When you need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it's converted from readable plain text into scrambled cipher text. Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key sees indecipherable text.
Note
To use encryption, your account must have a qualifying Microsoft 365 subscription. Compare all Microsoft 365 Plans.
Choose which type of encryption to use
Depending on what type of encryption is available in your organization, you can choose between sending a message that's encrypted with S/MIME or with Microsoft Purview Message Encryption. It may be important to consider how the recipient will access your email.
S/MIME requires the recipient to unlock the message with a certificate on their computer. They might have to access the Keystore to obtain a certificate. If a certificate is available, the message will be decrypted when they open it.
Microsoft Purview Message Encryption can be read directly in new Outlook, Outlook on the web, Outlook for iOS and Android, Outlook for Windows versions 2019 and newer, and Microsoft 365. If your recipient is using another mail service, they'll see a message with instructions on how to open the message.
Ensure your message arrived unaltered
You can request an encrypted receipt for confirmation that an email message was received unaltered. It also includes information about who opened the message and when it was opened. This verification information is returned as a message in your Inbox. Because S/MIME receipt requests must include a digital signature, you must Set up Outlook to use encryption and digital signatures to request an S/MIME receipt.
To send a message with encryption, choose instructions based on the version of Outlook you're using. What version of Outlook do I have?
Note
Before you can send an encrypted email in Outlook, please Set up Outlook to use encryption and digital signatures.
In new Outlook you can:
Encrypt a single message and request receipts | Encrypt all messages using S/MIME | Encrypt a message with Microsoft Purview Message Encryption
Encrypt a single message and request receipts using S/MIME in new Outlook
You can add or remove digital encryption from an individual message that you're composing. Follow these instructions to access options to Request a read receipt, Request a delivery receipt, and Digitally sign this message.
Note
To send S/MIME encrypted emails to external recipients, user must install the recipient's certificate on the local machine.
In an email message, from the ribbon, select Options > More Options.
In Message options, you can choose the sensitivity level as well as the read or delivery receipt and S/MIME protection options. Choose from the following options. Note that if you request a receipt, you must also check the Digitally sign this message checkbox.
Request a read receipt
Request a delivery receipt
Encrypt this message (S/MIME)
Digitally sign this message (S/MIME)
Select OK.
If you encrypt an outgoing message and new Outlook can’t verify that all recipients can decrypt the message, you’ll see a warning highlighting those recipients who might not be able to read the encrypted message. You can send the message anyway, remove those recipients, or retry to check again.
Finish composing your email, and then select Send.
Need help viewing an encrypted message? See View and reply to encrypted messages in Outlook.
Encrypt all messages using S/MIME in new Outlook
Select Settings
> Mail > S/MIME.
Choose from:
Encrypt contents and attachment for all messages I send: Automatically encrypts all outgoing messages.
Add a digital signature to all messages I send : Digitally signs all outgoing messages.
Automatically choose the best certificate for digital signing: Allows Outlook to select a base certificate. If not checked, you'll be prompted to select the right certificate.Select OK.
Note
All outgoing messages includes new messages, replies, and forwards.
Encrypt a message with Microsoft Purview Message Encryption in new Outlook
Microsoft Purview Message Encryption with IRM protection should not be applied to a message that is already signed or encrypted using S/MIME. Instead, to apply IRM protection, S/MIME signature and encryption must be removed from the message (see above). The same applies for IRM-protected messages; you should not sign or encrypt them using S/MIME.
Note
New Outlook supports Microsoft 365 Message Encryption as long as your email server has an Office 365 Enterprise E3 license. If not, you can encrypt messages using S/MIME.
- In an email message, choose Options, and then select Encrypt.
- Pick the encryption that has the restrictions you want to enforce, such as Encrypt or Do Not Forward.
- Finish composing your email and then select Send.
See also
Set up Outlook to use S/MIME encryption
Open encrypted and protected messages
Send encrypted messages with a personal or family Microsoft 365 subscription
Secure messages with a digital ID in Outlook
Learn about securing and protecting email messages in Outlook
Mark your email as Normal, Personal, Private, or Confidential in Outlook