Need to send sensitive information — financial data, personal details, legal documents, or confidential business information — via email? Microsoft Outlook offers several encryption options to protect your messages from unauthorized access. This guide covers every email encryption and password-protection method available in Outlook, from built-in S/MIME encryption to Microsoft 365’s Information Rights Management (IRM).
Why Encrypt Emails in Outlook?
Standard email is not inherently secure — messages travel through multiple servers and can potentially be intercepted in transit. Email encryption ensures that even if a message is intercepted, it cannot be read without the proper decryption key. For businesses, email encryption also demonstrates compliance with data protection regulations like GDPR, HIPAA, and CCPA. It protects not just your organization but also your clients and partners.
Method 1: Encrypt Individual Emails in Outlook
For Microsoft 365 Users (Recommended)
In a compose window, click the Options tab in the ribbon, then click Encrypt. For Microsoft 365 business accounts, you’ll see options including “Encrypt Only” (encrypts the email content) and “Do Not Forward” (prevents the recipient from forwarding the message). These options use Microsoft’s built-in encryption infrastructure and work for any recipient — the recipient receives a secure message they must verify their identity to view.
Setting Encryption as Default for All Messages
To encrypt all outgoing emails by default, go to File → Options → Trust Center → Trust Center Settings → Email Security. Check “Encrypt contents and attachments for outgoing messages”. This applies encryption to every email you send, but requires that recipients either have S/MIME certificates or a Microsoft 365 account to decrypt messages.
Method 2: S/MIME Email Encryption in Outlook
S/MIME (Secure/Multipurpose Internet Mail Extensions) is the industry standard for email encryption and digital signatures. To use S/MIME in Outlook, both the sender and recipient must have S/MIME certificates installed. Obtain an S/MIME certificate from a trusted Certificate Authority (like DigiCert, Comodo, or your organization’s internal CA) or from your IT department. Install the certificate in Windows (Control Panel → Internet Options → Content → Certificates → Personal). Once installed, the encryption and digital signature options appear in Outlook’s compose window under Options → Encrypt.
Method 3: Microsoft 365 Message Encryption (OME)
Office 365 Message Encryption (OME) — now called Microsoft Purview Message Encryption — allows Microsoft 365 business users to send encrypted emails to anyone, including Gmail, Yahoo, and other email addresses outside the organization. The recipient receives a link to a secure web portal where they authenticate (via their email, a one-time passcode, or their Google/Microsoft account) to read the message. This is the easiest encryption method for sending sensitive data to external parties without requiring them to have any special software.
Method 4: Password-Protecting Attachments
Since you can’t password-protect the email body itself (without S/MIME or IRM), a practical approach for sensitive content is to password-protect file attachments. For Word, Excel, and PowerPoint files: go to File → Info → Protect Document → Encrypt with Password and set a strong password. For PDFs: use Adobe Acrobat or a free tool like PDF24 to add a password. For multiple files: create a password-protected ZIP archive using tools like 7-Zip. Always send the password to the recipient through a different channel (text message, phone call) — never in the same email as the attachment.
Method 5: Use Information Rights Management (IRM)
Microsoft 365 Business users can use IRM/Sensitivity Labels to control what recipients can do with an email — restrict forwarding, printing, copying, and set expiration dates. In a compose window, go to Options → Sensitivity (or the sensitivity button in the ribbon) and choose a label like “Confidential” or “Highly Confidential.” Recipients can view the email but cannot forward, print, or copy the content. This is ideal for legal, HR, and financial communications.
Email Encryption Best Practices
- Always encrypt emails containing financial data, passwords, personal IDs, or medical information
- Send file passwords via a separate communication channel (text/phone), never in the same email
- Verify the recipient’s email address before sending any encrypted sensitive data
- Inform recipients in advance that they’ll receive an encrypted message and how to open it
- Use strong, unique passwords for file encryption — minimum 12 characters with mixed characters
Frequently Asked Questions (FAQ)
Can the recipient of an encrypted Outlook email read it without special software?
With Microsoft 365 Message Encryption (OME), yes — any recipient (Gmail, Yahoo, etc.) can read encrypted messages through a secure web portal without installing anything. With S/MIME encryption, the recipient also needs an S/MIME certificate and compatible email software. With password-protected attachments, the recipient just needs the password and appropriate software to open the file type.
Is TLS the same as email encryption?
TLS (Transport Layer Security) encrypts the connection between mail servers (like encrypting the road the email travels on), but it doesn’t encrypt the email content itself when stored on the server. True end-to-end encryption (via S/MIME or OME) encrypts the message content so only the intended recipient can read it — even the mail server operators cannot access the content.
Need help choosing the right email encryption method for your specific situation? Leave a comment describing what kind of data you need to protect and who the recipients are — our team will recommend the best approach.