Use Outlook 2007 to help protect messages

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

Topic Last Modified: 2016-11-14

You have two main options for helping to protect messages in Microsoft Office Outlook 2007 from unauthorized use, tampering, or change: 1) cryptographic messaging using the S/MIME standard, and 2) Information Rights Management (IRM). While both of these options can help protect messages your users send and receive, they work differently and are each best suited for different scenarios.

S/MIME is a standard for sending digitally signed and encrypted e-mail messages. Using S/MIME in Outlook is the preferred way to:

• Sign a message to prove the identity of the sender. S/MIME is the only option the 2007 Microsoft Office system supports for digital signatures. It is not possible to tamper with an IRM message, and in this way it is similar to a signed message. But IRM protection is more limited because there are no authorities that attest to the identities of the senders, and the Outlook user interface does not show information about the identity of the sender.

• Help ensure that Internet e-mail messages are not vulnerable to attackers that use software to monitor and intercept e-mail traffic over the Internet. The focus is on the Internet, as that is where point-to-point encryption is most valuable and where interoperability standards are most important.

The biggest value in using S/MIME is when users send and receive e-mail messages outside corporate boundaries, where they are not protected by the corporate firewall.

Another feature that can help to protect messages in Outlook is IRM. IRM gives organizations and information workers greater control over sensitive information. IRM is the preferred way to help to:

• Protect e-mail conversations containing sensitive information by restricting the ability to forward or copy the messages in an e-mail thread. The reasons to use IRM have little to do with whether an unauthorized person outside the organization—for example, a hacker on the Internet—will intercept the communication. Instead, IRM is used most efficiently when the sender is concerned that the intended recipient will share the information inappropriately.

• Prevent people from using out-of-date information by enforcing message expiration. With IRM, expiration dates on messages are enforced, unlike expiration dates set on messages without IRM.

The biggest value for IRM is within the corporation, where employees need to share information while maintaining some control over who has access to this information IRM is especially helpful in ensuring that this information does not leak outside the corporate firewall.