. Click on Switch Plans to upgrade your subscription.

After this, you can verify the availability of OME in one of two ways:

  • On www.outlook.com, sign in with an account linked to the Office 365 subscription and compose a new email. If the Encrypt button is not grayed out, encryption is enabled;
  • In the Outlook application (Outlook ProPlus is recommended), compose a new email and click on Options. The Encrypt button should be enabled.

Sending Encrypted Emails in Outlook Using OME

The process to send an encrypted email using OME is quite straightforward. When composing a new message, you simply need to:

  1. Click on the Encrypt button located under the Options tab;
  2. If you wish to prevent forwarding of the encrypted email, click on the arrow beneath the Encrypt button;
  3. Complete your email and click Send.

Opening Encrypted Emails

When a recipient receives an email encrypted with OME, they’ll get a prompt to verify their identity via Office 365. After clicking on ‘Read the message’, recipients can choose to verify using a one-time passcode or by logging into a school or work account. Users of free webmail services like Gmail or Yahoo may be prompted to log into their respective platforms. If the recipient doesn’t have an Office 365 account associated with the email address, they should opt for the one-time passcode option. Microsoft Office 365 Message Encryption will send a separate email with the passcode. After entering the passcode, the recipient will gain access to the email.

Receiving Secure Email from Clients (Replies, New Emails)

Recipients can easily respond to encrypted emails by clicking on Reply All, Reply, or Forward. However, they won’t be able to send new encrypted emails to the original sender using OME.

Features and Cost

OME is a user-friendly encryption method that allows access to encrypted messages outside of Outlook. It doesn’t require regular backups of certificates and certificate passwords, and the secure messages can be accessed on any device with Outlook installed and an Office 365 account logged in. Recipients can even forward secure messages to others without the need for exchanging certificates or passwords. However, the requirement for Outlook ProPlus, the additional steps for the recipient, and the lack of an option to set expiration dates for messages are certain limitations of this method.

The cost of OME is included in the upgraded Office 365 subscription. The additional cost for upgrading the subscription can vary depending on the current subscription plan. OME is recommended for professional email interactions, particularly when interacting with vendors or entities that must adhere to specific security regulations.

Laptop with open email

Method 3: Outlook Encryption Add-ins

For small organizations with limited IT support, Outlook Encryption Add-ins provide a seamless way to send secure emails to recipients, even if they don’t have their own encryption. This method is user-friendly as it doesn’t require any recipient setup, installation, or sign-in. Additionally, it is likely the most cost-effective option available.

Initial Setup:

Setting up an email encryption add-in usually involves installing the software. Visit the add-in’s website, download the installer, and run the installation process, which typically takes around a minute. The installation steps may vary slightly depending on the browser being used, such as Internet Explorer, Google Chrome, or Firefox.

To get started, launch or restart the Outlook application and start composing a new email. Look for the Secure Send button at the top left of the window. If visible, you can then send encrypted emails from Outlook to any recipient’s email address, regardless of their platform.

Sending Encrypted Messages:

To send an encrypted email, click on the New Email button in Outlook, compose your message (including any necessary attachments), and ensure that the content should be encrypted. Instead of clicking Send, use the Secure Send button to encrypt both the email’s contents and attachments.

Opening Encrypted Emails:

While the subject of the email remains unencrypted, the body of the email will be secured. When the recipient opens the email, they will see a prompt to access the encrypted content without needing an external passcode. The sender can also set an expiration time to maintain security levels.

Receiving Secure Emails and Replies from Clients:

Recipients viewing the secure message may have the option to send a secure reply. Depending on the specific Encryption Add-in used, recipients might be able to respond securely to non-encrypted messages as well.

Outlook Email Encryption Features and Costs:

Features and pricing vary among providers. Trustifi, for instance, offers users full control over their email security, tailoring services to individual and organizational needs. Trustifi provides NSA-grade encryption, comprehensive inbound and outbound protection, and unique features like easy recall, blocking, modification, and setting expiration times for emails already sent. With customized solutions available, Trustifi’s plans and pricing can be adjusted to suit each organization’s requirements and budget.

Conclusion

In summary, organizations can enhance the security of their email content and attachments sent through Outlook by utilizing digital certificates such as SMime, Office 365 Encryption OME, or encryption add-ins. Encryption add-ins, which combine the benefits of SMime and OME, provide the most user-friendly experience and cost-effectiveness. Compatible with any email account for both senders and recipients, tools like Trustifi’s Encryption Addins offer unparalleled convenience and protection.

Leave a Reply

Your email address will not be published. Required fields are marked *