How to encrypt an email in Outlook, and is that the best encryption solution?

Outlook logo and secure badge.
A well-configured encryption design is the cornerstone of safe email communication, but Microsoft Outlook doesn’t offer it by default. Whether you’re using Microsoft Office 365 or Outlook on the Web, you have to take additional measures to enable encryption, which can be tricky.Follow this guide to navigate encryption on the platform confidently. We will explain:
  • What is an encrypted email in Outlook?
  • How to encrypt an email in Outlook (you’ll learn the two available methods)
  • How to automatically encrypt emails on the platform
Manually encrypting emails on Outlook can be tedious and time-consuming, so we’ve also discussed some more efficient alternatives to maintain a secure email environment, such as choose an email provider with strong built-in encryption.
Encrypt your emails for total securitySkiff Email uses built-in end-to-end encryption, ensuring your sensitive information remains protected at all times
Sign up

What does it mean to encrypt an email in Outlook?

Encryption, in email terminology, refers to the process of making your digital communication (messages and attachments) unreadable to unauthorized parties. It is necessary because of the way emails are transferred from the sender to the recipient. A typical email travels through several network and web application servers, which means a hacker or malicious actor could infiltrate your communication at any node on the route.Encrypting an email is like putting it in a padlocked box—the message will be accessible only to someone with the decryption key. Know that encryption can be executed using different designs, and manually encrypting an email in Outlook is based on a combination of cryptography setups, such as:
  • Data-in-transit encryption—This design encrypts the communication exchanged between two nodes in the network, but only during transmission
  • Data at rest encryption—Your message is encrypted while stored in a database

How secure is an Outlook email without encryption?

Outlook, like Gmail and Yahoo, is a Big Tech email service provider (ESP) that follows the bare minimum in terms of securing your communication. The industry standard for popular providers is to use basic spam filtering and Transport Layer Security (TLS) protection, which is an in-transit encryption protocol. Your data could remain unprotected because of TLS’s vulnerability to raccoon attacks and other network-level threats.Microsoft Outlook’s in-house encryption features enhance the privacy of your online communication, provided you’re using adequate software and security techniques.

How to send a secure email in Outlook—available methods

Outlook enables encryption via two methods:
  1. Office 365 Message Encryption
  2. S/MIME (Secure/Multipurpose Internet Mail Extensions) Encryption
For both methods to work effectively, all parties involved (the sender and the recipients) must have the same encryption standard enabled on their end. Check out the overview of these methods in the table below, and then we’ll move on to detailed explanations:
Outlook encryptionDescription
Office 365 Message EncryptionThis method allows Microsoft 365 (M365) clients to use the platform’s in-built encryption system for secure communication. The outbound messages are protected by in-transit and at-rest encryption protocols (forwards and replies are also encrypted). You can access this method on desktop and web clients using Enterprise E3 or E5 licenses (costs $32–$36/month) or Azure Information Protection add-on license (in case you have a Business Standard or lower plan)
S/MIMES/MIME is an end-to-end encryption (E2EE) method, which means the message remains encrypted from the time you send it until it is decrypted by the recipient. E2EE is considered the strongest format of cryptography as it combines the benefits of in-transit and at-rest encryption. You don’t need a special Outlook subscription to use S/MIME, but you and the recipient(s) must obtain Individual S/MIME certificates from a certifying authority (which is usually the digital admin of your company or organization) or S/MIME control software

How to send an encrypted email in Microsoft Office 365

Office 365 Message Encryption is designed according to the organization’s Information Rights Management (IRM) policy. The idea is to keep your confidential and personal info encrypted within the Microsoft ecosystem and protected when traveling to other email networks like Gmail.Follow these steps to send an encrypted message from your Office 365 client:
  1. Click on New Mail to create a message
  2. Go to the Options tab
  3. Select the Encrypt button from the ribbon—you’ll find a drop-down menu containing up to five Sensitivity Labels (depending on the software version you’re using):
    1. Encrypt-Only
    2. Do Not Forward
    3. Confidential\All Employees
    4. Encrypt and Prevent Forwarding
    5. Highly Confidential\All Employees
  4. Select Encrypt-Only—a message will appear under the ribbon explaining what the option entails (you can select other Sensitivity Labels as well to see what they do)
  5. Create and send the message like usual
If the recipient uses an Office 365, Outlook 2016/2019, or Outlook mobile app, they will be able to view the message automatically (as the service provider manages the encryption-decryption). In case the recipient uses Gmail or another service, they will have to sign in to their service again and generate a single-use code. Once they enter the code, the message will open.You have a similar encryption setup (but not as sophisticated) if you:
  • Are using Outlook 2016/2019
  • Want to encrypt all outgoing emails

How to encrypt an email in Outlook 2016 and 2019

If you’re using Outlook 2016 or 2019, here is how you can deploy encryption on a single message:
  1. Open the new message window
  2. Go to Files and click on Properties
  3. Navigate to Security Settings from the options box
  4. Check the box beside the Encrypt message contents and attachments label
  5. Exit the settings to compose and send your message

How to automatically encrypt all emails in Outlook

If you frequently send encrypted emails, encrypting all outbound messages makes sense, but know that the recipients must have your digital ID to access them. This is how to set it up:
  1. Click on File and go to Options
  2. Navigate to the Trust Center option on the side panel
  3. Choose the Trust Center Settings button
  4. Select Email Security
  5. Check the box beside Encrypt contents and attachments for outgoing messages (under the Encrypted e-mail section)
  6. Select OK to exit
Keep in mind that the navigation labels or steps may change due to software/user interface alterations made by Microsoft.

