When you need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it's converted from readable plain text into scrambled cipher text. Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key, however, sees indecipherable text.
A digital signature on an e-mail message helps the recipient verify that you are the authentic sender and not an impostor. To use digital signatures, both the sender and recipient must have a mail application that supports the same encryption type.
Outlook supports two encryption options:
-
S/MIME encryption - To use S/MIME encryption, the sender and recipient must have a mail application that supports the S/MIME standard. Outlook supports the S/MIME standard.
-
Microsoft 365 Message Encryption (Information Rights Management) - To use Microsoft 365 Message Encryption, the sender must have Microsoft 365 Message Encryption, which is included in the Office 365 Enterprise E3 license.
Send a digitally signed message in Outlook for Mac
Before you start this procedure, you must have added a certificate to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help.
-
Choose Outlook and select Preferences.
-
Select the account that you want to send an encrypted message from and select Security.
-
In Certificate, select the certificate that you want to use. You'll only see those certificates that you've added to the keychain for your Mac OSX user account and those certificates that are valid for digital signing or encryption. To learn more about how to add certificates to a keychain, see Mac Help.
-
Select any of the following:
Send digitally signed messages as clear text if you want to make sure that your digitally signed messages can be opened by all recipients, even if they do not have an S/MIME mail application and can't verify the certificate.
Include my certificates in signed messages if you want to allow your recipients to send encrypted messages to you, make sure that you've selected your signing and encryption certificates.
-
Choose OK, and then close the Accounts dialog box.
-
In a message, choose See more items and select S/MIME > Add digital signature.
: If you don't see S/MIME under See more items , select Customizable Toolbar and add S/MIME to the toolbar.
-
Finish composing your message.
Send an encrypted message using S/MIME in Outlook for Mac
Before you start this procedure, you must first have added a certificate to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help. You must also have a copy of each recipient's certificate saved with the contacts' entries in Outlook.
If your recipient is listed on a global address list (GAL) used by Microsoft Exchange Server, the recipient's certificate is published to the directory service and available to you together with other contact information.
If your recipient is listed on an GAL directory service, the recipient's certificate is published to the directory service and available to you together with other contact information.
-
Choose Outlook and select Preferences.
-
Select the account that you want to send an encrypted message from and select Security.
-
In Certificate, select the certificate that you want to use. You'll only see those certificates that you've added to the keychain for your Mac OSX user account and those certificates that are valid for digital signing or encryption. To learn more about how to add certificates to a keychain, see Mac Help.
-
Choose OK, and then close the Accounts dialog box.
-
In a message, choose See more items and select S/MIME > Encrypt with S/MIME.
: If you don't see S/MIME under See more items , select Customizable Toolbar and add S/MIME to the toolbar.
6. Finish composing your message.
: When you send an encrypted message, your recipient's certificate is used to encrypt his or her copy of the message. Your certificate is used to encrypt the copy that is saved to your Sent Items or Drafts folder in Outlook.
Send a digitally signed message in legacy Outlook for Mac
Before you start this procedure, you must have added a certificate to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help.
-
On the Tools menu, select Accounts.
-
Select the account that you want to send a digitally signed message from, and then select Advanced > Security.
-
In Certificate, select the certificate that you want to use. You'll only see those certificates that you've added to the keychain for your Mac OSX user account and those certificates that are valid for digital signing or encryption. To learn more about how to add certificates to a keychain, see Mac Help.
-
Select any of the following:
Send digitally signed messages as clear text if you want to make sure that your digitally signed messages can be opened by all recipients, even if they do not have an S/MIME mail application and can't verify the certificate. Include my certificates in signed messages if you want to allow your recipients to send encrypted messages to you, make sure that you've selected your signing and encryption certificates. -
Select OK, and then close the Accounts dialog box.
-
For Microsoft 365 (Build 16.19.18110402 and higher)
In an email message, choose Options and select Sign.
For Outlook for Mac 2019
In an email message, select Options > Security > Digitally Sign Message.
-
Finish composing your message.
Send an encrypted message in legacy Outlook for Mac
Before you start, you need to add a certificate to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help. You also need a copy of each recipient's certificate saved with the contacts' entries in Outlook.
