Sending Encrypted Email

The Microsoft 365 email system can be used to send encrypted emails.  These messages are both encrypted in transit, and encrypted at rest.  They are suitable for sending sensitive information but still cannot be used to send credit card information (which must not be transmitted via email in any way).

Before sending encrypted emails - you should not be under a false impression that encrypting an email makes it 100% protected.  It is more protected than other emails and helps better protect emails containing sensitive data, but no system is perfect.  For this reason - once you receive emails back with sensitive info, and have processed that information (either passed it along to another department, or appropriately entered it into another system) you may want to delete the email.  At the very least, you should file such emails into a separate folder and on a periodic (once a month, once a semester, etc.) basis delete these messages.  If your office is receiving such messages - you should delete these emails/files when they are no longer needed as per the record retention policy.

The process of sending an encrypted email is simple - but depends on whether you are using Outlook's web version or the desktop version.

 

Outlook Web Access

Note: This is the method you use if you access your mail via your web browser.

 

  1. Create your email as you normally would, filling in the message body, subject, any attachments, and adding recipients (as to/cc/bcc).
  2. Click the Options bar at the top.
  3. Click the Encrypt button then click Encrypt (under "Set permissions on this item).
  4. Send your message as normal.

See the screenshot below for where these options can be found.


Screenshot highlighting the "Options" button, then the "Encrypt" button, then the "Encrypt" option


Below is what you should see at the top of a message (before sending it) when encryption is enabled.

Screenshot showing the "Encrypt: This message is encrypted" tooltip above the send button

 

 

Outlook Desktop

There are two ways to send encrypted emails via Outlook's desktop version.  The better way is below - but it won't work on some older versions of Outlook.

  1. Create your email as you normally would.  
  2. Before sending the message click on the Options tab.
  3. Click on Permission and choose "Encrypt-Only"
    Screenshot showing the Options, Permission, and "Encrypt-Only" option in Outlook

 

The alternate way is:

  1. Create your email as you normally would.  
  2. Before sending the message, place the following in the beginning of the subject line:
      [Encrypted]
  3. Send your message as normal.
    Note: If you are sending to students - there is a special consideration.  Student email accounts on Office 365 (their @newpaltz.edu account) is forwarded to their Hawkmail account.  That works fine for normal emails but makes the encrypted emails inaccessible for them.  Make sure to send students encrypted email to their @hawkmail.newpaltz.edu accounts.

 

For information on opening encrypted emails, see the Related Articles section of this page.


Best practices for sending encrypted email

Unless you are sending an encrypted email to a recipient that you have frequently sent such messages to, it is strongly recommended that you send them a separate, unencrypted email at the same time.  The purpose of this is to both let them know what you are sending them, and to send them instructions on opening the message.  We recommend something similar to the following:

Hello,

Following this email, you will receive a second email from me.  This second email contains sensitive data, so it is encrypted.  The message contents are regarding <briefly mention what the encrypted message is about, and why the recipient would want or need to open it>.

If you have any issues opening it, please see the following articles on the SUNY New Paltz IT site:

Opening Encrypted Emails - Non-Microsoft 365 users
Opening Encrypted Emails - Microsoft 365 users