How encryption works in Microsoft Outlook
Outlook follows a few scenarios before encryption can take place. You should consider all scenarios below in order to successfully encrypt.
Firstly, if you are replying to a digitally signed or encrypted email, Outlook will attempt to use the certificate used for signing or encryption to encrypt back to the person. If the email is digitally signed, then the certificate must support encryption. If there are multiple people included in this email, this method may not work when replying with an encrypted email as all certificates are not included for all recipients.
Next, if the recipient is within your organisation (ie, they are set up on the same Exchange server as you) and they have a certificate, the recipient can publish their certificate to GAL (Global Address List). This allows a copy of the recipients public key to be stored on the Exchange server. When anyone in your organisation attempts to encrypt to this recipient, Outlook will look on the Exchange server first for a corresponding public key.
If neither of the first two scenarios above are met, then Outlook will attempt to use it's contact list credentials for an attached certificate. If the user is outside of your organisation, then you must add them as a contact and include their certificate.
You can obtain the certificates for any QuoVadis customer using the Certificate Lookup tool found at http://www.quovadisglobal.com/en-GB/QVRepository/TestCertificates.aspx.