What Is Outlook Encryption and How Does It Work?
The first electronic mail, or email for short, was sent in 1971 by computer engineer Ray Tomlinson. Back then, it was hard to imagine that email would one day become an essential business tool. But that day has come, and it’s estimated that around 333 billion (yes, billion!) electronic messages are now sent every day.
Yet, email wasn’t designed with security as a priority. In their most basic form, electronic messages can be easily intercepted by malicious third parties and used for all kinds of nefarious purposes.
Fortunately, electronic messages are almost never sent without encryption these days. When a message is encrypted, it gets transformed into the so-called ciphertext. This scrambled form makes absolutely no sense at all unless it’s decrypted first using the correct decryption key.
Outlook can apply encryption in two different ways:
- In transit: Using cryptographic protocols like Transport Layer Security (TLS), Outlook automatically encrypts messages when they leave the sender’s inbox. The messages are then decrypted when they reach the recipient’s mail provider. In transit Outlook message encryption protects against snooping, but it can’t protect against password theft and other direct breaches of email privacy.
- At rest: To prevent someone with direct access to your inbox from reading your messages, you need to apply at rest Outlook encryption using the two supported technologies: S/MIME encryption and Microsoft 365 Message Encryption. These two Outlook email encryption solutions are not enabled by default, but you can easily enable them manually by following the instructions below.
How to Encrypt an Email in Outlook Using S/MIME Encryption
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a robust public key encryption standard that provides end-to-end message security, making it possible for Outlook users to send encrypted emails that can’t be read unless the applicable key pair's private key is provided first.
Here’s how to send an encrypted email in Outlook using S/MIME:
Windows
- Launch Outlook and open the File menu.
- Go to Options > Trust Center > Trust Center Settings.
- Select Email Security in the left pane.
- Choose Settings under Encrypted email (you need a valid digital ID to access encrypted mail settings).
- Click Choose and select the S/MIME certificate under Certificates and Algorithms.
- Click OK.
- Compose your message and click Send.
Mac
- Launch Outlook and open Preferences.
- Navigate to Accounts.
- Select the account you want to send an encrypted message from.
- Click Security.
- Select the certificate that you want to use (only certificates that have been added to the keychain are visible).
- Choose OK.
- Compose a new message.
- Click the three dots to see additional options and select S/MIME > Encrypt with S/MIME.
For the steps above to work, your certificate must be present in the keychain on your computer. Since S/MIME is a public key encryption standard, both the sender and recipient must have a mail application that supports it. Fortunately, all versions of Outlook do support it.
How to Send an Encrypted Email in Outlook Using Microsoft 365 Message Encryption
Alternatively, you can also send encrypted email messages using Microsoft 365 Message Encryption, which is included in the Office 365 Enterprise E3 license. To use it:
Windows
- Launch Outlook and compose a new message.
- Go to the Options tab.
- Select the Encrypt option and select the desired level of permissions, such as Do Not Forward. Just know the Encrypt-Only option is enabled only for subscribers that also use Exchange Online.
- Send the email message.
Mac
- Launch Outlook and compose a new message.
- Go to the Options tab.
- Select the Encrypt option and select the desired level of permissions, such as Do Not Forward. Just know the Encrypt-Only option is enabled only for subscribers that also use Exchange Online.
- Send the email message.
Microsoft 365 Message Encryption is built on Microsoft Azure Rights Management and messages encrypted with it can be read in any version of Outlook, including Outlook for PC, Outlook for Mac, Outlook on the web, Outlook for iOS, and Outlook for Android.
Protect Yourself from Data Breaches
If you use your Outlook address to create online accounts, then it’s only a matter of time before it becomes compromised and included in a data breach. When that happens, cybercriminals are always quick to take advantage of it, so you should change your password and take other precautionary measures as soon as you can.
Clean Email’s Privacy Guard feature was created to help users of the popular inbox organizer regularly check their addresses against known data breaches.
The feature relies on data collected by the Have I Been Pwned project, a massive collection of around 12 billion compromised accounts.
To protect your Outlook address from data breaches using Clean Email’s Privacy Guard:
- Go to: https://app.clean.email/
- Sign in with your Outlook account.
- Select the Monitor feature in the left pane.
- See if your address has been found in any data breaches.
- If it was, change your password immediately.
Besides strengthening your Outlook security and protecting you against data breaches, Clean Email can also help you organize your messages thanks to features like:
- Smart Folders: Let you organize your messages into convenient bundles. You can then click a button and apply the same action to all messages in a bundle.
- Auto Clean: You can apply actions to emails arriving to your inbox automatically to constantly keep it in top shape.
- Unsubscriber: Makes it possible to effortlessly send unsubscribe requests on your behalf and block mailing lists and senders who do not respect such requests.
These and other inbox management features make Clean Email an indispensable ally for all Outlook power users whose productivity depends on the state of their inbox. Besides Outlook, Clean Email also works with other major email providers, including Gmail, Yahoo, and AOL.
Encrypt an Email in Outlook - FAQs
How to add the encrypt button to my Outlook toolbar?
If the encrypt button is missing from your Outlook toolbar, then you should double-check if your certificates have been imported correctly. You can also try reverting to the old version of Outlook if you’re using the new one. Also, some of Outlook’s encryption features require an enterprise license to work.
Can I encrypt a PDF in Outlook?
Yes, you can apply S/MIME encryption and Microsoft 365 Message Encryption to encrypt the entire message, including any PDF attachments.
How to encrypt attachments in Outlook?
All Outlook users with the Office 365 Enterprise E3 license can quickly encrypt attachments using Microsoft 365 Message Encryption just by clicking the Encrypt option in the Options tab.
