how to encrypt an email in outlook
You encrypt an email in Outlook either with the built‑in “Encrypt” button (Microsoft 365 Message Encryption) or with S/MIME certificates, depending on what your organization supports.
Before you start (important checks)
- Make sure you’re signed in with a work or school Microsoft 365 account; some encryption options don’t show up on free accounts.
- Check with IT whether you should use “Encrypt-Only” , “Do Not Forward” , or S/MIME ; some companies enforce specific policies.
- If S/MIME is required, you’ll need a personal certificate installed in Outlook first (IT or your PKI provider usually sets this up).
Method 1: Use the Encrypt button (most common)
Windows desktop Outlook (classic / new)
- Open Outlook and click New Email to start a message.
- Go to the Options tab on the ribbon.
- Click Encrypt (or Options > Encrypt in some layouts).
- Choose one of the policies, for example:
- Encrypt-Only – encrypts the message and attachments but allows forwarding (if policy allows).
* **Do Not Forward** – encrypts and blocks recipients from forwarding/printing/copying.
- Write your email, add attachments, and click Send. The message will be encrypted in transit and at rest in the recipient’s mailbox.
Tip: Some organizations auto‑encrypt if you add a tag like [secure] in
the subject line, so ask your IT if that shortcut is enabled.
Method 2: Encrypt in Outlook on the web (OWA / Outlook.com)
- Go to Outlook on the web, click New mail.
- Depending on your layout:
- Click Encrypt near the top of the compose window, or
- Click Options and then choose Encrypt.
- Pick Encrypt or Encrypt and prevent forwarding (wording can vary).
- Compose your message and send.
Recipients using Outlook open it normally; external recipients may be asked to sign in or request a one‑time passcode via a secure viewing portal.
Method 3: Use S/MIME encryption
This is more advanced and usually used in regulated environments.
A. Set up S/MIME
- Get an S/MIME certificate (from your org or a public CA) and install it in your system/user certificate store.
- In classic Outlook:
- Go to File > Options > Trust Center > Trust Center Settings.
* Open **Email Security**.
* Under **Digital IDs (Certificates)** or **Encrypted email** , click **Settings** or **Choose** to select your certificate, name the security settings, and confirm.
B. Encrypt a single message with S/MIME
- Click New Email.
- Go to Options > More Options or Options > Encrypt (depending on build).
- Turn on Encrypt this message (S/MIME).
- Finish writing the email and click Send.
C. Encrypt all outgoing messages with S/MIME
- In classic Outlook: File > Options > Trust Center > Trust Center Settings > Email Security.
- Under Encrypted email , check Encrypt contents and attachments for outgoing messages.
- Confirm and click OK. Now every new email, reply, and forward will be encrypted by default.
Warning: If some recipients don’t have a valid certificate or encryption capability, Outlook will warn you that they might not be able to read the message.
Quick device‑by‑device cheat sheet
| Where | How to encrypt |
|---|---|
| Outlook on Windows | New Email → Options → Encrypt → choose Encrypt-Only or Do Not Forward. |
| Outlook on Mac | New Message → add the **Encryption** icon via Customize Toolbar if needed → click **Encryption** → choose Encrypt-Only. |
| Outlook on the web | New mail → Encrypt (or Options → Encrypt) → choose Encrypt / Encrypt & prevent forwarding. |
| Outlook with S/MIME | Set up certificate in Trust Center → Options → Encrypt (S/MIME) for individual emails, or enable "Encrypt contents and attachments for outgoing messages" for all emails. |
A realistic example
Imagine you need to send payroll data to HR:
- You open a new email in Outlook on Windows.
- Go to Options > Encrypt and choose Do Not Forward so HR can read it but not forward it on.
- Attach the spreadsheet and send. The message and attachment are encrypted in transit and at rest, and any reply from HR stays encrypted as well.
Extra tips & gotchas
- Test with a colleague first: Send an encrypted test email and make sure they can open it on all their devices.
- External recipients: If they’re on Gmail/Yahoo, they may get a link to a secure viewing portal where they authenticate before reading.
- Policy shortcuts: Ask IT whether subject‑line triggers like
[secure]or other keywords are configured to auto‑encrypt.
- Don’t rely only on encryption: Double‑check recipient addresses and remove unnecessary recipients when sending very sensitive data.
TL;DR: In most modern Outlook setups, the fastest way is: New Email → Options → Encrypt → Encrypt-Only/Do Not Forward → Send. If your organization uses S/MIME, you’ll need a certificate configured first, then you can turn on Encrypt this message (S/MIME) for individual emails or for all outgoing mail.
Information gathered from public forums or data available on the internet and portrayed here.