Want to add a padlock to your email messages? You can use S/MIME in Outlook on the web to increase the security of messages. A digitally encrypted message can only be opened by recipients who have the correct key. A digital signature assures recipients that the message hasn't been tampered with.
Notes:
-
Outlook on the web requires a Windows desktop device to support S/MIME. S/MIME isn't available in Outlook on the web on Mac, iOS, Android, or other non-Windows devices.
-
S/MIME might not be available for your account.
-
If you set up S/MIME in classic Outlook on the web, you'll need to install the new S/MIME control to use S/MIME in the new Outlook on the web.Which version of Outlookontheweb am I using?
Which version of Outlook on the web am I using?
IF YOUR MAILBOX LOOKS LIKE...
You're using the new Outlook on the web
IF YOUR MAILBOX LOOKS LIKE...
You're using classic Outlook on the web
Install the S/MIME control
-
Get a certificate, sometimes referred to as a key or digital ID.
The first step to use S/MIME is to obtain a certificate from your IT administrator or helpdesk. Your certificate might be stored on a smart card, or might be a file that you store on your computer. Follow the instructions provided by your organization to use your certificate.
-
Install the S/MIME control.
-
Go to Settings > Mail > S/MIME. Look for To use S/MIME, you need to install the S/Mime control. To install it, click here. Select Click here.
Note: If you receive an encrypted message before you've installed the S/MIME control, you'll be prompted to install the control when you open the message.
Note: To use S/MIME on Chrome, your computer must be joined to a Microsoft Active Directory domain and have a Chrome policy to include the S/MIME extension. Check with your IT administrator or helpdesk to confirm that your computer is joined to a domain and has the required policy. Instructions for IT administrators can be found in Configure S/MIME settings in Exchange Online for Outlook on the web.
-
When you're prompted to run or save the file, select Run or Open (the choice will vary depending on the web browser you're using).
-
You might be prompted again to verify that you want to run the software. Select Run to continue the installation.
-
Allow the Outlook on the web domain to use the S/MIME control
-
Internet Explorer: You might see the following message when you open Outlook on the web in Internet Explorer for the first time after you install the S/MIME control update:
Do you want to allow the domain <your email domain> to use the S/MIME control to encrypt and decrypt messages in your inbox? Only allow domains that you trust. If you select Yes, you won't be prompted again for this domain. If you select No, the domain won't have access to S/MIME.
Select Yes to trust the domain.
-
Edge and Chrome: You might see the following message the first time you try to use S/MIME in Outlook on the web on Edge or Chrome after you install the S/MIME extension:
S/MIME isn't configured to work with the current domain. You can add it in S/MIME Extension options page in the settings for your browser.
Select the link to go to the settings page, and allow your work or school domain to use S/MIME. The domain is usually the part after the @ sign in your email address. Check with your IT administrator if that doesn't work.
Note: You will have to close and reopen Outlook on the web before you can use the S/MIME control.
Encrypt and digitally sign outgoing messages
After you've installed the S/MIME control, select Settings > Mail > S/MIME to configure S/MIME.
-
Select Encrypt contents and attachment for all messages I send to automatically encrypt all outgoing messages.
-
Select Add a digital signature to all messages I send to digitally sign all outgoing messages.
-
Select Automatically choose the best certificate for digital signing.
Note: All outgoing messages includes new messages, replies, and forwards.
To add or remove digital encryption from an individual message that you're composing:
-
Go to the top of the message and select more options > Message options.
-
Select or deselect Encrypt this message (S/MIME).
If you encrypt an outgoing message and Outlook on the web can't verify that all recipients can decrypt the message, you'll see a notice warning you which recipients might not be able to read the encrypted message. You can then send the message anyway, remove those recipients, or retry to check again.
To add or remove a digital signature from a message that you're composing:
-
Go to the top of the message and select more options > Message options.
-
Select or deselect Digitally sign this message (S/MIME).
If your certificate is stored on a smart card, you'll be prompted to insert the smart card to digitally sign the message. Your smart card may also require a PIN to access the certificate.
Reading encrypted and digitally signed messages
A key icon in the message list or reading pane indicates an encrypted message.
If you normally use Conversation view, you'll have to open the message in a new window to read it. There will be a link on the message to make this easier.
When you receive an encrypted message, Outlook on the web will check whether the S/MIME control is installed and whether there is a certificate available on your computer. If the S/MIME control is installed and there is a certificate available, the message will be decrypted when you open it. If your certificate is stored on a smart card, you'll be prompted to insert the smart card to read the message. Your smart card might also require a PIN to access the certificate.
A ribbon icon in the message list or reading pane indicates a digitally signed message.
If you normally use Conversation view, you'll have to open the message in a new window to read it. Information about the digital signature will be at the top of the message, along with a link that you can select to learn more about the digital signature.
-
Internet Explorer 11 or one of the three most recent versions of Edge or Chrome is required to send and receive encrypted messages, digitally sign messages that you send, and to verify digital signatures on messages that you receive.
-
S/MIME message encryption is supported only on messages sent to and from recipients in your organization's address list. If you send an encrypted message to someone outside your organization, they won't be able to decrypt and read the message.
-
S/MIME digital signatures are only fully supported for recipients inside your organization. Recipients can only verify the digital signature if they're using an email client that supports S/MIME and have installed the S/MIME control.
-
If you send a digitally signed message to a recipient outside your organization, they will be able to read the message. Depending on the email client they're using, they may or may not see and be able to verify the digital signature.
-
Encrypted messages can be read only by intended recipients who have a certificate. If you try to send an encrypted message to a recipient who doesn't have a certificate, Outlook on the web will warn you that the recipient can't decrypt S/MIME encrypted messages.
-
If at least one recipient of an encrypted message has a certificate, Outlook on the web will send the message to all recipients. If none of the intended recipients has a certificate, Outlook on the web won't let you send the message in encrypted form.
-
A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Digitally signed messages can be sent to anyone. However, the recipient must be using an email application that supports S/MIME and have installed the S/MIME control to verify the digital signature. Outlook and Outlook on the web both support S/MIME.
-
The S/MIME control is necessary to verify the signatures of digitally signed messages, but a certificate is not. If you receive a message that's been encrypted or digitally signed and you haven't installed the S/MIME control, you'll see a warning in the message header notifying you that the S/MIME control isn't available. The message will direct you to the S/MIME options page where you can download an S/MIME control installer for the web browser you're using. If you use more than one web browser, you might have to install the S/MIME control for each web browser you use.
No comments:
Post a Comment