Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information.
In this article:
A message is encrypted, or transformed from plain text into unreadable ciphertext, either on the sender's machine or by a central server while the message is in transit.
The message remains in ciphertext while it's in transit in order to protect it from being read in case the message is intercepted.
Once the message is received by the recipient, the message is transformed back into readable plain text in one of two ways:
The recipient's machine uses a key to decrypt the message, or
A central server decrypts the message on behalf of the recipient, after validating the recipient's identity.
This option works with any email account that you have added to Outlook but requires your recipients to also use Outlook (or an S/Mime compatible email application). Both you and your email recipients must install and share encryption certificates.
If you have a Microsoft 365 email account you can send an encrypted message using OME. This option does not require installing certificates and allows you to send encrypted messages to any email recipient.
Email encryption should be used when sending information that is classified as Confidential or Restricted. Highly Restricted information should never be transmitted by email.
For a description of the classifications and for more information see Guidelines for secure data exchange: Choosing information transmission methods based on the security classification. |
| Certificates (S/MIME) | O365 Message Encryption (OME) |
|---|---|---|
Recommended for Confidential and Restricted information (see section above) | When either your organization or the recipient's organization requires true peer-to-peer encryption. i.e. government agencies. | Sending sensitive information to people inside or outside your organization. |
Ease of setup | Moderate: Both you and your recipients must install certificates. | Easy: no setup required, just select the option to encrypt (Microsoft 365 email required). |
Ease of use - sending encrypted messages | Moderate: Sender and recipient must exchange keys in advance. | Easy: In Outlook - Select options > Encrypt > Send |
Ease of use - receiving encrypted messages | Moderate: Recipient must install certificate. | Easy/Moderate: if you have a Microsoft account and you're using Outlook the message should just open. If not, a passcode is required. |
Mobile use | Moderate: Certificates need to be installed on all devices. | Easy/Moderate: if you have a Microsoft 365 account and you're using the Outlook mobile app the message should just open. If not, a passcode is required. |
Sending secure replies | Easy: since recipient also installed certificate, they can send encrypted. | Easy: replies are automatically encrypted. |
See Email security section: Using certificates (S/Mime) (see Email security section)
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
Need help?Contact the IST Service Desk online or 519-888-4567 ext. 44357. |
Article feedbackIf you’d like to share any feedback about this article, please let us know. |