[mh_category_pill]

How to Send an Encrypted Email on Any Device

[mh_post_meta]
how to send an encrypted email guide featured image

[mh_key_takeaways]

Sending an encrypted email is a different set of steps on every device and every mail app. Office 365 has a button. Gmail has two paths that look similar but work differently. Mac Mail and iPhone Mail share the S/MIME model. Yahoo has no native option at all.

This guide walks through the exact steps for each. It also covers the access side so the recipient knows what to do when the message arrives. For a cross-provider path with one workflow, a gateway service handles the recipient side uniformly and delivers encrypted email to any inbox.

Skip to the section that matches your device. Every section stands on its own with the menu paths named directly.

Send an Encrypted Email in Office 365 With the Encrypt Button

Office 365 on Business Standard and above adds an Encrypt button to the compose ribbon. It uses Microsoft Purview Message Encryption underneath.

Open Outlook. Start a new message. Click the Options tab in the ribbon. Click Encrypt. Choose Encrypt-Only or Do Not Forward.

Write the message and click Send. The recipient receives an email with a link. They authenticate with Microsoft, Google, or a one-time passcode and read the message in a browser.

Setup on the tenant side runs through the Microsoft Purview compliance portal. Admins should follow Microsoft Purview encryption documentation for the exact policy configuration.

how to send an encrypted email in article illustration one

Send an Encrypted Email on Mac With S/MIME

Mac Mail has native S/MIME support. Setup starts with installing an S/MIME certificate in Keychain Access.

Double-click the PKCS 12 file. Enter the password. Choose the login keychain. Keychain Access imports the private key and the certificate together.

Open Mail. Start a new message. If the recipient certificate is available, a lock icon appears next to the recipient field. Click the lock to encrypt. Write the message and click Send.

Signed mail from a recipient adds their public key to the local keychain automatically. This populates the encrypt cache without manual action. Related linked topic: how to send encrypted email for the parallel workflow on Windows.

Send an Encrypted Email From iPhone With S/MIME

iPhone Mail supports S/MIME natively. The certificate installs through a configuration profile pushed by MDM or a manual .p12 file.

Send the .p12 file to yourself, then tap it in Mail. Enter the password. Go to Settings, General, VPN and Device Management, and tap the profile. Tap Install and enter the device passcode.

Open Mail. Start a new message. If the recipient certificate is cached, a blue lock icon appears next to the recipient field. Tap the lock to encrypt. Tap Send.

Enterprise deployments push these profiles automatically through Jamf, Intune, or another MDM. Manual install is fine for a solo user but slow to scale beyond a few devices.

[mh_example]

Send an Encrypted Email in Google Workspace

Google Workspace offers two encryption paths. Confidential mode is available on all tiers. Hosted S/MIME is available on Enterprise Standard, Enterprise Plus, Education Standard, and Education Plus.

For confidential mode, click the lock and clock icon at the bottom of the compose window. Set expiration and passcode. Click Save. Write and Send.

For hosted S/MIME, the admin uploads CA certificates in the Google Admin console under Apps, Google Workspace, Gmail, User Settings. Each user then uploads their personal certificate through Gmail settings under Accounts.

Once configured, a lock icon appears next to the recipient field in the compose window. Green means encryption is possible. Related: how do I send an encrypted email for a full walkthrough of the confidential mode versus hosted S/MIME choice.

how to send an encrypted email in article illustration two

Send an Encrypted Email in Yahoo Mail

Yahoo Mail has no native encrypted email feature. There is no Encrypt button, no confidential mode, and no hosted S/MIME.

The practical workaround is to connect the Yahoo account to Thunderbird by IMAP. Install an S/MIME certificate in Thunderbird. Send encrypted mail from Thunderbird using the Yahoo address as the From address.

The alternative is a gateway service that authenticates against the Yahoo account and sends portal-delivered encrypted mail on its behalf. This is a workaround, not a supported feature.

Yahoo does not offer a Business Associate Agreement. Yahoo is not appropriate for HIPAA use. Practices sending PHI should migrate off Yahoo to a business mail provider that offers a BAA before starting a real encryption program.

Access an Encrypted Email You Received

Access on the recipient side is the mirror of the send side. The path depends on how the sender encrypted the message.

An Outlook Encrypt message arrives with a link. Click it. Authenticate with Microsoft, Google, or a one-time passcode. Read the message in a browser.

An S/MIME encrypted message opens normally inside a client that supports S/MIME and holds the recipient private key. An unsupported client shows an unopenable attachment. Recipients on personal Gmail cannot open S/MIME encrypted mail.

A portal-delivered message from a gateway service arrives with a notification link. Click the link. Enter the passcode. Read the message in the hosted view. Related linked topic: how to open an encrypted email.

[mh_protip]

HIPAA Notes for Sending Encrypted Email

Sending PHI over email requires a signed Business Associate Agreement with the mail provider. Encryption alone does not equal HIPAA compliance.

Microsoft 365 Business Standard and above and Google Workspace Business Standard and above both offer BAAs. Apple iCloud, Yahoo Mail, and free personal Gmail and Outlook.com do not.

The HHS Security Rule requires access controls, audit logging, session timeouts, and workforce training in addition to encryption. Policy documentation is required for a defensible program.

Verify recipient identity before sending PHI. A wrong email address is a HIPAA breach even when the message is encrypted. See related healthcare security context for how email fits inside the wider stack.

Common Sending Problems and How to Fix Them

The Encrypt button is missing in Outlook. Cause. Business Basic tier or free Outlook.com. Fix. Upgrade to Business Standard or higher, or use a gateway service.

The lock icon is grayed out in Mac Mail. Cause. Recipient certificate is not in the local keychain. Fix. Ask the recipient to send a signed message first. The public key caches automatically.

Common sending problems and fixes:

  • Missing certificate on iPhone. Install through Settings and trust the profile
  • Recipient reports unopenable attachment. Recipient client does not support S/MIME
  • Portal notification landed in spam. Add sender portal domain to safe senders
  • Sender From address does not match certificate. Fix in Outlook Trust Center
  • Certificate expired. Renew with the CA and reinstall on all devices

Related: how to troubleshoot encrypted email for a deeper diagnostic walkthrough.

Cross-Device Encrypted Email With a Gateway Service

Managing S/MIME certificates across desktop and mobile at scale is real operational work. Gateway services remove the certificate step by handling encryption at the server.

The sender writes the message in the normal mail app on any device. A trigger word in the subject or a plugin button triggers encryption. The service uploads the message to a hosted portal.

The recipient receives a notification. They click, authenticate with a passcode, and read in a browser. This works on any device with any modern browser.

Mailhippo works this way. It sits on top of Gmail or Outlook, includes a BAA in the base plan, and works uniformly across desktop, iPhone, iPad, and Android. Practices sending PHI to a mix of clinical peers and patients can pair this with healthcare marketing services to keep the intake, contact, and email chain inside the same compliance boundary.

[mh_faqs]

[mh_post_tags]
🔒 Send secure email, free HIPAA-compliant, encrypted email in minutes. No setup, no hassle. Start Free Trial → No credit card required
[mh_categories]
[mh_popular_tags]
[mh_featured_posts]
Send your first secure email today Start free — no credit card required. HIPAA-compliant encryption in minutes. Start Free →