The steps for encrypting emails in Microsoft Outlook
Our Microsoft 365 Security Baseline Pack addresses a common challenge with Microsoft 365 Business Premium licenses: while they offer a wide range of features and protection for organisations, their effectiveness depends on proper configuration. To ensure your system operates at its best, we take care of configuring all essential features, such as the login process and sending and receiving emails, among others. One crucial feature we set up is email encryption, which plays a vital role in safeguarding sensitive information. In the guide below, you’ll find detailed steps on how to use email encryption within Outlook.
What encryption options are available?
Encrypt: Your message stays encrypted and doesn’t leave Microsoft 365. Recipients with Outlook.com and Microsoft 365 accounts can download attachments without encryption from Outlook.com, the Outlook mobile app, or the Mail app in Windows 10. If you’re using a different email client or other email accounts, you can use a temporary passcode to download the attachments from the Microsoft 365 Message Encryption portal.
Encrypt and Prevent Forwarding: Your message stays encrypted within Microsoft 365 and can’t be copied or forwarded. Microsoft Office attachments such as Word, Excel or PowerPoint files remain encrypted even after they’re downloaded. Other attachments, such as PDF files or image files can be downloaded without encryption.
How do I send an encrypted email message?
How to read an encrypted email message? (when the receiver is using Outlook.com or Microsoft 365)
If they’re using Outlook.com or Microsoft 365 and are using the Outlook.com website, the Outlook mobile app, or the Mail app in Windows 10, they can read and reply to encrypted messages the same way they do with unencrypted messages.
If they’re using Outlook for Windows, Outlook for Mac, or a third-party email app, they’ll receive an email message with instructions for how to read the encrypted message. They can gain access using their Microsoft account or their Microsoft 365 account.
How to read an encrypted email message? (when the receiver is not using Outlook.com or Microsoft 365)
They’ll receive an email message with instructions for how to read the encrypted message. If the encrypted message was sent to a Google or Yahoo Mail account, they can authenticate using they Google or Yahoo account or by using a temporary passcode. If the message was sent to a different account (Comcast or AOL, for example) they can use a temporary passcode. The temporary passcode will be sent to them in email.
Are attachments also encrypted?
All attachments are encrypted. Recipients who access the encrypted email via the Office Message Encryption portal can view attachments in the browser.
Attachments behave differently after they’re downloaded depending on the encryption option used:
Encrypt-Only
If you choose the Encrypt-Only option, recipients with Outlook.com and Microsoft 365 accounts can download attachments without encryption from Outlook.com, the Outlook mobile app, or the Mail app in Windows 10. Other email accounts using a different email client can use a temporary passcode to download the attachments from the Microsoft 365 Message Encryption portal.
Do Not Forward
If you choose the Do Not Forward option, there are two possibilities:
- Microsoft Office attachments such as Word, Excel or PowerPoint files remain encrypted even after they’re downloaded. This means that if the recipient downloads the attachment and sends it to someone else, the person they forwarded it to won’t be able to open the attachment because they don’t have permission to open it.
Note that if the recipient of the file is using an Outlook.com account, they can open encrypted Office attachments on the Office apps for Windows. If the recipient of the file is using an Microsoft 365 account, they can open the file in Office apps across platforms. - All other attachments, such as PDF files or image files, can be downloaded without encryption.
How is this different from the current level of encryption in Outlook.com?
Currently, Outlook.com uses opportunistic Transport Layer Security (TLS) to encrypt the connection with a recipient’s email provider. However, with TLS, the message might not stay encrypted after the message reaches the recipient’s email provider. In other words, TLS encrypts the connection, not the message.
Additionally, TLS encryption didn’t provide the ability to preventing forwarding.
Messages encrypted with Microsoft 365 stay encrypted and remain inside the Microsoft 365 Personal. This helps secure your email when it’s received.