How to set up an encrypted email in Outlook with S/MIME

Microsoft Office 365 encryption isn’t foolproof because your data still remains vulnerable to server or insider attacks (and the company’s servers are always a hot target). A skilled hacker can find the decryption keys on the server and access your messages, so many users rely on S/MIME’s end-to-end encryption design for stronger protection.S/MIME users have a public and private key pair—the former encrypts the message, and the latter (which is in possession of the recipient) is used to decrypt it. No one on the network can infiltrate the message because they can’t access the key.To enable S/MIME encryption, you must first acquire the certificate from your IT admin—your key can be stored on a smart card or your PC. Once you have the certificate, do this:
  1. Go to Settings to install the S/MIME control or extension
  2. Navigate to Mail and select S/MIME
  3. Click on Run or Save as prompted
After installation, you’ll get a dialog box asking if you want your <email domain name> to trust S/MIME—make sure to hit Yes for that. Here's how you can encrypt outgoing messages post-setup:
  1. Create a new message
  2. Go to More Options (using the three ellipses “” button)
  3. Scroll to Message Options
  4. Select Encrypt this message (S/MIME) and exit
The relevant S/MIME key will be applied to the message. If you get an error message while sending, it usually means a faulty configuration or an unreadable key.

Drawbacks of Outlook’s encryption features—and alternatives

Outlook’s encryption features are somewhat underwhelming because they are either insufficient or difficult to use. Office 365 encryption hardly gives you peace of mind—in the past, a major security breach led to the leakage of sensitive data like email metadata (subject lines, timestamps, etc.), contact lists, and even email content.While S/MIME’s E2EE setup is more secure, implementing it is a laborious process prone to errors. There have also been cases of missing encryption buttons and confusing licensing policies.Following these drawbacks, many users have started using third-party encryption software or, even better, completely migrated to a reliable end-to-end encryption email service—like Skiff!Skiff is all you wish for in an ideal privacy-first email service. It offers:
  • A stable and robust E2EE setup
  • Modern, intuitive, and user-friendly interface
  • Complete product suite (drive, calendar, and more!)
  • 10 GB of free storage
At Skiff, privacy is a basic right—not something you pay for or configure. Sign up to create your free Skiff account!
Ensure total email encryptionSkiff Email offers top-notch end-to-end encryption, providing utmost confidentiality
Sign up

Skiff makes end-to-end encryption easy and accessible to everyone!

Skiff is built on the concept of simplifying email privacy. You don’t have to jump through hoops to enforce encryption or keep hackers at bay, as the platform’s end-to-end encryption setup is easily available once you sign up. Write any message, with or without attachments, and it will be encrypted in a few simple steps—refer to the whitepaper to see how it is done.
End-to-end encryption on sender label.

Skiff makes end-to-end encryption easy and accessible to everyone!

While you enjoy complete encryption, the account control is 100% yours. Skiff is designed on a zero-trust policy, so no one but you has access to your inbox, encryption keys, calendar, or the content of your messages. While your emails are always safe on Skiff’s network due to E2EE, we have devised additional security protocols to prevent hacking, spamming, and phishing attacks.Here are some other highlights of Skiff’s E2EE email and collaboration platform:
  • Email subject encryption—Most E2EE services do not encrypt email subjects, but Skiff is meticulous about keeping it encrypted as well (as it carries info that can reveal sensitive information)
  • Multi-platform access—Skiff is available via browsers, desktop clients, and mobile apps. You can check out the download options here
  • Zero-knowledge login—Skiff doesn't want its servers to contain vulnerable user identifiers, so the signup/login process doesn’t require or collect any personal info. You can add two-factor authentication (2FA) if you want additional login security
  • E2EE collaboration tools—Skiff is one of the few product suites that are fully encrypted. Your content and uploads, including notes, wikis, and calendar entries, are only visible to you and your chosen collaborators. Sign up and get full access to everything Skiff!

Skiff’s product suite caters to your business and personal needs

Users stick to the outdated encryption setup in Outlook and Gmail because of these platforms’ productivity suites—but not anymore. Skiff brings together all the essentials you’d need to organize and upgrade your online correspondence. It also offers easy document import features so that you have it all in one place.Here’s a bird’s-eye view of Skiff’s four primary products—Skiff Mail, Skiff Pages, Skiff Drive, and Skiff Calendar:
Skiff MailSkiff Mail provides all the necessary functionalities, such as email aliases, custom domains, labels and folders, import and migration, scheduling emails, customization, email search, multi-device sync
Skiff PagesCreate documents in Skiff’s end-to-end encrypted workspace or collaborate with people in real time. You can also make use of multi-language support
Skiff DriveUpload all types of files (like images, PDFs, spreadsheets, and PPTs) on Skiff Drive and sort, preview, or share them as you please. You get 10 GB for free, but you can expand it up to 1 TB. Skiff also offers optional IPFS (InterPlanetary File System) integration if you prefer decentralized storage
Skiff CalendarSkiff Calendar (integrated with your email) is your one-stop solution for organizing meetings, sharing invites, and keeping track of your daily chores
Skiff is open source and committed to transparency. You can check out the code, UI libraries, and privacy policy to verify how the company delivers E2EE services across platforms.

Sign up to upgrade your privacy standards!

Get your Skiff account running in a few easy steps:
  1. Visit the signup page
  2. Enter your chosen username
  3. Set up a strong password—and your account keys will be generated!
If you are a wallet user, you can integrate your crypto wallet with Skiff and use it as an ID to send emails, collaborate, or complete transactions anonymouslySkiff’s free plan provides you with tools necessary for efficient online communication, but you can also upgrade to Essential, Pro, and Business plans for exclusive features!Skiff’s team constantly develops new, impressive features, so join its Discord server or Twitter to keep up with the latest updates.

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required