Office 365 email encryption—is it secure enough to give you peace of mind?

Can Microsoft offer enough protection to your email correspondence and files? Learn all about Office 365 email encryption and how to gain control of your data.
Outlook lock badge.
Office 365 email encryption—popularly known as Office 365 Message Encryption (OME)—is Microsoft’s legacy encryption method allowing users to send secure internal and external emails. The standard got a revamp when the company released Microsoft Purview Message Encryption (MPME), which is set to replace OME.If you’re subscribed to Office 365, you might be wondering about the level of security you get with OME/MPME. To give you the latest information, this article will cover MPME as the soon-to-be standard encryption method. You’ll learn about its security, availability, and alternatives worth exploring.
Secure your data with the best encryption protocolSkiff Mail provides end-to-end encryption, ensuring the highest protection standard
Sign up

MPME—email encryption for Office 365 users

MPME lets users encrypt their messages to enjoy greater security when sharing private emails and files. Besides encryption, it includes various authorization policies letting users have more control over their sensitive data.The standard combines OME with Information Rights Management (IRM), a set of tools allowing the sender to restrict access and distribution of emails and their contents. It also protects attachments, so your files will be kept safe.With MPME, you can use rights management templates to encrypt your emails and set specific rules for how they’re handled, or you can choose between two default encryption options:
OptionWhat it does
Encrypt OnlyEmails are encrypted without restrictions, letting users copy, forward, or print their contents
Do Not ForwardBesides being encrypted, the email is protected from further distribution, saving, or edits
MPME keeps your emails encrypted even if the recipient uses another email service provider like Gmail or Yahoo. They’ll need a password to open it, which prevents unauthorized access.

MPME availability—who can use Office 365 encrypted email?

The main drawback of MPME is that it’s reserved for the higher-priced Office 365 Enterprise tiers:
Office 365 Enterprise E3$23/user per month
Office 365 Enterprise E5$38/user per month
It’s also available with the more comprehensive Microsoft 365 Enterprise tiers (E3 and E5), as well as:
  • Education plans (A1, A3, and A5)
  • Government tiers (G3 and G5)
  • Microsoft 365 Business Premium
If you use any other plan and want MPME, you’ll need to add it separately as a part of the Azure Information Protection Premium 1, starting at $2/user per month.This encryption type is quite costly, especially for smaller teams and individuals with limited resources. You might want to look for another way to protect your emails if you don’t want to break the bank.

How to secure emails beyond MPME

Microsoft offers different security options besides MPME. Depending on your needs, you can:
  1. Use Exchange Online email encryption
  2. Secure your emails with S/MIME end-to-end encryption

Exchange Online encrypted email—robust security for organizations

Exchange Online is Microsoft’s hosted email service. It’s the cloud version of the company’s on-premise Exchange Server that lets users share emails, calendars, contacts, and similar information necessary for collaboration.The platform supports IRM through Active Directory Rights Management Services (AD RMS), an on-premises information security solution.When you configure AD RMS, you can create rights policy templates and apply them to your emails. This way, you can control access and actions the recipient can take inside or outside your organization.Senders can apply templates manually through Outlook on the Web or dedicated Outlook clients for different platforms. All the policies apply to the email’s contents and attachments and stay enforced even during offline use.Setting up AD RMS is complicated and isn’t something an average user can do without the help of an expert. Even Microsoft states it’s uncommon and suggests using MPME unless your organization has a specific need for such complex security.
Access complete data protection effortlesslySkiff's straightforward and easy-to-use UI allows non-tech-savvy users to enjoy end-to-end encryption
Sign up

Can S/MIME Encryption offer enough protection?

By default, Outlook emails are protected by the TLS (Transport Layer Security) protocol. It secures data in transit, meaning your emails are only safe while traveling between servers but not while resting on them.To ensure comprehensive protection and privacy, you need end-to-end encryption (E2EE). It safeguards your emails from the moment they leave your device so that only the designated recipient can access their contents. Your messages are also safe when being idle, which minimizes the risk of data breaches or various cyberattacks.Microsoft offers E2EE using the S/MIME standard. It’s a certificate-based protocol offering decent protection, but it’s not without flaws. It has been tied to significant vulnerabilities and is complex to set up.You must buy the certificate separately and then configure it on your device, which can be time-consuming for users without the necessary technical knowledge. Then, you can set up S/MIME in Outlook by following these steps:
  1. Go to File > Options
  2. Select Trust Center > Trust Center Settings
  3. Click on Settings under Encrypted Email
  4. Go to Certificates and Algorithms
  5. Click on Choose > S/MIME Certificate
All the effort might not be worth it because of the aforementioned vulnerabilities, as you still wouldn’t have the most secure standard.Most Big Tech email providers use S/MIME or similar encryption standards, making users believe their data is safe. The problem is that providers create the encryption keys and store them on their servers. This means that your provider (and potentially unauthorized third parties) can decipher and access your correspondence.This is why you should choose privacy-first email providers that keep your data confidential. To fortify your correspondence without unnecessary costs or complex setups, choose an E2EE service like Skiff Mail.

