Secure Your Communication: How to Send Encrypted Emails in Outlook and Office ‍365

A lock and the Outlook logo for the blog how to encrypt emails in outlook

Want to learn how to encrypt emails in Outlook? We all know that sending emails is such a simple part of everyday work that you may not give it a second thought. However, like any data transmitted across the internet, emails are vulnerable to interception.

Companies that handle sensitive information or are required to meet regulatory requirements can keep emails secure by encrypting them, ensuring they’re only read by the intended recipients.

The difference between encrypted and unencrypted email

The contents of an unencrypted email are sent in plain text, meaning anyone who intercepts the message can read its contents. This lack of security leaves your sensitive information vulnerable to hackers and other prying eyes. 

Encrypted email uses advanced encryption algorithms to scramble the content of your message. Only the intended recipients with the correct decryption key can decipher and read the encrypted email. Even if your encrypted email gets intercepted, the hacker won’t be able to read what’s in it. 

Why you should send encrypted emails

Encrypting your email ensures that your communication remains confidential and protected. There are several compelling reasons why you should send encrypted emails. 

Ensure privacy

Whether you’re sending personal data, financial information, or confidential business documents, email encryption adds an extra layer of security and protects sensitive information, making it extremely difficult for hackers to intercept and decipher your messages. 

Meet compliance requirements

Email encryption helps you comply with privacy regulations and industry standards in industries with strict compliance requirements for protecting sensitive data, such as healthcare and finance. 

Authenticate communication

When combined with digital signing, encryption assures the email recipient that the email actually came from you, not someone pretending to be you. As spam and spoofed emails proliferate, sending customers encrypted and digitally signed emails authenticates your identity and shows that you take data privacy seriously. 

How to set up email encryption in Office 365

Office 365 has three built-in email encryption options: 

1. Microsoft Purview Message Encryption

Microsoft Purview Message Encryption is an online service that lets you send encrypted emails to recipients inside your organization and to external recipients using any email address, including Outlook, Gmail, and iCloud. It doesn’t require any special client-side software and is simple for administrators and users. 

To set up Microsoft Purview Message Encryption, ensure that Azure Rights Management (Azure RMS) is activated, which will automatically activate message encryption in Office 365.

Subscriptions obtained after February 2018 have Azure RMS activated automatically unless your organization’s administrator manually deactivated it.

Note that if you use Active Directory Right Management service (AD RMS) with Exchange Online, you need to migrate to Azure RMS to use message encryption because Microsoft Purview Message Encryption isn’t compatible.

2. Secure/Multipurpose Internet Mail Extensions (S/MIME)

This certificate-based email encryption for Office 365 lets you encrypt and digitally sign messages, validating the identity of the sender while ensuring that only the intended recipient can open and read the message.

S/MIME requires the sender to have public keys for each recipient, while recipients maintain their own private keys. S/MIME is recommended when peer-to-peer encryption is needed, such as when government agencies communicate with each other.

To enable S/MIME-based security for the mailboxes in your organization, follow these steps.

  1. Set up and publish S/MIME certificates for each user. Start by installing a Windows-based Certification Authority (CA) or a third-party CA and set up a public key infrastructure to issue S/MIME certificates. Then publish the user’s certificate in their on-premises Active Directory account in the UserSMIMECertificate and/or UserCertificate attributes.
  2. Set up a virtual certificate collection in Exchange Online. First, export the root and intermediate certificates from a trusted machine to a serialized certificate store (SST) in PowerShell. Then use PowerShell to import the certificates into Exchange Online.
  3. Sync user certificates for S/MIME into Office 365 by issuing certificates and publishing them in your local Active Directory. Once published, sync on-premise user data to Office 365. 
  4. If using Outlook on the web, configure policies to install the S/MIME extensions in web browsers. 
  5. Configure email clients to use S/MIME by distributing certificates to the user’s device and enabling and configuring S/MIME in the client’s settings.

For complete end-to-end instructions and detailed syntax, see S/MIME on the Microsoft Learn site.

3. Information Rights Management (IRM)

IRM encryption applies usage restrictions to email messages, preventing sensitive information from being printed, forwarded or copied by unauthorized people.

IRM is recommended for sensitive messages, such as companies sending proprietary information that they don’t want to be forwarded outside their organization. 

To use IRM in Office 365 applications, Azure RMS must be activated. Subscriptions obtained after February 2018 will have Azure RMS activated automatically.

How to use Outlook to send encrypted email

After you’ve enabled email encryption in Office 365, it’s a relatively seamless process to use Outlook to send encrypted emails. You can send a single encrypted email in Outlook by following these steps:

  1. Open Outlook and click on the “New Email” button to compose a new message.
  2. In the email composition window, click on the “Options” tab.
  3. Select the “Encrypt” button.
  4. Choose the encryption options that you want to apply to your email, such as “Encrypt-Only” or “Do Not Forward.”
  5. Compose your email as usual and click on the “Send” button.

To encrypt all outgoing messages by default, follow these steps in Outlook:

  1. Click on the “File” tab, choose “Options,” “Trust Center,” and “Trust Center Settings.”
  2. Select the “Email Security” tab, then “Encrypted email,” and check the box next to “Encrypt contents and attachments for outgoing messages.” 
  3. You can change additional settings or choose a specific certificate to use by clicking “Settings.”

This encrypts the message and any attachments, ensuring that only the intended recipient can decrypt and read the contents. Remember that the recipient must also have encryption capabilities enabled to receive and decrypt the encrypted email.

Best practices for sending encrypted emails

In addition to using Outlook to send encrypted email, you should also follow these best practices to maximize your data security:

  • Use strong and unique passwords for your email accounts and encryption keys.
  • Regularly update your software and encryption tools.
  • Verify the identity of the recipients before sending sensitive information.
  • Avoid sending sensitive information over unsecured networks or public Wi-Fi.
  • Double-check the recipients’ email addresses to ensure you don’t send encrypted emails to the wrong recipients.
  • Keep a backup of your encryption keys in a secure location.

Alternatives to email encryption in Office 365 and Outlook

Email encryption is an excellent way to secure your communication but there are other ways to send secure messages that don’t require security certificates. 

Secure messaging apps

Use a secure messaging app that provides end-to-end encryption to ensure that your messages are secure from start to finish. Industries like healthcare with specific compliance requirements should choose HIPAA-compliant apps like OhMD or Rocket Chat to meet their needs.

Virtual Private Network

Use a Virtual Private Network (VPN) to encrypt your internet connection, including your email traffic. VPNs create a secure tunnel between your device and the internet, preventing anyone from intercepting your emails. 

File-sharing services

Use secure file-sharing services that offer encryption and access controls. Services such as Dropbox or Google Drive allow you to share files securely with recipients.

Keeping message data secure

Encrypting emails in Outlook and Office 365 is essential to ensure the confidentiality and security of sensitive information. You can send encrypted emails for an added layer of protection against hackers and unauthorized access while meeting compliance requirements. Enabling encryption in Office 365 helps enhance the security of your communication and protect sensitive information effectively.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to simplify the hardest parts of IT?
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).