Share via

cannot send encrypted emails

Saima Zafar 0 Reputation points
2026-03-02T14:52:47.2866667+00:00

Hi I cant send encrypted emails, my subscription etc is upto date, i can send emails if they are not encrypted.

Outlook | Web | Outlook.com | Email

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Noel Macadangdang 16,205 Reputation points Independent Advisor
    2026-03-02T15:30:32.33+00:00

    Hi,

    Thank you for sharing your question. I understand how frustrating it is when your subscription is active and regular emails send fine, but encrypted messages fail especially when you rely on encryption for secure communication.

    Microsoft’s guidance shows that encrypted emails fail to send when the required encryption components  such as S/MIME certificates or Microsoft Purview Message Encryption configuration are missing, invalid, or not properly recognized by the server. If you are using S/MIME encryption, Outlook requires a valid digital ID for you and valid public certificates for every recipient, otherwise Outlook will return errors or fail to send.

    If you are using Microsoft Purview Message Encryption, sending failures can occur when the mailbox isn’t assigned a valid license, the tenant’s encryption configuration hasn’t been enabled, or the Encrypt button is present but the backend encryption service isn’t working. Microsoft recommends verifying the subscription, checking tenant configuration, and ensuring the account has the appropriate licenses for encryption.

    When you try to send an encrypted message, do you see any specific error message, such as “there was a problem sending this email” or “missing or invalid certificate”?

    If you can share which type of encryption you are using (S/MIME or Microsoft Purview) and the exact error you see, I’ll guide you step‑by‑step to get encrypted email working again.

     

    I hope this helps.

     

    Best Regards,

    Noel

    0 comments
  2. Q&A Assist
    2026-03-02T14:53:02.6866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    For encrypted mail to work, the recipient’s public key or a suitable encryption method must be available. When normal (unencrypted) mail works but encrypted mail does not, the issue is usually with certificates/keys or how encryption is being applied.

    Try these checks and steps:

    1. Verify the encryption method
    • If using S/MIME encryption, a valid S/MIME certificate (digital ID) is required for each recipient.
    • If the recipient is internal (same organization/domain), their public key is typically stored in the Global Address List (GAL) and should be picked up automatically.
    • If the recipient is external, a signed email must usually be exchanged first so the public key can be obtained and installed.
    1. Confirm the recipient’s public key exists
    • For internal recipients: ensure there are no connectivity issues to Exchange so Outlook/OWA can reach the GAL and retrieve the recipient’s certificate.
    • For external recipients: exchange signed mail first. Once the signed mail is received and the certificate installed, encrypted messages can be sent.

    If encryption fails, it is typically because the recipient’s public key is missing.

    1. If using Outlook on the web (OWA) with S/MIME
    • A digital ID that matches the mailbox SMTP address is required. The certificate’s Subject or Subject Alternative Name must contain an SMTP address listed on the account used to sign in.
    • If a certificate exists but its SMTP address does not match the mailbox, an Exchange administrator can configure OWA to allow manual selection of a signing certificate by enabling the AllowUserChoiceOfSigningCertificate registry value on the server, then restarting IIS. After that, in OWA Options → Email security, a certificate can be manually chosen.

    If none of the above applies (for example, using Microsoft 365 message encryption rather than S/MIME), ensure encryption is being applied using the supported method in Outlook/Outlook.com (for example, using the Encrypt/Do Not Forward options as described in the Microsoft 365 encryption documentation) rather than an unsupported or misconfigured path.

    If problems persist, provide details such as:

    • Whether S/MIME or Microsoft 365 message encryption is being used
    • Whether the recipient is internal or external
    • Any exact error message shown when sending the encrypted mail

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.