Message encryption in MS Outlook 2010 and 2013

Sometimes there is a need for additional protection of your private messages from other people. There may be plenty of reasons for that – from private ones, like writing a personal letter to a close friend or telling your family where you usually keep your keys, to more formal and serious situations, like mailing a check to pay a bill. Whatever the reason, encrypted e-mails are like sealed envelopes, as opposed to postcard-like availability of unencrypted e-mails.

MS Outlook 2010 and 2013 message encryption protects the privacy of the message by converting it from readable plaintext to scrambled ciphertext.

In order to send and read encrypted messages, both the sender and recipient must share a digital ID, which contains the private key stored on the sender’s computer and a certificate with a public key. The certificate is sent with a digitally signed message. The recipient saves the certificate and uses the public key to encrypt the sender’s messages. It means that both the sender and recipient must send a digitally signed message, which allows adding the certificate to Outlook Contacts (more in this Microsoft article). From then on it is possible to send encrypted messages similarly to sending not encrypted ones. You can learn more about it here.

Before it is possible to start encrypting and decrypting messages, both the sender and recipient should get a personal mail certificate. Messages encrypted with such certificate ensure the recipient about the authenticity of an e-mail, and keep it unreadable to others.

Let’s now proceed to encrypting a single message.

NOTE: The below screenshots were taken from MS Outlook 2013 – in MS Outlook 2010 the procedure, option names and their locations are all identical.

Step 1.

When editing a new message in the Options ribbon click More Options.

Options in a new message

Step 2.

In the next window click Security Settings… .

Security Settings option

Step 3.

In the resulting Security Properties window check Encrypt message content sand attachments.

Encrypt message contents and attachments

Now all that’s left is composing and sending the message.

It is also possible to set Outlook to encrypt messages globally by default. In this case, composing and sending messages is the same as with unencrypted messages, but the sender and recipient will need to have a digital ID in order to decrypt the message.

Step 1.

In the MS Outlook File menu (MS Outlook Backstage View) click Options and in the Trust Center tab click Trust Center Settings… .

Trust Center Settings

Step 2.

In the resulting window click E-mail Security, then check the Encrypt contents and attachments for outgoing messages option.

E-mail Security

Step 3.

Confirm the changes by clicking OK.

From now on all the outgoing messages will be encrypted.

If the recipient’s e-mail settings do not support message encryption Outlook will notify about this and suggest sending an unencrypted message.

Suggested reading

How to automatically add signatures to encrypted emails on Exchange

© All rights reserved. No part or whole of this article may not be reproduced or published without prior permission.

Message encryption in MS Outlook 2010 and 2013 by

12 thoughts on “Message encryption in MS Outlook 2010 and 2013


  1. If you encrypt the message at the outlook client and then send from Exchange (not using an Exchange issued certificate) is the message searchable by the administrator in a compliance archive? What are the drawbacks of doing this?

  2. Outlook needs your digital ID so that you will be able to read your own sent message. If a message was only encrypted with the public key of the sender you would not be able to decrypt it in your Sent folder.

  3. Why does Outlook require that BOTH the sender and receiver have digital ID’s in order to encrypt a message? As I understand PKI, to be able to encrypt a message, I need only the public key of receiver, right? Then why does Outlook require that sender also have digital ID?

  4. Hi Pawel,

    We’re looking to encrypt email to various recipients. So far I haven’t been able to find anything online regarding Exchange 2013 (deployed inhouse) and digital IDs. Is it capable? Do we need to go to a 3rd party like Symantec to accomplish this?

    • Hi Michael,

      If you want to encrypt emails sent to a large number of different external recipients, you will need to obtain a 3rd party certificate that is trusted worldwide. Apart from Symantec, Comodo, DigiCert and Thwate are the most popular choices.

      Hope this helps,
      Pawel

  5. Does anyone know if the mobile Outlook on a Windows Phone is able to accept/ perform PKI encryption and digital signatures?

Leave a Reply

Your email address will not be published.

*

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>