Note: This feature is currently available in classic Outlook. Check out the Microsoft 365 Roadmap for updates on when it will be available in new Outlook.
A digital signature attached to an email message offers another layer of security by providing assurance to the recipient that you—not an imposter—signed the contents of the email message. Your digital signature, which includes your certificate and public key, originates from your digital ID. And that digital ID serves as your unique digital mark and signals the recipient that the content hasn't been altered in transit. For additional privacy, you also can encrypt email messages.
What's the difference between a digital signature and a standard signature?
A digital signature isn't the same as a signature you routinely include with an outgoing message. Anyone can copy an email signature, which essentially is a customizable closing salutation. But a digitally signed message can come only from the owner of the digital ID used to sign it. The digital ID provides verification of the sender's authenticity, thereby helping to prevent message tampering.
Use a digital ID in new Outlook
Check out the Microsoft 365 Roadmap for updates on when it will be available in new Outlook.
In classic Outlook, you can:
Get a digital ID from a certifying authority
You will need to obtain a digital ID issued by an independent certification authority.
Your organization, however, may have policies that require a different procedure. See your network administrator for more information.
Import, export, or delete a digital ID
Before you import a digital ID, you'll have to have the digital ID or export if from another location. Follow these instructions to both import and export a digital ID in classic Outlook.
-
On the File tab, select Options > Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the E-mail Security tab, under Encrypted e-mail, select Settings.
-
Under Digital IDs (Certificates), select Import/Export.
-
To Import a digital ID, select Browse to locate the Security Profile. You'll need to enter the password you used when you exported the certificate to this file.
-
To Export a digital ID, select the radio button next to Export your Digital ID to a file. You'll need to enter a password to help protect this information.
-
To Delete a digital ID, select the checkbox next to Delete Digital ID from system.
-
Select OK.
Specify the digital ID to use
You might choose to have more than one digital ID—one for your digital signature, which in many areas can have legal significance, and another for encryption.
-
On the File tab, select Options > Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the E-mail Security tab, under Encrypted e-mail, select Settings.
Note: If you have a digital ID, the settings to use the digital ID are automatically configured for you. If you want to use a different digital ID, follow the remaining steps in this procedure.
-
Under Security Setting Preferences, select New.
-
In the Security Settings Name box, enter a name.
-
In the Cryptography Format list, select S/MIME. Depending on your certificate type, you can choose Exchange Security instead.
-
Next to the Signing Certificate box, select Choose, and then select a certificate that is valid for digital signing.
Note: To learn if the certificate is intended for digital signing and encryption, in the Select Certificate dialog box, select View Certificate. An appropriate certificate for cryptographic messaging (such as digital signing) might state, for example, "Protects email messages."
-
Select the Send these certificates with signed messages check box unless you'll be sending and receiving signed messages only within your organization.
Note: The settings that you choose become the default when you send cryptographic messages. If you don't want these settings to be used by default for all cryptographic messages, clear the Default Security Setting for this cryptographic message format check box.
Add a recipient's digital ID to your Contacts
To send and receive encrypted email messages, both the sender and the receiver must share their digital ID certificates with each other.
-
Open a message that is digitally signed as indicated in the message list by a Signature icon.
-
Select and hold (or right-click) the name in the From box, and then select Add to Outlook Contacts.
-
If you already have an entry for this person, select and hold (or right-click) their name in the From field. Select Edit contact, and then select Save & Close.
View a certificate for a contact
-
On the Navigation bar, select People.
-
Select the person's name, and then on the Contact tab, select Certificates.
Digitally sign a single message
-
In the message, on the Options tab, in the Encrypt group, select Sign.
-
If you don't see the Sign Message button, do the following:
-
In the message, select Options.
-
In the More Options group, select the dialog box launcher
-
Select Security Settings, and then select the Add digital signature to this message check box.
-
Select OK, and then select Close.
-
-
If you don't see the Sign Message button, you might not have a digital ID configured to digitally sign messages, and you need to do the following to install a digital signature.
-
On the File menu, select Options > Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings > Email Security
-
Select Import/Export to import a digital ID from a file on your computer.
-
-
-
Compose your message, and then send it.
Digitally sign all messages
-
On the File tab, select Options >Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the Email Security tab, under Encrypted Mail, select the Add digital signature to outgoing messages check box.
-
If available, you can select one of the following options:
-
If you want recipients who don't have S/MIME security to be able to read the message, select the Send clear text signed message when sending signed messages check box. By default, this check box is selected.
-
To verify that your digitally signed message was received unaltered by the intended recipients, select the Request S/MIME receipt for all S/MIME signed messages check box. You can request notification telling you who opened the message and when it was opened, When you send a message that uses an S/MIME return receipt request, this verification information is returned as a message sent to your Inbox.
-
-
To change additional settings, such as choosing between multiple certificates to use, select Settings.
-
Select OK on each open dialog box.
Special cases: Get a digital ID for sending messages by using Microsoft Exchange
Note: This feature requires a Microsoft Exchange Server account.
To get an Exchange Server digital ID—for example, through Key Management Service—the administrator of your Exchange account must have security running on the server and give you a special password, which is known as a token. For more information, see your Exchange administrator.
-
On the File tab, > Options > Trust Center
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the E-mail Security tab, under Digital IDs (Certificates), select Get a Digital ID.
-
Select Set up Security for me on the Exchange > OK
-
In the Digital ID Name box, type your name.
-
In the Token box, type the special password that your Exchange administrator assigned to you.
-
In the Microsoft Office Outlook Security Password dialog box, type a different password for the digital ID, and then type the password again in the Confirm box.
Note: You'll receive a message in your Inbox from the Exchange administrator which requires you to enter the password created in this step.
-
In the dialog box that appears, enter your password, select the Remember password for check box, and then enter the number of minutes that you want Outlook to remember your password.
-
In the Root Certificate Store message that appears, select Yes.
See also
Send encrypted email messages in Outlook
View and reply to encrypted messages in Outlook
Get a digital ID
Find digital ID or digital ID services
Send a digitally signed or encrypted message for Mac
Advanced Outlook.com security for Microsoft 365 subscribers