Skiff Mail—email privacy for everyone

Skiff doesn’t hide advanced security features behind paywalls, so users can enjoy complete privacy and confidentiality for free with Skiff Mail. The platform supports cutting-edge cryptography to let users leverage the full power of E2EE.Unlike most email service providers, Skiff doesn’t store encryption keys on their servers. The public key is shared among users and lets them send secure emails, while a separate private key is created by the user and stored on their device. As only the recipient has the decryption key, nobody—not even Skiff—can access the correspondence.

Standout features of Skiff’s robust free plan

When you sign up for Skiff, you’ll be greeted by a user-friendly interface letting you send and manage secure emails without friction. You don’t need to install any certificates or add-ons—Skiff made sure all security measures work in the back end without the need for extra input.Skiff’s free plan gets you 10 GB of end-to-end encrypted storage, which is enough for an average user to keep their private files safe. You also get features typically reserved for paid plan users, such as thorough and fast email and text search.If you need to manage multiple inboxes without confusion, you can take advantage of four aliases. They let you funnel emails from multiple addresses into your inbox so that you can stay organized and productive.Skiff Mail supports various crypto wallets to let users communicate and complete transactions anonymously. You can log in with:If you want to learn more about Skiff’s security measures or other features, check out the whitepaper. The platform is open source and welcomes all users willing to review the code, so visit Skiff’s GitHub for detailed information.

Drive, Pages, and Calendar—explore Skiff’s privacy-first workspace

If you need a more secure alternative to Microsoft’s Office suite, Skiff offers three end-to-end encrypted products you can use for free when you create a Skiff Mail account.With Skiff Pages, you can:
  • Create unlimited docs
  • Use a rich text editor to add tables, code blocks, and other elements
  • Collaborate and manage your team without privacy concerns
If you need to store files beyond docs, use Skiff Drive to prevent unauthorized access or data leaks. It supports all file types, letting you keep all your sensitive information safe. Skiff Drive also offers optional integration with the InterPlanetary File System (IPFS), a decentralized peer-to-peer storage network offering exceptional security.To stay organized or schedule private events, use Skiff Calendar—a customizable, end-to-end encrypted tool with numerous handy features:
  • Video conferencing
  • Shared calendars that other team members can see to stay updated
  • Auto syncing—Skiff Calendar automatically pulls events and RSVPs from your inbox
Skiff’s productivity suite is available on browsers, iOS, Android, and macOS. For a detailed compatibility overview, visit the download page.

Get started with Skiff in three quick steps

You can sign up for Skiff without leaving any personal information—all you have to do is:
  1. Go to the signup page
  2. Choose your account name and password
  3. Explore Skiff Mail and other secure products
If you need to transfer your threads and data from Outlook or another provider, use Skiff’s one-click migration to switch in no time.Besides the free plan, Skiff offers three paid tiers that give you more storage, aliases, and additional features like custom domains:
  • Essential (from $3/month)
  • Pro (from $8/month)—Best for advanced users or small teams
  • Business (from $12/month)—Suitable for companies looking to keep their data and projects secure

Ensure proper system security to avoid breaches

Whether you use Office 365 or a privacy-first workspace like Skiff, you must beware of online threats beyond email attacks. If you’re an individual, you can ensure full data ownership through a few simple security practices:
  • Use a secure browser—Browser attacks are common and effective, so you need an option with advanced security measures like anti-phishing or anti-malware features
  • Enable two-factor authentication (2FA)—Microsoft strongly recommends using their Authenticator app and setting up two-factor authentication to secure your account. This security layer is paramount regardless of your service provider, as it protects you from common password attacks. Skiff supports 2FA to let you fortify your email beyond E2EE, so make sure to enable it when you sign up
  • Secure your network—Most wireless routers come with encryption features, so use them to safeguard your connection from Man-in-the-Middle (MitM) attacks. Set a strong password for your network, and use a firewall to shield it against hackers
These measures also apply to business users, who must take some extra steps to fortify their systems. Educate your employees on data security and limit access to accounts outside of the office. Make sure your endpoint protection is up-to-date, and perform regular security audits to proactively deal with vulnerabilities.

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required