Read time 10 minutes

Nowadays, data breaches and data theft are more common than ever before, and businesses are primary targets for hackers to acquire valuable information. That’s why it has become necessary for organizations to encrypt their confidential information.

Since Outlook is a widely used email client for communication, encrypting any confidential MS Outlook emails is necessary. In this blog, we will cover different methods that can be beneficial for anyone looking to encrypt emails in Outlook.

In general, encrypting an email in Outlook means converting the readable plaintext (email message) to a scrambled ciphertext. It’s a straightforward task to decrypt the encrypted message as the recipient with the private key identical to the public key (that was earlier used to encrypt the plaintext) can decipher the message for further reading. Anyone without this private key can see indecipherable text only. MS Outlook supports the following two encryption options:

  • S/MIME Encryption: S/MIME is an abbreviation for Secure/Multipurpose Internet Mail Extensions and is based on asymmetric cryptography to protect your mails from unauthorized access. To encrypt emails in Outlook using this method, the sender and the receiver must have a mail application that supports the S/MIME standard. In addition to this, it allows the sender to digitally sign the email messages, which is highly effective in tackling various phishing attacks.
  • Office 365 Message Encryption: It is an online service built on Microsoft Azure Rights Management (Azure RMS). Using this method, you can now encrypt emails in Outlook through rights management templates, Do Not Forward option, and encrypt-only option. All Microsoft 365 users who use Outlook clients to send/receive mails receive a smooth reading experience for encrypted or rights-protected mails, even if the sender-receiver duo is from two different organizations.
    The supported Outlook clients include Outlook desktop, Outlook Mac, Outlook mobile on iOS and Android, and Outlook on the web. Suppose the receiver of the encrypted or rights-protected email uses a third-party email client such as, Gmail, or Yahoo. In that case, they will receive a wrapper mail that takes them to the OME portal, where they can easily authenticate using their account credentials.

Quick Methods to Encrypt Emails in Outlook?

With the latest Microsoft 365 update, the encryption in Outlook has been improved. For Office 365 subscribers, there is an ‘Encrypt’ button instead of the older Permission button. In this section, we will go through the S/MIME and Office 365 Message Encryption methods to encrypt emails in Outlook.

Encrypting with S/MIME

Before getting started, you must add a certificate to the keychain on your computer. Once you have set up the signing certificate, you’ll need to configure it in Outlook. To do so, follow the below steps:

  1. Go to the File menu and select Options > Trust Center > Trust Center Settings.Trust Center Settings
  2. This will open the Trust Center dialog box. Next, select Email Security from the left pane.
  3. Next, under the Encrypted email section, choose Settings.Email Security
  4. This will open the Email Security dialog box. Click on the Get Digital ID button to get a new certificate from a third-party if it was not purchased or installed on your PC by your IT admin. Consulting the IT admin should help you select the proper certificate.
  5. Get Digital ID

  6. If you have already purchased the certificate, select the Import/Export tab under the Digital IDs (certificates).export Digital IDs (certificates)
  7. This will open a new dialog box. Click the Browse button and search for the certificate (usually a .pfx file) you previously purchased, enter the associated password, and for the certificate
  8. Next, you will get a popup, as shown below. Keep the security level to Medium and click OK.set security level

The next step is to share the certificate with your recipients. Before sharing the certificate, you must send the recipients a digitally signed message to whom you will send encrypted emails. To do so, follow the steps outlined below:

  1. Compose a new email in OutlookCompose a new email
  2. Now, click on the Options tab in the new message and click on the More Options the Options
  3. In the Properties, tab click on the Security Settings tab.Security Settings
  4. In the Security, Properties dialog box, check the box Add digital signature to this message. One can also check which certificate is being used by clicking on the Change Settings button. Next, click OK and close the System Properties window.close System Properties

Next, Send the message to the email recipient(s). In the mail body, one can include the instructions so that the recipient(s) can add your certificate to your contact data in their address book and send you a digitally signed message so you can get the certificate as well.

Note that the Public key portion of your certificate is sent, so others can also encrypt what they need to send to you. Due to this, you can decrypt such emails with your Private key.

How to Send an Encrypted S/MIME Email?

One can now proceed to send an encrypted email to a recipient. You need their certificate (Public key) to perform this operation. So, if your contacts already have acquired their own encryption certificate and have sent you a digitally signed one from their Outlook client, then follow the below-mentioned steps:

  1. Open the digitally signed email from your contact (your contact must have sent you a digitally signed email using their email encryption certificate).
  2. Right-clicking on the sender’s name, click on Add to Outlook Contacts. If the contact is already in the contact list, you may Edit/update it instead of adding it again.Add to Outlook Contacts
  3. This will open up the contact card, click on the Certificates button in the top ribbon. This will show you the associated certificates; with the contact.connect certificates with the contact
  4. Congratulations! Now you are ready to send encrypted emails in Outlook to this contact.
    To send an encrypted mail, to follow the below steps:

    1. Compose a new mail and click on the Options tab.
    2. Click on the little icon (next to More Options) in the top ribbon.
    3. This will open up the Properties window. click Security Settings.
    4. In the Security properties dialog box, check the Encrypt message contents and attachments. Click OK to proceed.Encrypt message contents and attachments
    5. Compose your email and add any attachments. Since your contact/recipient has the Private key to decrypt this message.

Caution: The S/MIME encryption method is prone to Message Takeover Attack. This allows the attacker to add their own signatures Impersonating you. It is to note that the attacker can only decrypt the replies to the original mail but not the original email message.

Encrypting with Office 365 Message Encryption (OME)

This method allows users to send an encrypted email to any Outlook or a third-party email client. This method only works with your Office 365 subscription (Exchange online). The only downside of this method is that the receiver has to perform a few extra steps every time they receive an encrypted email message.

To encrypt, follow the steps outlined below:

  1. Compose a new email message and select Options > select Encrypt > and from the drop-down, apply the restrictions that you want to enforce.apply the restrictions

When you send encrypted emails in Outlook using OME, your recipient gets an email from you without the actual content but with a link to the email. Upon clicking this link, your receiver will be taken to a webpage where they must sign in with an Outlook work or school account or with a one-time passcode. The former option will only work for receivers with an active Office 365 subscription. If your receiver chooses the latter authentication option, it will take them to another webpage. A one-time password will be sent to their registered email account, which they must enter in the provided text box on this webpage.

Kernel for Outlook PST

Due to numerous reasons, your password-protected and encrypted emails in Outlook can get corrupted. In such troubling situations, Kernel for Outlook PST Repair tool could become your beacon of light as it can quickly repair heavily corrupted encrypted emails in Outlook and password-protected messages. You can also use it to accomplish various PST-related tasks, such as repairing PST files and recovering deleted messages and attachments. In addition, this tool can save the recovered PST to DBX, MBOX, MSG, EML, TXT, RTF, HTML, and MHTML formats. One can also import the recovered PST files to Office365, email servers, and Web mails.


In this article, we have extensively looked at the working of the two most common methods to encrypt emails in Outlook. In the S/MIME encryption method, we have discussed how to add the encryption certificate, which is required before sending the encrypted email to Outlook. Similarly, we have also discussed the working of the Office 365 Message Encryption method to secure Microsoft 365 data.

At last, we have also recommended an automated Kernel for Outlook PST Repair tool, which you can use if the encrypted emails in Outlook and their attachments get corrupted.

Kernel for Outlook PST Repair