[Update]: This post was updated on April 14, 2017.
Sometimes there is a need for additional protection of your private messages from other people. There may be plenty of reasons for that – from private ones, like writing a personal letter to a close friend or telling your family where you usually keep your keys, to more formal and serious situations, like mailing a check to pay a bill. Whatever the reason, encrypted e-mails are like sealed envelopes, as opposed to the postcard-like availability of unencrypted e-mails.
Microsoft Outlook 2019, 2016, 2013 and 2010 message encryption protects the privacy of the message by converting it from readable plaintext to scrambled ciphertext.
In order to send and read encrypted messages, both the sender and recipient must share a digital ID, which contains the private key stored on the sender’s computer and a certificate with a public key. The certificate is sent with a digitally signed message. The recipient saves the certificate and uses the public key to encrypt the sender’s messages. It means that both the sender and recipient must send a digitally signed message, which allows adding the certificate to Outlook Contacts (more in this Microsoft article). From then on it is possible to send encrypted messages similarly to sending not encrypted ones. You can learn more about it here.
Before it is possible to start encrypting and decrypting messages, both the sender and recipient should get a personal mail certificate. Messages encrypted with such certificate ensure the recipient about the authenticity of an e-mail and keep it unreadable to others.
Let’s now proceed to encrypt a single message.
NOTE: The below screenshots were taken from Microsoft Outlook 2013 – in Outlook 2010 and Outlook 2016/2019 the procedure, option names and their locations are all identical.
Step 1.
When editing a new message in the Options ribbon click More Options.
Step 2.
In the next window click Security Settings….
Step 3.
In the resulting Security Properties window, check Encrypt message contents and attachments.
Now, all that’s left is composing and sending the message.
It is also possible to set Outlook to encrypt messages globally by default. In this case, composing and sending messages is the same as with unencrypted messages, but the sender and recipient will need to have a digital ID in order to decrypt the message.
Step 1.
In the MS Outlook File menu (MS Outlook Backstage View) click Options and in the Trust Center tab click Trust Center Settings….
Step 2.
In the resulting window click E-mail Security, then check the Encrypt contents and attachments for outgoing messages option.
Step 3.
Confirm the changes by clicking OK.
From now on all the outgoing messages will be encrypted.
If the recipient’s e-mail settings do not support message encryption, Outlook will notify about this and suggest sending an unencrypted message.
Suggested reading
© All rights reserved. No part or whole of this article may not be reproduced or published without prior permission.
Hi, I have enabled the default encryption option in MS Outlook based on the guidance provided.
(File menu -> Options -> Trust Center -> Trust Center Settings -> E-mail Security -> check the Encrypt contents and attachments for outgoing messages). However, If I work in some other PC, I have to do the same settings again in that. Is there any option to make the default encryption settings checked in my outlook even I work in different PCs.
Hi Ambrose,
I’m afraid Trust Center Settings cannot be assigned to an account and you have to set them up on every PC you use.
ok. Thanks Kamil.
If you encrypt the message at the outlook client and then send from Exchange (not using an Exchange issued certificate) is the message searchable by the administrator in a compliance archive? What are the drawbacks of doing this?
We need the same in the office .
Hi pablo, In this article you will find tools that can encrypt Outlook mail: http://www.howtogeek.com/135638/the-best-free-ways-to-send-encrypted-email-and-secure-messages/
Outlook needs your digital ID so that you will be able to read your own sent message. If a message was only encrypted with the public key of the sender you would not be able to decrypt it in your Sent folder.
Why does Outlook require that BOTH the sender and receiver have digital ID’s in order to encrypt a message? As I understand PKI, to be able to encrypt a message, I need only the public key of receiver, right? Then why does Outlook require that sender also have digital ID?
Hi Pawel,
We’re looking to encrypt email to various recipients. So far I haven’t been able to find anything online regarding Exchange 2013 (deployed inhouse) and digital IDs. Is it capable? Do we need to go to a 3rd party like Symantec to accomplish this?
Hi Michael,
If you want to encrypt emails sent to a large number of different external recipients, you will need to obtain a 3rd party certificate that is trusted worldwide. Apart from Symantec, Comodo, DigiCert and Thwate are the most popular choices.
Hope this helps,
Pawel
Can you also attach files?
Hi Lynn,
Yes, you can attach files manually (just like you would to non-encrypted emails) and automatically, using CodeTwo Exchange Rules Pro: https://www.codetwo.com/exchange-rules-pro/attachment-control?sts=4438. In the latter case, CodeTwo Exchange Rules Pro will attach the file along with the encrypted email to a newly created email.
Best regards,
Pawel
Does anyone know if the mobile Outlook on a Windows Phone is able to accept/ perform PKI encryption and digital signatures?
Hi Mary. Yes, it works similar in Outlook 2007. You will find more information on that topic here: http://office.microsoft.com/en-us/outlook-help/encrypt-e-mail-messages-HP001230536.aspx
Thanks Paweł. Does it work the same way with Outlook 2007?