What Is Outlook Encryption and How Does It Work?
The first electronic mail, or email for short, was sent in 1971 by computer engineer Ray Tomlinson. Back then, it was hard to imagine that electronic mail would one day become an essential business tool. But that day has come, and it’s estimated that over 347 billion (yes, billion!) electronic messages are now sent every day.
Yet, email wasn’t designed with security as a priority. In their most basic form, electronic messages can be easily intercepted by malicious third parties and used for all kinds of nefarious purposes.
Fortunately, emails are almost never sent without encryption these days. When a message is encrypted, it gets transformed into the so-called ciphertext. This scrambled form makes absolutely no sense at all unless it’s decrypted first using the correct decryption key.
Outlook can apply encryption in two different ways:
- In transit: Using cryptographic protocols like Transport Layer Security (TLS), it automatically encrypts messages when they leave the sender’s inbox. The messages are then decrypted when they reach the recipient’s mail provider. In transit, Outlook email encryption protects against snooping, but it can’t protect against password theft and other direct breaches of email privacy.
- At rest: To prevent someone with direct access to your inbox from reading your messages, you need to apply at rest Outlook encryption using the two supported technologies: S/MIME encryption and Microsoft 365 Message Encryption. These two Outlook email encryption solutions are not enabled by default, but you can easily enable them manually by following the instructions below.
How to Encrypt an Email in Outlook Using S/MIME Encryption
Encrypting email in Outlook provides an extra layer of security for sensitive information and S/MIME (Secure/Multipurpose Internet Mail Extensions) is a robust public key encryption standard. It provides end-to-end message security, making it possible for the users to send encrypted emails that can’t be read unless the applicable key pair's private key is provided first.
Here’s how to send a secure email in Outlook using S/MIME:
On Windows:
- Launch Outlook desktop application and open the File menu.
- Go to Options → Trust Center → Trust Center Settings.
- Select Email Security in the left pane.
- Choose Settings under Encrypted email (you need a valid digital ID to access encrypted mail settings).
- Click Choose and select the S/MIME certificate under Certificates and Algorithms.
- Click OK.
- Compose your message and click Send.
How to encrypt Outlook email on Mac:
- Launch Outlook desktop application and open Preferences.
- Navigate to Accounts.
- Select the account you want to send an encrypted message from.
- Click Security.
- Select the certificate that you want to use (only certificates that have been added to the keychain are visible).
- Choose OK.
- Compose a new message.
- Click the three dots to see additional options and select S/MIME → Encrypt with S/MIME.
💡 Note: For the steps above to work, your certificate must be present in the keychain on your computer. Since S/MIME is a public key encryption standard, both the sender and recipient must have a mail application that supports it. Fortunately, all versions of Outlook do support it.
How to Send an Encrypted Email in Outlook Using Microsoft 365 Message Encryption
Alternatively, you can also send encrypted email messages using Microsoft 365 Message Encryption, which is included in the Office 365 Enterprise E3 license. To use it:
For Windows users:
- Launch Outlook desktop application and compose a new message.
- Go to the Options tab.
- Select the Encrypt option and select the desired level of permissions, such as Do Not Forward. Just note that the Encrypt-Only option is enabled only for subscribers who also use Exchange Online.
- Send the message.
For Mac users:
- Launch Outlook 365 app and compose a new message.
- Click the Encryption option in the toolbar.
- Choose Encrypt with Microsoft 365 Message Encryption or select another level of permissions, such as Do Not Forward.
- Send the encrypted message.
💡 Note: The Encrypt-Only option is enabled only for subscribers who also use Exchange Online.
Microsoft 365 Message Encryption is built on Microsoft Azure Rights Management and messages encrypted with it can be read in any version of Outlook, including those for PC, Mac, web, iOS, and Android.
Protect Yourself from Data Breaches with Clean Email
You're doing a good job when you encrypt Outlook email. However, if you use your Outlook address to create online accounts, it's only a matter of time before it becomes compromised and included in a data breach. When that happens, cybercriminals are quick to take advantage of it, so you should change your password and take other precautionary measures as soon as you can.
Clean Email’s Privacy Monitor feature was created to help users of the popular inbox organizer regularly check their addresses against known data breaches.
The tool relies on data collected by the Have I Been Pwned project, a massive collection of around 12 billion compromised accounts.
To protect your Outlook address from data breaches using Clean Email’s Privacy Monitor:
- Go to: app.clean.email
- Sign in with your email account.
- Select the Privacy Monitor feature in the left pane.
- See if your address has been found in any data breaches.
- If it was, change your password immediately.
Unfortunately, Clean Email can't help with sending secure email in Outlook because it is not an email client. However, it can bolster your mail security with its robust feature suite to help you manage your inbox efficiently.
One such feature is the Screener tool. This feature intercepts emails from new senders, placing them in a separate folder for your review. To use it, follow these steps:
- Open Clean Email and connect your mailbox.
- Go to the Screener section.
- Turn on the Screener by clicking the toggle switch at the top left or by clicking the Enable Screener button.
- Confirm your choice by clicking the toggle switch labeled I understand, then click Continue.
- Review and select your desired settings.
- Click Enable Screener to activate the feature.
Once activated, the Screener tool offers a proactive approach to email security by quarantining messages from new senders. You have the flexibility to review these messages and decide whether to block or approve the senders. If approved, future emails from these senders will directly land in your inbox.
The tool also provides customization options, allowing you to adjust settings based on message types and even set up notifications for new screened senders.
Another useful feature, Smart Folders, automatically categorize your messages, allowing you to apply bulk actions with a single click. For example, you can click the ‘Social notifications’ folder to select all your notifications from social media platforms and then delete or archive them together.
The Auto Clean feature enables you to set up rules that automatically apply actions to incoming emails, keeping your inbox organized.
The Unsubscriber feature makes it possible to effortlessly send unsubscribe requests on your behalf and block mailing lists and senders who don't comply.
These and other inbox management features make Clean Email an indispensable ally for all Outlook power users whose productivity hinges on the state of their inbox. In addition to Outlook, Clean Email is compatible with other major mailbox providers, including Gmail, Yahoo, and AOL. The app is available on web, desktop, and mobile platforms.
Wondering to learn more about email security? Check out our other guides about how to send a secure email and how to send an anonymous email without being traced.
How to Encrypt Email in Outlook - FAQs
How to add the encrypt button to my Outlook toolbar?
If the encrypt button is missing from your toolbar, then you should double-check if your certificates have been imported correctly. You can also try reverting to the old version of Outlook if you’re using the new one. Also, some of Outlook’s encryption features require an enterprise license to work.
Can I encrypt a PDF in Outlook?
Yes, you can apply S/MIME encryption and Microsoft 365 Message Encryption to encrypt the entire message, including any PDF attachments.
How to encrypt email in Outlook easily?
To encrypt Outlook email, navigate to the "Options" tab, click "Encrypt," and choose "Encrypt with Microsoft 365 Message Encryption." Then, click "Send" to send the encrypted email.
How to encrypt attachments in Outlook?
All Outlook users with the Office 365 Enterprise E3 license can quickly encrypt attachments using Microsoft 365 Message Encryption just by clicking the Encrypt option in the Options tab.
How do I send a secure email in Outlook mobile app?
Here's how to send a secure email in Outlook using the mobile app: Navigate to the "Compose" window, tap the three-dot menu, and select "Encrypt." Then, send your email as usual.