Note: To use encryption, your account must have a qualifying Microsoft 365 business subscription. Compare all Microsoft 365 Plans.
A digital signature attached to an email message offers another layer of security by providing assurance to the recipient that you—not an imposter—signed the contents of the email message. Your digital signature, which includes your certificate and public key, originates from your digital ID. And that digital ID serves as your unique digital mark and signals the recipient that the content hasn't been altered in transit. For additional privacy, you also can encrypt email messages.
What's the difference between a digital signature and a standard signature?
A digital signature isn't the same as a signature you routinely include with an outgoing message. Anyone can copy an email signature, which essentially is a customizable closing salutation. But a digitally signed message can come only from the owner of the digital ID used to sign it. The digital ID provides verification of the sender's authenticity, thereby helping to prevent message tampering.
Get a digital ID from a certifying authority to use in new Outlook
You will need to obtain a digital ID issued by an independent certification authority. Your organization, however, may have policies that require a different procedure. See your network administrator for more information.
Import or export a digital ID in new Outlook
Before you can import a digital ID, you need to already have the digital ID and know where it is on your device. Use the following instructions to either import or export a digital ID in new Outlook.
Import a digital ID
-
Select Settings > Mail > S/MIME.
-
Under Digital IDs (Certificates), select Import to import a digital ID.
-
Select Browse to locate the digital ID, and enter the password you used when you exported the certificate to this file.
Export a digital ID
-
To export a digital ID, select Settings > Mail > S/MIME.
-
Select Export.
-
From the Export Digital ID pane, select Browse to locate the ID.
-
Enter a password to help protect this information. If you don't see any specific certificate in list, it may be because it wasn't marked as Exportable at the time of creation.
Digitally sign a single message
-
In the message, on the Options tab, in More Options, select Digitally sign this message.
If you don't see the Sign Message button, you might not have a digital ID configured to digitally sign messages, or it not active for you. -
Compose your message and then send it.
Digitally sign all messages in new Outlook
-
Select Settings > Mail > S/MIME >
-
Select Add a digital signature to all messages I send. If this option isn't available, it means your admin manages this setting on your behalf.
Note: The settings in new Outlook and Outlook on the web are synchronized. This means that any changes made in new Outlook will be reflected in Outlook on the web and vice versa.
In classic Outlook, you can:
Get a digital ID from a certifying authority
You will need to obtain a digital ID issued by an independent certification authority.
Your organization, however, may have policies that require a different procedure. See your network administrator for more information.
Import, export, or delete a digital ID in classic Outlook
Before you import a digital ID, you'll have to have the digital ID or export if from another location. Follow these instructions to both import and export a digital ID in classic Outlook.
-
On the File tab, select Options > Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the E-mail Security tab, under Encrypted e-mail, select Settings.
-
Under Digital IDs (Certificates), select Import/Export.
-
To Import a digital ID, select Browse to locate the Security Profile. You'll need to enter the password you used when you exported the certificate to this file.
-
To Export a digital ID, select the radio button next to Export your Digital ID to a file. You'll need to enter a password to help protect this information.
-
To Delete a digital ID, select the checkbox next to Delete Digital ID from system.
-
Select OK.
Specify the digital ID to use in classic Outlook
You might choose to have more than one digital ID—one for your digital signature, which in many areas can have legal significance, and another for encryption.
-
On the File tab, select Options > Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the E-mail Security tab, under Encrypted e-mail, select Settings.
Note: If you have a digital ID, the settings to use the digital ID are automatically configured for you. If you want to use a different digital ID, follow the remaining steps in this procedure.
-
Under Security Setting Preferences, select New.
-
In the Security Settings Name box, enter a name.
-
In the Cryptography Format list, select S/MIME. Depending on your certificate type, you can choose Exchange Security instead.
-
Next to the Signing Certificate box, select Choose, and then select a certificate that is valid for digital signing.
Note: To learn if the certificate is intended for digital signing and encryption, in the Select Certificate dialog box, select View Certificate. An appropriate certificate for cryptographic messaging (such as digital signing) might state, for example, "Protects email messages."
-
Select the Send these certificates with signed messages check box unless you'll be sending and receiving signed messages only within your organization.
