Whether you are sending or receiving especially important or sensitive emails, you may want extra protection applied before, during, or after the email is sent. Depending on what kind of security is needed, someone sending an email from Outlook can encrypt the message, add a digital signature, apply a sensitivity label, or protect the way an email and its attachments are handled after it’s received.
Security options
The security options available to you depend on the type of account you’re using and whether or not that account has a Microsoft 365 subscription. For example, if you're using a personal Microsoft account with Microsoft 365 you won't have as many options as someone using a work or school account. This is because IT admins often set encryption policies for all users in their organization, and they need different security features to help maintain compliance. Typically, the more sensitive information is, the more security policies can and should be applied, so if you're using a work or school account, check with your organization on specific information handling questions.
The following table details what features are available based on your account and if you have a qualifying Microsoft 365 subscription.
| Work or school account (with Microsoft 365) | Microsoft account (with Microsoft 365) | Microsoft account (without Microsoft 365) | |
|---|---|---|---|
| Set up encryption | Yes | Yes | No |
| Send messages with a digital signature to verify sender | Yes | No | No |
| Protect messages with Information Rights Management (IRM) | Yes | No | No |
| Apply sensitivity labels to email messages | Yes | No | No |
| Open encrypted or protected messages sent from others | Yes | Yes | Yes |
Note
To use encryption, your account must have a qualifying Microsoft 365 subscription. Compare all Microsoft 365 Plans.
Let’s go over some different ways to protect emails in Outlook
- Use encryption to prevent unauthorized access to an email
- Send messages with a digital signature to verify sender identity
- Protect messages with Information Rights Management (IRM)
- Apply sensitivity labels to your emails in Outlook
- Open encrypted or protected emails sent from Outlook
Use encryption to prevent unauthorized access to an email
Encrypting an email message means it's converted from readable plain text into scrambled cipher text. Only the intended recipient can decipher the message for reading. Any recipient without the corresponding key sees indecipherable text.
Depending on your organization or account, Outlook may allow you to encrypt your message with S/MIME or Microsoft Purview Message Encryption. Any time your message includes a digital signature or an IRM protection, such as Do not forward or Do not print, it’s automatically encrypted.
For more information, see:
- Set up Outlook to use encryption and digital signatures
- Send encrypted emails in Outlook
- Learn about encrypted messages in Outlook.com
Note
To use encryption, your account must have a qualifying Microsoft 365 subscription.
Send messages with a digital signature (S/MIME) to verify sender identity
Use a digital signature when you want to send an authenticated message that tells the recipient that the message hasn’t been tampered with. Inserting a digital signature automatically encrypts the email before you send it. People get digital IDs from certification authorities that independently verify the sender’s identity.
When you receive a message containing a digital signature, you can trust that the sender is who they say they are. If you want to insert a digital signature into an email, you need to install a digital ID (certificate), which is verified by a third party.
For more information, see:
- Secure messages with a digital signature in Outlook
- Verify the digital signature on a signed email message
- Find digital ID or digital signature services
Note
To use encryption, your account must have a qualifying Microsoft 365 subscription.
Protect messages with Information Rights Management (IRM)
You can restrict permission to content in email messages in Outlook with Information Rights Management (IRM), just as you can restrict permission to other Microsoft 356 or Microsoft Office files.
For example, you send an email and its attached file with a label of “Do Not Forward.” This means your organization has an IRM policy that checks the license of the intended recipient so only they can open the file and they won’t be able to forward it. The email will be indecipherable to everyone else.
For more information, see:
Note
To use Information Rights Management, your account must have a qualifying Microsoft 365 subscription.
Apply sensitivity labels to your emails in Outlook
Sensitivity labels on your emails help recipients know your intentions when you send a message. You can apply sensitivity labels to your files and emails to keep them compliant with your organization's information protection policies. Your organization defines these labels and what they mean. They could include classifications such as general, non-business, public, private, or confidential. They’re only available to individuals with a work or school account and a qualifying Microsoft 365 subscription.
Keep in mind, sensitivity labels don't stop recipients from taking any actions on a message. To restrict the actions that recipients can take on the messages you send, we recommend applying encryption, or protect the message with IRM.
For more information, see:
Note
To use sensitivity labels, your account must have a qualifying Microsoft 365 subscription.
Open encrypted or protected emails sent from Outlook
When someone sends an email from Outlook that has encryption or additional protection, recipients should be able to open it from Outlook or another email client.
Messages that have the encrypt-only policy can be read directly in most versions of Outlook. If recipients are using another mail service, they’ll see a message with a link to view the message in the Microsoft Purview Message Encryption portal.
For more information, see:
Note
If you're an admin, see Set up new Microsoft 365 Message Encryption capabilities built on top of Azure Information Protection.