When sending important information over email, such as financial statements, health records, or legal documents, it’s critical to keep them safe from prying eyes. If you’re a user of Microsoft Outlook, then you’re in luck! The popular email client has several ways of beefing up the security of your messages, one of them being encryption.

To be clear, Outlook already encrypts the connection between the sender’s and recipient’s email providers by default. However, the default encryption may not protect the message once the mail reaches the recipient’s email provider. This is why Microsoft Outlook offers a dedicated encryption option. Not only does it secure the message, but it also keeps it within the Microsoft 365 network all the way until final delivery.

How email encryption works in Outlook

It's pretty straightforward

Encryption increases security when sending confidential or personal information. Encrypting an email scrambles the contents — both the text and its attachments — into ciphertext using a complicated algorithm. This way, even if the email gets intercepted in transit, it remains illegible.

By default, Outlook uses Transport Layer Security to encrypt the message in transit, but once the mail reaches the recipient's email provider, the encryption may expire.

Choosing the dedicated encryption option in Outlook protects the message from end to end, not only in transit. Additionally, emails encrypted by Outlook stay within the Microsoft 365 network to avoid the security risks of the recipient’s email provider.

Recipients with an Outlook account can view the email as normal without additional steps. But on other email providers, like Gmail or Yahoo, revealing the message requires the recipient to authenticate their identity, such as verifying their email account using a passcode.

Finding out the version of Outlook you’re using

Different Outlook versions have different instructions

The Outlook email client comes in three main flavors: the new and classic Outlook clients, which are installed and run on the desktop, and Outlook web, which is accessed through a web browser like a website. The process for encrypting an email differs between the three, so it’s important to know which version of Outlook you’re using.

The new Outlook client’s window looks like this. Its icon label is Outlook (new):

The classic Outlook client’s window looks like this. Its icon label is Outlook (classic):

Outlook web looks like new Outlook, but it’s accessed through a web browser, like Chrome or Edge. It looks like this:

How to send an encrypted email in Outlook

The email encryption option is available in the new Outlook, classic Outlook, and Outlook web. The process is fairly straightforward in the new Outlook desktop client and Outlook web. Classic Outlook, however, needs a bit of prep work.

In new Outlook

1. From the inbox, click on New Mail in the top left corner. This will launch a new composition window.
2. In the composition window, click on Options in the top navbar.
3. Click on the yellow lock icon to open the permissions dropdown menu.
4. Click on Encrypt from the dropdown menu.
5. Once complete, a message will indicate that the email will be encrypted.

In Outlook web

1. From the inbox, click on New Mail in the top left corner.
2. In the composition window, click on Options in the top navbar.
3. Click the yellow Encrypt lock icon below the navbar to open the permissions dropdown menu.
4. Click on Encrypt from the dropdown menu.
5. Once complete, a message will indicate that the email will be encrypted.

In classic Outlook

Unless you’re a Microsoft Office 365 Enterprise subscriber, you have to set up Secure/Multipurpose Internet Mail Extensions (S/MIME) encryption, which requires a valid digital ID.

Much like a keycard, a digital ID is proof of identity. It can be purchased from authorized certificate authorities, such as GlobalSign. To read the email, the recipient’s email provider must also support S/MIME. Gmail and Outlook support S/MIME natively, but Yahoo Mail does not and requires an additional plug-in.

Setting up S/MIME

1. In Outlook classic, click on File to open the file options and settings page.
2. Click on Options.
3. In the window that pops up, click on Trust Center, followed by Trust Center Settings, which will open a new panel.
4. In the left pane, click on Email Security and then Settings under Encrypted email.
5. Under Certificates and Algorithms, select Choose next to Signing Certificates and then select the S/MIME certificate.
6. Click on OK.

Encrypting the email

1. From the inbox, click on New Mail in the top left corner.
2. In the composition window, click on Options.
3. Click on the three dots and then Message Options from the dropdown menu.
4. In the popup Properties window, click on Security Settings.
5. Choose Encrypt message contents and attachments.
6. Click on Ok.

If Outlook detects a valid digital ID, it will encrypt the message before it’s sent.

Do a final check before sending

Before sending out your opus, proofread all information and preview the attachments. For extra-sensitive documents, consider protecting them with a password. Never send confidential information in plain text, and remember to use blind carbon copy (bcc) when sending out mass emails when appropriate. Also, when working on a public network, such as coffee shops or libraries, a decent virtual private network (VPN) is a must. Lastly, remember to sign out of your Outlook account if you're using a shared device, such as a workplace PC.