How do I send an encrypted email using Office 365?

Overview

Office 365 delivers multiple encryption options to help us meet our needs for email security. This article describes how to encrypt email in Office 365.

Table of Contents

How to Begin

IMPORTANT: To make use of the features in this article, your Outlook client must be at least version 16.0.11126.20188, which is the December 2018 build of the O365 Office client. To check which version you're running you can:

  1. In Outlook, select File.

    where to find File in the menu
     
  2. Select Office Account. If you don't see the Office Account option, select Help. You'll see the product version on the right side of the page.
     
  3. You'll find your version and build number under Product Information. For example, yours may list Microsoft 365 Apps for enterprise, and you can see which apps it contains by their icons.
     
  4. Select About Outlook.

about outlook button

 

location to view the outlook version

If you are using Windows 10 and your Outlook doesn't match the images above, you're likely using an older, unsupported version of Outlook, such as Outlook 2003. You can often find the Outlook product version by selecting Help > About.

If your version is not at least 16.0.11126.20188, contact your departmental IT staff for assistance in upgrading, or download the latest version from http://officedownload.uic.edu. You can also use the web client to access O365 regardless of the version of Outlook you have installed locally and take advantage of the latest technology by going to http://outlook.uic.edu. You will likely see a certificate warning if you follow the previously noted link. It is safe to proceed.

About the Outlook message encryption feature

Microsoft released a feature update for Outlook In version 1812 (Build 1126.20188) that puts all your encryption options in one place. The encryption feature lets you share your confidential and personal information while ensuring that your email message stays encrypted and doesn’t leave Office 365
 

Supported Outlook clients

  • Outlook desktop client (Outlook for Office 365, Outlook for Office 365 2019, Outlook for Office 365 2019)
  • Outlook desktop client for Mac (Outlook for Microsoft 365 under O365 subscription)
  • Outlook on the web

What encryption types are available to me and what do they mean?

  • Outlook desktop client
    • Encrypt-Only
    • Do Not Forward
       
  • Outlook on the web
    • Do Not Forward
    • Encrypt
    • Confidential
    • Confidential View Only
       
    • Encrypt Only: The message is encrypted but no restrictions are placed on the message.
       
    • Do Not Forward: Only the recipients of the email or document (data file) will be able to view and reply. They cannot forward or share with other people or print. Even if someone you did not specifically give permission to access the file gets it, he or she will not be able to view the contents, because the policy is checked upon opening and the information is encrypted the entire time.
       
    • Confidential: Only people in UIC's Microsoft Office 365 environment can view the content, make edits, and share with others inside UIC's Microsoft Office 365 environment.
       
    • Confidential View Only: Only people in UIC's Microsoft Office 365 environment can view this content but cannot edit or change it in any way. They can share with others inside UIC's Microsoft Office 365 environment.

How do I send an encrypted message?

Outlook for O365 365 client (Windows) -- In a New Email message, choose Options, select Encrypt and pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward.


locate encrypt-only option

Outlook for Mac -- In a new email message, choose Options, select Encrypt, and pick the encryption that has the restrictions you want to enforce.

Outlook on the Web -- In a new message, click Options, click Encrypt, then click Encrypt under "Set permissions on this item".

Outlook Web Encryption
 

Are my attachments encrypted?

Yes.
 

How can an external recipient open the encrypted message?

When the encrypted message arrives in the external recipient's mailbox they will need to click on the "Read the message" button which will redirect them to the secure portal.
message with read the message button

The secure portal will give the recipient two options to view the encrypted message.

  1. Sign in with their existing email provider's email address and password.
    The recipient may be prompted by their email provider to agree to a small disclosure for access.

    protected message sign in screen
  2. Once the recipient enters the one-time passcode, they will also have the option to select "This is a private computer. Keep me signed in for 12 hours."
     
  3. Sign in with a one-time passcode (the passcode will be sent to the recipient's Inbox). Please note there is an expiration limit of 15 minutes.

one-time passcode message

 

How can a recipient of an Encrypted message reply after viewing the encrypted message?

Once the user has authenticated with either their social ID (email provider) or a one-time passcode, they will have the ability to view the encrypted message and reply within the secure portal.

If the sender selected Do Not Forward when sending the encrypted message, the Forward and Print options will be grayed out.


settings 
 

Do encrypted messages always have to be viewed via the O365 secure portal?

Yes, to view the content they will always be redirected to the secure portal no matter what option they select.

Do messages remain Encrypted after a recipient forwards the encrypted message?

Yes. To allow the new recipient of the forwarded message to successfully view the secure message, the forwarder needs to ensure the forward action is done inside of the secure portal where they can see the encrypted message. The forwarder will get a notification when performing this action.

*If the forwarder does not forward the message via the secure portal and decides to forward the encrypted notification, the forwarded recipient will not be able to view the encrypted message.

Why Don't I See the Encrypt Button in the Compose Window on Office for Mac?

Office for Mac 2019 can be licensed in two ways, either with a perpetual/volume license or by you signing into your UIC Office365 account when you first launch an Office app (though this is separate from signing into your Exchange account when you first launch Outlook). Microsoft separates some product features away from the volume license, among which is e-mail encryption.

Only university-owned devices should be using the perpetual license.

To check if your Office for Mac installation is licensed using the Volume License:

  1. Open any Office for Mac application.
     
  2. Click the name of that application in the menu bar, then click About.

    location to find about microsoft word
    screen with license details
  3. Check your license type. If your license type reads "Microsoft 365 Subscription," and you still can't see the e-mail encryption options, contact us.
     
  4. If your license type reads "Volume License 2019," you will need to change your license type. This will require credentials for an administrator account on your Mac. If you do not have an administrator account, contact your departmental IT team for assistance

To change your license type:

  1. Download the Microsoft_Office_License_Removal_2.1.pkg file from https://go.microsoft.com/fwlink/?linkid=849815
     
  2. Save any work and close all Office applications.
     
  3. Double click the license removal package and complete the installation. This package doesn't actually install any files, but deletes the relevant license files on your Mac. None of your other Office settings or data will be deleted.
     
  4. Open any Office application. You will be prompted to sign in.
     
  5. Enter your NetID, click Next, and enter your UIC common password. Click Sign In.

    uic log in page
  6. Your Office for Mac installation should now be licensed using the Microsoft 365 license. To double check, click the name of the Office application in the menu bar, click About, and confirm the license type reads "Microsoft 365 License." If you are having trouble activating Office, follow the steps in this article: https://help.uillinois.edu/TDClient/37/uic/KB/ArticleDet.aspx?ID=576
    365 license screen