Encrypt messages by using S/MIME in Outlook Web App

Posted on by

Want to add a padlock to your email messages? You can use S/MIME in Outlook Web App to increase the security of messages. A digitally encrypted message can only be opened by recipients who have the correct key. A digital signature assures recipients that the message hasnt been tampered with.

Note: S/MIME may not be available for your account.

Setting up to use S/MIME encryption

Encrypt and digitally sign outgoing messages

How do I encrypt or digitally sign all messages?

How do I encrypt individual messages?

How do I digitally sign individual messages?

Reading encrypted and digitally signed messages

How do I read an encrypted message?

How do I verify the signature of a digitally signed message?

What else do I need to know?

Get a certificate.

The first step to use S/MIME is to obtain a certificate, also called a digital ID, from your organizations administrator. Your certificate may be stored on a smart card, or may be a file that you store on your computer. Follow the instructions provided by your administrator to use your certificate.

Install the S/MIME control.

If you do not have the S/MIME control installed, and receive an encrypted or digitally signed message, youll be prompted to install the control when you open the message. Alternatively, if you do not have the S/MIME control installed, you can create a new message and select more options > Message options and select Encrypt this message (S/MIME). You will then be prompted to install the S/MIME control.

When youre prompted to run or save the file, select Run.

You may be prompted again to verify that you want to run the software. Select Run to continue the installation.

Note: You will have to close and reopen Outlook Web App before you can use the S/MIME control.

Top of Page

After youve installed the S/MIME control, you can go to the gear menu > S/MIME settings where you will find two options that you can select to digitally encrypt or digitally sign every message you send.

Select Encrypt contents and attachment of all messages I send to automatically encrypt all outgoing messages.

Select Add a digital signature to all messages I send to digitally sign all outgoing messages.

Note: All outgoing messages include new messages, replies, and forwards.

To add or remove digital encryption from an individual message that youre composing:

Go to the top of the message and select more options > Message options.

Select or deselect Encrypt this message (S/MIME).

If you encrypt an outgoing message and Outlook Web App cant verify that all recipients can decrypt the message, youll see a notice warning you which recipients may not be able to read the encrypted message. You can then send the message anyway, remove those recipients, or retry to check again.

To add or remove a digital signature from a message that youre composing:

Go to the top of the message and select more options > Message options.

Select or deselect Digitally sign this message (S/MIME).

If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to digitally sign the message. Your smartcard may also require a PIN to access the certificate.

Top of Page

A key icon in the message list or reading pane indicates an encrypted message.

If you normally use Conversation view, you will have to open the message in a new window to read it. There will be a link on the message to make this easier.

When you receive an encrypted message, Outlook Web App will check whether the S/MIME control is installed and whether there is a certificate available on your computer. If the S/MIME control is installed and there is a certificate available, the message will be decrypted when you open it. If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to read the message. Your smartcard may also require a PIN to access the certificate.

A ribbon icon in the message list or reading pane indicates a digitally signed message.

If you normally use Conversation view, you will have to open the message in a new window to read it. Information about the digital signature will be at the top of the message, along with a link that you can select to learn more about the digital signature.

Top of Page

Internet Explorer 9 or later is required to send and receive encrypted messages. It is also required to digitally sign messages that you send, and to verify digital signatures on messages that you receive.

S/MIME message encryption is supported only on messages sent to and from recipients in your organizations address list. If you send an encrypted message to someone outside your organization, they will not be able to decrypt and read the message.

S/MIME digital signatures are only fully supported for recipients inside your organization. Recipients can only verify the digital signature if theyre using an email client that supports S/MIME and have installed the S/MIME control.

If you send a digitally signed message to a recipient outside your organization, they will be able to read the message. Depending on the email client theyre using, they may or may not see and be able to verify the digital signature.

Encrypted messages can be read only by intended recipients who have a certificate. If you try to send an encrypted message to a recipient who doesn't have a certificate, Outlook Web App will warn you that the recipient cant decrypt S/MIME encrypted messages.

If at least one recipient of an encrypted message has a certificate, Outlook Web App will send the message to all recipients. If none of the intended recipients has a certificate, Outlook Web App won't let you send the message in encrypted form.

A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Digitally signed messages can be sent to anyone. However, the recipient must be using an email application that supports S/MIME and have installed the S/MIME control to verify the digital signature. Outlook and Outlook Web App both support S/MIME.

The S/MIME control is necessary to verify the signatures of digitally signed messages, but a certificate is not. If you receive a message that's been encrypted or digitally signed and you haven't installed the S/MIME control, you'll see a warning in the message header notifying you that the S/MIME control isn't available. The message will direct you to the S/MIME options page where you can install this control.

Top of Page

More:
Encrypt messages by using S/MIME in Outlook Web App

Related Posts
This entry was posted in $1$s. Bookmark the permalink.