How to check if Outlook is using TLS encryption

Featured image

Share this article

How to Check if TLS Encryption Is Being Used in Outlook - Paubox

Avoid HIPAA violations for HIPAA compliant email

Email is a popular target for hackers because every email account is a potentially vulnerable endpoint that can be compromised. Attacks like ransomware are increasingly common. Email can be intercepted, creating a potential HIPAA violation for covered entities.

Email can be protected via encryption, most commonly using an industry standard called Transport Layer Security (TLS).

We’ve covered different ways to check your email setup for TLS support, including checking for TLS encryption in Google’s email services.  But out about Outlook?

Does Outlook support TLS and is my HIPAA email encrypted?

The Microsoft Office Suite, and its online counterpart Microsoft 365, is the most popular collection of software tools for businesses (though Google’s offering is proving to be a fierce competitor in the cloud space).

Microsoft’s email application, Outlook, does support TLS, and in March, Microsoft began requiring TLS version 1.2, and dropping support of TLS 1.0 and 1.1. (Paubox supports both TLS 1.2 and 1.3, per NSA guidelines).

However, even though this means that email sent and received via Outlook can be encrypted, it doesn’t mean email is encrypted. If a recipient is using an email service provider that does not support TLS, the encryption is removed and the message is delivered in plain text—making it easy for malicious parties to intercept it.

How do you check for TLS encryption in Outlook and how to keep HIPAA email secure?

As with Google’s Gmail service, you can see if an Outlook message was encrypted by reviewing the email header. Microsoft’s design is not quite as simple as Google’s, and is different depending on which version you’re using: either the locally installed Outlook application or the web-based Microsoft 365 interface.

In Outlook, you need to open the message in a new window.  Double-click the message in the inbox list, then open the “File” menu and select “Properties.”

How to check if Outlook Is using TLS encryption

In Microsoft 365, you click the three dots at the top right of the message window:

How to check if Outlook Is using TLS encryption

In both cases, you will be presented with the raw email message header. It includes a lot of information and can be daunting. To make it easier to review, you can copy it into a new Notepad or text file, where you can use a “Find” tool to search through it.

You should see “TLS” or a TLS version identifier in the header. It may say “TLS1.2” or “TLS1.3.” If you see this, TLS was used to secure this message.

Obviously, this process could be simpler.

Other ways to check for TLS support

The CheckTLS website is a popular, free tool you can use to check your company’s support for TLS. Run by SecureMail, LLC, the site also pitches various security services like EmailSentry, an Outlook plugin that makes email security information more accessible.

If you’re a system administrator, you can also use mail flow controls to require the use of TLS encryption when exchanging email with other specific organizations. This is not a simple process, however, and an incorrect configuration could cause email delivery issues.

Is my email HIPAA compliant and encrypted by TLS?

Email encryption is important but technically complex. TLS only works when both the sender are receiver are using email systems configured to use it. If not, encryption is typically dropped, making your messages vulnerable to hackers.

Fortunately, Paubox has patented a method to maintain privacy and security even if the receiver is not using TLS: the message is not delivered in plain text, and instead it is made available via a secure HTTPS link.

When you use Paubox Email Suite for HIPAA compliant email, you have a seamless, multi-layered solution for secure email, using the latest industry security standards.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Ryan Ozawa

Read more by Ryan Ozawa

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022