If your recipient is listed on an LDAP directory service, such as the global address list (GAL) used by Microsoft Exchange Server, the recipient's certificate is published to the directory service and available to you together with other contact information.
If your recipient is listed on an LDAP directory service, the recipient's certificate is published to the directory service and available to you together with other contact information.
Send an encrypted message
-
On the Tools menu, select Accounts.
-
Select the account that you want to send an encrypted message from, and select Advanced > Security.
-
In Certificate, select the certificate that you want to use. You'll only see those certificates that you've added to the keychain for your Mac OSX user account and those certificates that are valid for digital signing or encryption. To learn more about how to add certificates to a keychain, see Mac Help.
-
Select OK, and then close the Accounts dialog box.
-
For Microsoft 365 (Build 16.19.18110915 and higher)
In an email message, choose Options, select Encrypt and pack Encrypt with S/MIME option from the drop-down. For Outlook for Mac 2019 In an email message, select Options > Security > Encrypt Message. -
Finish composing your message.
: When you send an encrypted message, your recipient's certificate is used to encrypt his or her copy of the message. Your certificate is used to encrypt the copy that is saved to your Sent Items or Drafts folder in Outlook
Encrypting with Microsoft 365 Message Encryption in legacy Outlook for Mac
For Microsoft 365 (build 16.19.18110915 and higher)
In an email message, choose Options, select Encrypt and choose the encryption option that has the restrictions you'd like to enforce, such as Do Not Forward or Encrypt-Only.
: Microsoft 365 Message Encryption is part of the Office 365 Enterprise E3 license. Additionally, the Encrypt-Only feature (the option under the Encrypt button) is only enabled for subscribers (Microsoft 365 Apps for enterprise users) that also use Exchange Online.
For Outlook for Mac 2019
In an email message, select Options > Permissionsand pick the encryption option that has the restrictions you'd like to enforce, such as Do Not Forward.
: The Encrypt-Only feature is not enabled in these versions of Outlook for Mac.
More info on digital signing, encryption, and certificate authentication
Here's some information and tips on digital signing, encryption, and certificate authentication in Outlook for Mac.
Term |
Definition |
---|---|
Certificate |
Select the certificate that you want for digital signing. Before you select Choose a Certificate on the Certificate pop-up menu, you must first have a certificate added to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help. |
Signing algorithm |
A method for helping protect the integrity of a digital signature. Outlook can create a digital signature with any of the following algorithms: SHA-512, SHA-384, SHA-256, and SHA-1. Of these four algorithms, SHA-1 is the most compatible with other S/MIME applications, and SHA-512 is the most secure. |
Sign outgoing messages |
Select this option if you want to digitally sign all outgoing messages by default. |
Send digitally signed messages as clear text |
Select this option if you want the contents of the message to be readable for all recipients. This includes recipients without an S/MIME mail application. A recipient without an S/MIME mail application can read a clear text message but can't verify the digital signature. |
Include my certificates in signed messages |
Select this option if you want your recipients to be able to send encrypted messages to you. |
Encryption settings
Term |
Definition |
---|---|
Certificate |
Choose the certificate that you want other people to use to send encrypted messages to you. Outlook also uses your encryption certificate for encrypted messages that are stored in your Sent Items and Drafts folders. Before you select Choose a Certificate on the Certificate pop-up menu, you must first have a certificate added to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help. |
Encryption algorithm |
A method for encrypting a message and its attachments. Outlook can encrypt messages with any of the following algorithms: AES-256, AES-192, AES-128, and 3DES. Of these four algorithms, 3DES is the most compatible with other S/MIME applications, and AES-256 is the most secure. |
Encrypt outgoing messages |
Select this option if you want to encrypt all outgoing messages by default. |
Certificate authentication (available for Exchange accounts only)
Term |
Definition |
---|---|
Client certificate |
Choose the certificate that you want for certificate authentication. Before you select Choose a Certificate on the Certificate menu, you must first have a certificate added to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help. |
See also
Get help with new Outlook for Mac
Secure messages by using a digital signature in Outlook for PC
Find digital ID or digital certificate services