When you need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it's converted from readable plain text into scrambled cipher text. Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key, however, sees indecipherable text.
To send a message with encryption, choose instructions based on the version of Outlook you're using. What version of Outlook do I have?
If you've received a message that's encrypted, learn how to View and reply to encrypted messages in Outlook.
Encrypt a message with Microsoft 365 Message Encryption in new Outlook
New Outlook supports Microsoft 365 Message Encryption as long as your email server has an Office 365 Enterprise E3 license. S/MIME encryption will be supported starting in Fall 2024.
-
In an email message, choose Options, and then select Encrypt.
-
Pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward.
-
Finish composing your email and then choose Send.
Your encryption options in classic Outlook depend on what kind of email account you have.
Classic Outlook with a Microsoft 365 qualifying subscription supports Microsoft 365 Message Encryption (Information Rights Management). To use Microsoft 365 Message Encryption, you must have Microsoft 365 Message Encryption, which is included in the Office 365 Enterprise E3 license.
Important: IRM protection should not be applied to a message that is already signed or encrypted using S/MIME. To apply IRM protection, S/MIME signature and encryption must be removed from the message. The same applies for IRM-protected messages; you should not sign or encrypt them using S/MIME.
If you're not using classic Outlook with a Microsoft 365 qualifying subscription, you can use S/MIME encryption. To use S/MIME encryption, the sender and recipient must have a mail application that supports the S/MIME standard. Outlook supports the S/MIME standard.
First, add a certificate to encrypt with S/MIME in classic Outlook
Before you start this procedure and encrypt emails, you must first Get a digital ID, otherwise known as a digital certificate, and add it to the keychain on your computer.
Configure your S/MIME certificate in classic Outlook
Once you have your S/MIME certificate set up on your computer, you can configure it in Outlook:
-
In Outlook, select File > Options > Trust Center > Trust Center Settings.
-
In the left pane, select Email Security.
-
Under Encrypted email, choose Settings.
-
Under Certificates and Algorithms, select Choose and then select the S/MIME certificate.
-
Select OK.
Encrypt a single message using S/MIME in classic Outlook
-
In an email message, select Options > Encrypt.
-
Choose the encryption option that has the restrictions you'd like to enforce, such as Do Not Forward.
-
Finish composing your email and then select Send.
Encrypt all outgoing messages using S/MIME in classic Outlook
When you choose to encrypt all outgoing messages by default, you can write and send messages the same as with any other messages, but all potential recipients must have your digital ID to decode or view your messages.
-
In Outlook, choose File > Options > Trust Center > Trust Center Settings.
-
On the Email Security tab, under Encrypted email, select the Encrypt contents and attachments for outgoing messages check box.
-
To change additional settings, such as choosing a specific certificate to use, select Settings.
-
Once you're done selecting your settings, select OK to save your changes.
See also
View and reply to encrypted messages in Outlook
Secure messages by using a digital signature
Find digital ID or digital ID services
Send a digitally signed or encrypted message for Mac
Advanced Outlook.com security for Microsoft 365 subscribers