Email encryption forever is a pain point in the IT ecosystem. PGP is a great system but hasn’t been widely adopted.
This is how I personally have used PGP in the past, for the <10 PGP emails I have received over my entire lifetime:
(Yes, I know the joke is more about sender verification and less about encryption itself)
Microsoft has rolled out their own solution to the problem: Outlook Protected Messages. A proprietary system on top of an open, wide-spread standard – I don’t really like that but hey, it is better than nothing!
If an Outlook user sends you such a protected email to a non-Outlook and non-GMail address, you will receive an email “Alice has sent you a message that was protected with Microsoft Office 365” and a link to click. You’ll be redirected to a page where you can sign in and receive a single-use code sent to your email address.
But here is the catch: This sign in just doesn’t work! The email I received these messages is not connected to a Microsoft account. So I could not login to request the single-use code. I then tried it with an email which was connected to a Microsoft account – turns out, this also doesn’t work! Even if the protected email was sent to this Microsoft account.
Somehow, the solution to this is to trick Microsoft into your browser being a mobile browser. Then, you are not asked for any sign in but can directly request the single-use code. This is how you do it, using the Browser’s developer tools:
- Copy the link from the protected message
- Open a new empty browser tab.
- Right-click → Inspect
- Click the “device icon”
- On Firefox, it is on the right side of the bar
- On Chrome, it is on the left side of the bar
- On Firefox, it is on the right side of the bar
- Your browser now acts as a mobile browser.
- Enter the link into the address bar
- Request the single-use code to be sent to your email
- Then enter the received code in the browser
