Want to learn how to encrypt emails in Outlook? We all know that sending emails is such a simple part of everyday work that you may not give it a second thought. However, like any data transmitted across the internet, emails are vulnerable to interception.
Companies that handle sensitive information or are required to meet regulatory requirements can keep emails secure by encrypting them, ensuring they’re only read by the intended recipients.
The difference between encrypted and unencrypted email
The contents of an unencrypted email are sent in plain text, meaning anyone who intercepts the message can read its contents. This lack of security leaves your sensitive information vulnerable to hackers and other prying eyes.
Encrypted email uses advanced encryption algorithms to scramble the content of your message. Only the intended recipients with the correct decryption key can decipher and read the encrypted email. Even if your encrypted email gets intercepted, the hacker won’t be able to read what’s in it.
Why you should send encrypted emails
Encrypting your email ensures that your communication remains confidential and protected. There are several compelling reasons why you should send encrypted emails.
Ensure privacy
Whether you’re sending personal data, financial information, or confidential business documents, email encryption adds an extra layer of security and protects sensitive information, making it extremely difficult for hackers to intercept and decipher your messages.
Meet compliance requirements
Email encryption helps you comply with privacy regulations and industry standards in industries with strict compliance requirements for protecting sensitive data, such as healthcare and finance.
Authenticate communication
When combined with digital signing, encryption assures the email recipient that the email actually came from you, not someone pretending to be you. As spam and spoofed emails proliferate, sending customers encrypted and digitally signed emails authenticates your identity and shows that you take data privacy seriously.
How to set up email encryption in Office 365
Office 365 has three built-in email encryption options:
1. Microsoft Purview Message Encryption
Microsoft Purview Message Encryption is an online service that lets you send encrypted emails to recipients inside your organization and to external recipients using any email address, including Outlook, Gmail, and iCloud. It doesn’t require any special client-side software and is simple for administrators and users.
To set up Microsoft Purview Message Encryption, ensure that Azure Rights Management (Azure RMS) is activated, which will automatically activate message encryption in Office 365.
Subscriptions obtained after February 2018 have Azure RMS activated automatically unless your organization’s administrator manually deactivated it.
Note that if you use Active Directory Right Management service (AD RMS) with Exchange Online, you need to migrate to Azure RMS to use message encryption because Microsoft Purview Message Encryption isn’t compatible.
2. Secure/Multipurpose Internet Mail Extensions (S/MIME)
This certificate-based email encryption for Office 365 lets you encrypt and digitally sign messages, validating the identity of the sender while ensuring that only the intended recipient can open and read the message.
S/MIME requires the sender to have public keys for each recipient, while recipients maintain their own private keys. S/MIME is recommended when peer-to-peer encryption is needed, such as when government agencies communicate with each other.
To enable S/MIME-based security for the mailboxes in your organization, follow these steps.
- Set up and publish S/MIME certificates for each user. Start by installing a Windows-based Certification Authority (CA) or a third-party CA and set up a public key infrastructure to issue S/MIME certificates. Then publish the user’s certificate in their on-premises Active Directory account in the UserSMIMECertificate and/or UserCertificate attributes.
- Set up a virtual certificate collection in Exchange Online. First, export the root and intermediate certificates from a trusted machine to a serialized certificate store (SST) in PowerShell. Then use PowerShell to import the certificates into Exchange Online.
- Sync user certificates for S/MIME into Office 365 by issuing certificates and publishing them in your local Active Directory. Once published, sync on-premise user data to Office 365.
- If using Outlook on the web, configure policies to install the S/MIME extensions in web browsers.
- Configure email clients to use S/MIME by distributing certificates to the user’s device and enabling and configuring S/MIME in the client’s settings.
For complete end-to-end instructions and detailed syntax, see S/MIME on the Microsoft Learn site.
3. Information Rights Management (IRM)
IRM encryption applies usage restrictions to email messages, preventing sensitive information from being printed, forwarded or copied by unauthorized people.
IRM is recommended for sensitive messages, such as companies sending proprietary information that they don’t want to be forwarded outside their organization.
To use IRM in Office 365 applications, Azure RMS must be activated. Subscriptions obtained after February 2018 will have Azure RMS activated automatically.
How to use Outlook to send encrypted email
After you’ve enabled email encryption in Office 365, it’s a relatively seamless process to use Outlook to send encrypted emails. You can send a single encrypted email in Outlook by following these steps:
- Open Outlook and click on the “New Email” button to compose a new message.
- In the email composition window, click on the “Options” tab.
- Select the “Encrypt” button.
- Choose the encryption options that you want to apply to your email, such as “Encrypt-Only” or “Do Not Forward.”
- Compose your email as usual and click on the “Send” button.
To encrypt all outgoing messages by default, follow these steps in Outlook:
- Click on the “File” tab, choose “Options,” “Trust Center,” and “Trust Center Settings.”
- Select the “Email Security” tab, then “Encrypted email,” and check the box next to “Encrypt contents and attachments for outgoing messages.”
- You can change additional settings or choose a specific certificate to use by clicking “Settings.”
This encrypts the message and any attachments, ensuring that only the intended recipient can decrypt and read the contents. Remember that the recipient must also have encryption capabilities enabled to receive and decrypt the encrypted email.
Best practices for sending encrypted emails
In addition to using Outlook to send encrypted email, you should also follow these best practices to maximize your data security:
- Use strong and unique passwords for your email accounts and encryption keys.
- Regularly update your software and encryption tools.
- Verify the identity of the recipients before sending sensitive information.
- Avoid sending sensitive information over unsecured networks or public Wi-Fi.
- Double-check the recipients’ email addresses to ensure you don’t send encrypted emails to the wrong recipients.
- Keep a backup of your encryption keys in a secure location.
Alternatives to email encryption in Office 365 and Outlook
Email encryption is an excellent way to secure your communication but there are other ways to send secure messages that don’t require security certificates.
Secure messaging apps
Use a secure messaging app that provides end-to-end encryption to ensure that your messages are secure from start to finish. Industries like healthcare with specific compliance requirements should choose HIPAA-compliant apps like OhMD or Rocket Chat to meet their needs.
Virtual Private Network
Use a Virtual Private Network (VPN) to encrypt your internet connection, including your email traffic. VPNs create a secure tunnel between your device and the internet, preventing anyone from intercepting your emails.
File-sharing services
Use secure file-sharing services that offer encryption and access controls. Services such as Dropbox or Google Drive allow you to share files securely with recipients.
Keeping message data secure
Encrypting emails in Outlook and Office 365 is essential to ensure the confidentiality and security of sensitive information. You can send encrypted emails for an added layer of protection against hackers and unauthorized access while meeting compliance requirements. Enabling encryption in Office 365 helps enhance the security of your communication and protect sensitive information effectively.