Encrypt messages by using S/MIME in Outlook Web App

Want to add a padlock to your email messages? You can use S/MIME in Outlook Web App to increase the security of messages. A digitally encrypted message can only be opened by recipients who have the correct key. A digital signature assures recipients that the message hasn’t been tampered with.

 Note    S/MIME may not be available for your account.

In this article


Setting up to use S/MIME encryption

  1. Get a certificate.

The first step to use S/MIME is to obtain a certificate, also called a digital ID, from your organization’s administrator. Your certificate may be stored on a smart card, or may be a file that you store on your computer. Follow the instructions provided by your administrator to use your certificate.

  1. Install the S/MIME control.
  1. If you do not have the S/MIME control installed, and receive an encrypted or digitally signed message, you’ll be prompted to install the control when you open the message. Alternatively, if you do not have the S/MIME control installed, you can create a new message and select more options extended menu > Message options and select Encrypt this message (S/MIME). You will then be prompted to install the S/MIME control.
  2. When you’re prompted to run or save the file, select Run.
  3. You may be prompted again to verify that you want to run the software. Select Run to continue the installation.

 Note    You will have to close and reopen Outlook Web App before you can use the S/MIME control.

Top of Page Top of Page

Encrypt and digitally sign outgoing messages

How do I encrypt or digitally sign all messages?

After you’ve installed the S/MIME control, you can go to the gear menu settings > S/MIME settings where you will find two options that you can select to digitally encrypt or digitally sign every message you send.

  • Select Encrypt contents and attachment of all messages I send to automatically encrypt all outgoing messages.
  • Select Add a digital signature to all messages I send to digitally sign all outgoing messages.

 Note    All outgoing messages include new messages, replies, and forwards.

How do I encrypt individual messages?

To add or remove digital encryption from an individual message that you’re composing:

  1. Go to the top of the message and select more options extended menu > Message options.
  2. Select or deselect Encrypt this message (S/MIME).

If you encrypt an outgoing message and Outlook Web App can’t verify that all recipients can decrypt the message, you’ll see a notice warning you which recipients may not be able to read the encrypted message. You can then send the message anyway, remove those recipients, or retry to check again.

How do I digitally sign individual messages?

To add or remove a digital signature from a message that you’re composing:

  1. Go to the top of the message and select more options extended menu > Message options.
  2. Select or deselect Digitally sign this message (S/MIME).

If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to digitally sign the message. Your smartcard may also require a PIN to access the certificate.

Top of Page Top of Page

Reading encrypted and digitally signed messages

How do I read an encrypted message?

A key icon Icon for S/MIME encryption in the message list or reading pane indicates an encrypted message.

If you normally use Conversation view, you will have to open the message in a new window to read it. There will be a link on the message to make this easier.

When you receive an encrypted message, Outlook Web App will check whether the S/MIME control is installed and whether there is a certificate available on your computer. If the S/MIME control is installed and there is a certificate available, the message will be decrypted when you open it. If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to read the message. Your smartcard may also require a PIN to access the certificate.

How do I verify the signature of a digitally signed message?

A ribbon icon Icon for S/MIME digital signature in the message list or reading pane indicates a digitally signed message.

If you normally use Conversation view, you will have to open the message in a new window to read it. Information about the digital signature will be at the top of the message, along with a link that you can select to learn more about the digital signature.

Top of Page Top of Page

What else do I need to know?

  • Internet Explorer 9 or later is required to send and receive encrypted messages. It is also required to digitally sign messages that you send, and to verify digital signatures on messages that you receive.
  • S/MIME message encryption is supported only on messages sent to and from recipients in your organization’s address list. If you send an encrypted message to someone outside your organization, they will not be able to decrypt and read the message.
  • S/MIME digital signatures are only fully supported for recipients inside your organization. Recipients can only verify the digital signature if they’re using an email client that supports S/MIME and have installed the S/MIME control.
  • If you send a digitally signed message to a recipient outside your organization, they will be able to read the message. Depending on the email client they’re using, they may or may not see and be able to verify the digital signature.
  • Encrypted messages can be read only by intended recipients who have a certificate. If you try to send an encrypted message to a recipient who doesn't have a certificate, Outlook Web App will warn you that the recipient can’t decrypt S/MIME encrypted messages.
  • If at least one recipient of an encrypted message has a certificate, Outlook Web App will send the message to all recipients. If none of the intended recipients has a certificate, Outlook Web App won't let you send the message in encrypted form.
  • A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Digitally signed messages can be sent to anyone. However, the recipient must be using an email application that supports S/MIME and have installed the S/MIME control to verify the digital signature. Outlook and Outlook Web App both support S/MIME.
  • The S/MIME control is necessary to verify the signatures of digitally signed messages, but a certificate is not. If you receive a message that's been encrypted or digitally signed and you haven't installed the S/MIME control, you'll see a warning in the message header notifying you that the S/MIME control isn't available. The message will direct you to the S/MIME options page where you can install this control.

Top of Page Top of Page

 
 
Applies to:
Outlook Web App, Outlook Web App for Office 365 Enterprise