Note: The settings that you choose become the default when you send cryptographic messages. If you don't want these settings to be used by default for all cryptographic messages, clear the Default Security Setting for this cryptographic message format check box.
Add a recipient's digital ID to your Contacts in classic Outlook
To send and receive encrypted email messages, both the sender and the receiver must share their digital ID certificates with each other.
-
Open a message that is digitally signed as indicated in the message list by a Signature icon.
-
Select and hold (or right-click) the name in the From box, and then select Add to Outlook Contacts.
-
If you already have an entry for this person, select and hold (or right-click) their name in the From field. Select Edit contact, and then select Save & Close.
View a certificate for a contact
-
On the Navigation bar, select People.
-
Select the person's name, and then on the Contact tab, select Certificates.
Digitally sign a single message in classic Outlook
-
In the message, on the Options tab, in the Encrypt group, select Sign.
-
If you don't see the Sign Message button, do the following:
-
In the message, select Options.
-
In the More Options group, select the dialog box launcher
in the lower-right corner. -
Select Security Settings, and then select the Add digital signature to this message check box.
-
Select OK, and then select Close.
-
-
If you don't see the Sign Message button, you might not have a digital ID configured to digitally sign messages, and you need to do the following to install a digital signature.
-
On the File menu, select Options > Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings > Email Security
-
Select Import/Export to import a digital ID from a file on your computer.
-
-
-
Compose your message, and then send it.
Digitally sign all messages in classic Outlook
-
On the File tab, select Options >Trust Center.
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the Email Security tab, under Encrypted Mail, select the Add digital signature to outgoing messages check box.
-
If available, you can select one of the following options:
-
If you want recipients who don't have S/MIME security to be able to read the message, select the Send clear text signed message when sending signed messages check box. By default, this check box is selected.
-
To verify that your digitally signed message was received unaltered by the intended recipients, select the Request S/MIME receipt for all S/MIME signed messages check box. You can request notification telling you who opened the message and when it was opened, When you send a message that uses an S/MIME return receipt request, this verification information is returned as a message sent to your Inbox.
-
-
To change additional settings, such as choosing between multiple certificates to use, select Settings.
-
Select OK on each open dialog box.
Special cases: Get a digital ID for sending messages by using Microsoft Exchange
Note: This feature requires a Microsoft Exchange Server account.
To get an Exchange Server digital ID—for example, through Key Management Service—the administrator of your Exchange account must have security running on the server and give you a special password, which is known as a token. For more information, see your Exchange administrator.
-
On the File tab, > Options > Trust Center
-
Under Microsoft Outlook Trust Center, select Trust Center Settings.
-
On the E-mail Security tab, under Digital IDs (Certificates), select Get a Digital ID.
-
Select Set up Security for me on the Exchange > OK
-
In the Digital ID Name box, type your name.
-
In the Token box, type the special password that your Exchange administrator assigned to you.
-
In the Microsoft Office Outlook Security Password dialog box, type a different password for the digital ID, and then type the password again in the Confirm box.
Note: You'll receive a message in your Inbox from the Exchange administrator which requires you to enter the password created in this step.
-
In the dialog box that appears, enter your password, select the Remember password for check box, and then enter the number of minutes that you want Outlook to remember your password.
-
In the Root Certificate Store message that appears, select Yes.
Get a digital ID from a certifying authority to use in Outlook on the web
You will need to obtain a digital ID issued by an independent certification authority. Your organization, however, may have policies that require a different procedure. See your network administrator for more information.
Digitally sign a single message in Outlook on the web
-
In the message, on the Options tab, in More Options, select Digitally sign this message.
-
Compose your message and then send it.
Digitally sign all messages in Outlook on the web
-
Select Settings > Mail > S/MIME >
-
Select Add a digital signature to all messages I send. If this option isn't available, it means your admin manages this setting on your behalf.
Note: The settings in new Outlook and Outlook on the web are synchronized. This means that any changes made in Outlook on the web will be reflected in new Outlook and vice versa.
See also
Verify the digital signature on a signed email message
Find digital ID or digital signature services
Open encrypted and protected messages
Send S/MIME or Microsoft Purview encrypted emails in Outlook
Set up Outlook to use S/MIME encryption
Learn about securing and protecting email messages in Outlook