Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

How to Encrypt Email in Outlook 2013

December 15, 2017

There are many ways to encrypt email in Outlook 2013, including both native Microsoft and third-party options. However, many of them are difficult to use, limited to the Microsoft platform, or lacking in protection for emails sent outside the MS ecosystem. Here’s what you need to know about Outlook email encryption.

Outlook 2013 Default and Azure Encryption

Technically, you don’t have to do anything to encrypt email in Outlook 2013. Your messages are protected by TLS encryption — the same technology used in secure web browsing, online transactions, and other major email platforms like Gmail. The problem is, TLS depends on the servers your messages travel through. It’s fairly secure within the Microsoft ecosystem, but if your recipient’s email provider has not configured their servers properly, your email may be sent with a weakened version of TLS, or sent unencrypted, and you’ll have no way of knowing your message has been compromised.

Fortunately, Microsoft provides other Outlook 2013 email encryption options, including native Azure RMS and third-party encryption solutions. There are two major Azure options: Office Message Encryption (OME) and Azure Information Protection (AIP). Information Rights Management (IRM) is technically a third option, but it’s just the on-premise version of AIP, with the same features and drawbacks.

OME doesn’t allow end users to explicitly encrypt emails, but it does provide email encryption through templates configured by administrators. For example, the admin could make a rule that every time a user sends an email with the word “Secure” in the subject line, OME will encrypt it. OME decryption is easy for Microsoft users, but requires some extra work on other platforms. The recipient receives the encrypted message as an attachment. To open it, they have to either create a Microsoft account (or login if they already have one), or obtain a special one-time code. Once the message is decrypted, it cannot be revoked.

AIP does allow explicit encryption, and has powerful admin capabilities, but it only works with other Microsoft accounts. That means you won’t be able to use it to encrypt messages to customers, clients or partners who use a different platform, such as Gmail

How to Encrypt Email in Outlook 2013 with Virtru

Virtru offers both client-side encryption, and extended email protection features for enterprise users and others with enhanced security and privacy needs. Like Azure Outlook encryption, Virtru allows admins to set automatic encryption rules, but it also allows users to explicitly encrypt email to any recipient, no matter what platform they use. Unlike Azure, Virtru can be installed with a few clicks, either by individual users, or by admins pushing the software out to users.

Installing Virtru adds a button to the message composition window, allowing users to encrypt Outlook 2013 emails with a click, then send the message as normal. If the recipient is a Virtru user, the message is decrypted automatically on open. If not, they receive a customizable message, with instructions on how to open the email using the Virtru secure reader. It only takes a couple clicks, and lets the user read messages, download encrypted attachments, and send their own encrypted replies and attachments without creating an account or installing anything.

Virtru for Microsoft Outlook 2013 Email Encryption

Virtru provides the same secure encryption, with extended Outlook 2013 email protection tools, allowing both admins and end users to secure their emails, wherever they go.

Send Secure with Virtru

Features include:

Message Control

Virtru Pro users stay in control of their email message and attachments, even after they hit “send.” Users can Revoke messages with a click, even after they’ve been read, preventing recipients from reading them in the future. Virtru users can also set time limits to automatically revoke access to emails after a certain period of time, preventing a breach if the recipient loses control of their account in the future.

Virtru Pro also allows users to disable message forwarding, preventing the recipient from sharing sensitive data. While some other Outlook email encryption tools have this feature within the Microsoft landscape, Virtru goes further, providing forwarding control in whatever platform the recipient uses.

Data Control

Sharing sensitive files outside your organization is inherently risky. Once the recipient downloads the file, they’re in control of it. You have no way to stop the recipient from sharing the file, or prevent a bad actor from stealing or hacking their device and stealing the data.

With Virtru PDF Watermark, you can share sensitive documents while retaining control. Watermarked PDFs are encrypted, and shared with recipients, but not downloaded locally. When the recipient accesses the file, their Virtru client opens it in the Virtru Secure Reader. If you revoke the message or set a time limit, they will completely lose access to the PDF.

Read Receipt

Azure is capable of providing read receipts within the Microsoft ecosystem, however it lacks visibility outside. There are a range of other read receipt tools, but most of them have false positives, false negatives or both.

Virtru is the only tool to provide 100% accurate read receipt functionality for encrypted email in Outlook 2013. Because Virtru recipients have to contact the Virtru key server to obtain a decryption key, Virtru automatically registers every recipient who opens an email, allowing both end users and admins to see who has opened their messages. This applies to forwarded messages, as well.

Combined with message revoke, read receipt provides a powerful tool for breach mitigation. If you send sensitive information to the wrong recipients and then revoke it, read receipt will let you know who has read the message and who has not, and will lower the risk of recipients resharing the data.

Virtru DLP

Like Azure, Virtru DLP allows admins to automatically protect and encrypt email in Outlook 2013. However, Virtru DLP is much more user friendly. An intuitive graphical interface and pre-configured rules allow admins to start protecting Confidential Business Information in minutes, or create customized, organization-specific protections.

Virtru DLP has a comprehensive range of functions allowing admins to automatically encrypt messages, strip attachments, send, cc or bcc messages, and even warn users if they’re about to break a security rule. This lets users learn complex security and compliance rules from experience, while minimizing the risk of them compromising data by breaking those rules.

Virtru Encryption Key Management

With Azure, Microsoft keeps your keys, which means they can open your email, or be forced to by a FISA warrant or other broad search tactic. This impedes your ability to ensure confidentiality, and may interfere with your compliance strategy for the General Data Protection Regulation (GDPR) and other regimes.

Virtru encryption uses a split architecture separating your keys from your message content. That means neither Microsoft nor Virtru can unilaterally read your messages. Virtru also provides enterprise encryption key management options so that you can retain complete control of your keys.  This ensures that no third party can access your encrypted data, and helps address meet a range of security and compliance needs. For example, you can use CKS to localize control of EU data in a European server, supporting GDPR compliance.

Protect Files and Encrypt Email in Outlook 2013 — And Beyond

Virtru goes beyond Outlook 2013 security, providing complete email protection across your organization. With one app, you can encrypt, Outlook 2013 on desktop and mobile devices, Microsoft Office 365 and OWA. To learn more about how Virtru protects your entire Microsoft , landscape, check out our Complete Guide to Microsoft Office 365 Email Protection