How to send an encrypted email message?

Overview

Email messages can be protected to help preserve content confidentiality. Microsoft 365 offers a service called Message Encryption which you can use to send protected messages. Messages sent via Message Encryption can only be read by the recipient and can be configured to disallow forwarding to other users.

This article covers how to send an encrypted message. See this article for instructions how a recipient would open an encrypted message: 

 

Warning

Care should be taken when sending sensitive information in email. Message Encryption is best suited for one time or occasional sharing. You are still responsible for ensuring information is only shared with appropriate parties. If you routinely share sensitive information with an authorized external entity, Message Encryption may not be the best solution. Contact your local support or OIT Security for further guidance or if you have any questions.

 

Encryption Options

There are three levels of message protection.

  1. Encrypt-Only: This option encrypts the email content, ensuring that only the intended recipients can read it. However, it does not impose any additional restrictions on what recipients can do with the email once they receive it.

  2. Do Not Forward: This option not only encrypts the email but also restricts recipients from forwarding, printing, or copying the email content. This helps maintain the confidentiality of the information by preventing it from being shared beyond the intended recipients.

  3. Encrypt: This option offer enhanced security over "Encrypt-Only" using S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption. It converts the email content into scrambled cipher text, which can only be decrypted by recipients who have the corresponding private key.

The main advantage of using the “Encrypt” option over “Encrypt-Only” is the level of security and compatibility it provides:

  1. Enhanced Security: The “Encrypt” option typically uses S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption, which provides a higher level of security by converting the email content into cipher text. This ensures that only recipients with the corresponding private key can decrypt and read the email.

  2. Digital Signatures: S/MIME encryption can also include digital signatures, which verify the sender’s identity and ensure that the email content has not been tampered with during transmission.

  3. Compatibility: S/MIME is a widely accepted standard for email encryption and is supported by many email clients and services. This can make it easier to securely communicate with recipients using different email platforms.

In contrast, the “Encrypt-Only” option provides encryption but does not offer the additional security features and compatibility benefits of S/MIME. It is generally simpler to use but may not be as robust in terms of security.

 

Outlook for Windows

From the new message draft window, click the "Options" tab.

Uploaded Image (Thumbnail)

Next, click on the "Encrypt" button to enable encryption.

Uploaded Image (Thumbnail)

To select another encryption option, click on the drop down arrow on the Encrypt button. This allows select betweening "Encrypt-Only" (default) and "Do Not Forward".

Uploaded Image (Thumbnail)

Outlook indicates the message will be protected. Click Send as usual when you are ready to send the message.

Uploaded Image (Thumbnail)

 

Outlook for Web

The process to send an encrypted message in Outlook for Web differs depending on what you see when drafting a new message.

 

Overflow Menu

From the new message draft window, if you do not see a button labelled "Encrypt" in the menu bar, you need to navigate into the overflow menu. Click the 3 dot icon "...", select "Encrypt" and then choose "Encrypt" or "Do Not Forward".

If you choose "Encrypt" the message is encrypted. Recipients can share the email and any attachments with any third parties without restriction.

If you choose "Do Not Forward" the message is encrypted and additional protections prevent the recipients from forwarding the email message to others. Recipients can still reply to your email. Microsoft file format attachments (such as Word documents and Excel spreadsheets) are protected and remain encrypted even if downloaded. Non-Microsoft specific file formats, including PDF documents and image files, are not protected once downloaded and can be shared by the recipient without restriction.

Exercise caution when sending sensitive file attachments with either option.

OWA Overflow view

 

Encrypt Button

If you see an "Encrypt" button, you can click it to enable message encryption.

Step 1

Click "Encrypt".

Step 2

The message is marked for protection using Office Message Encryption. However, recipients can share the email and any attachments with any third parties without restriction.

To disallow recipient forwarding of the message in addition to encryption, click "Change permissions".

Click Change Permissions for more options

Step 3

Click the drop down in the pop-up window:

Click the permissions drop down

Select "Do Not Forward":

Click "Do Not Forward"

Click "OK":

Click OK

Step 4

The message remains encrypted and additional protections prevent the recipients from forwarding the email message to others. Recipients can still reply to your email. Microsoft file format attachments (such as Word documents and Excel spreadsheets) are protected and remain encrypted even if downloaded. Non-Microsoft specific file formats, including PDF documents and image files, are not protected once downloaded and can be shared by the recipient without restriction.The new message draft window indicates the protection status at the top.

Click send as usual when you are ready to send the message.

Message status indicates do not forward is in effect.

 

 

Outlook for Mac

MacOS Menu

With the message you wish to encrypt selected, find the Draft menu item at the top of your screen. Click on Draft -> Encrypt to see three encryption options.

Uploaded Image (Thumbnail)

Details of what these three options offer can be found under
Encryption Options
at the top of this article.
Select the desired option for your protected email message.

 

Outlook for MacOS Encrypt Button

You can add an "Encryption" button in the menu that is displayed when composing an email.

Step 1

From the new message draft window, click the elipses ("...") in the menu, then select "Customize Toolbar"

Uploaded Image (Thumbnail)


Step 2

A new window will open that displays the toolbar options available to you. Select "Encryption", and drag it to the menu bar at the top of the window. You can select where on the menu bar the button will appear.

Uploaded Image (Thumbnail)

In this example, I have dragged the "Encryption" button to the place between "Attach File" and "Signature"

Uploaded Image (Thumbnail)

Step 3

Click on the "Done" button at the bottom right. You will be returned to the message draft window. You should now see a menu item named "Encryption".

Uploaded Image (Thumbnail)

 

This button will appear on the menu for any new email you create. Clicking on it gives you the three options available to you for protecting you email message.

Details of what these three options offer can be found under
Encryption Options
at the top of this article.
 

 

Print Article