How to Encrypt Email in Outlook: Every Method (Step-by-Step 2025)

กรกฎาคม 01, 2026 • security

Encrypting email in Outlook protects your messages from being read by anyone other than the intended recipient — including hackers intercepting your connection, your email provider’s servers, and anyone who gains unauthorized access to the recipient’s inbox after delivery.

This guide covers every encryption method available in Outlook in 2025: Microsoft 365 Message Encryption, S/MIME certificates, and the built-in Encrypt button — with step-by-step instructions for each.

Why You Should Encrypt Emails in Outlook

Standard email travels across the internet as readable text. Anyone with access to the servers it passes through can read it. Encryption converts your message into unreadable ciphertext that only the recipient’s key can unlock.

You should encrypt Outlook emails when sending:

  • Passwords, login credentials, or security codes
  • Financial information — account numbers, tax documents, invoices
  • Legal documents, contracts, or NDAs
  • Personal identifying information — Social Security numbers, ID scans
  • Medical records or health information (required by HIPAA)
  • Confidential business communications

Method 1: Encrypt a Single Email in Outlook (Microsoft 365)

This is the fastest method if you use Outlook with a Microsoft 365 business or personal subscription.

  1. Open Outlook and click New Email to compose a message.
  2. In the compose window, click the Options tab in the ribbon.
  3. คลิก Encrypt.
  4. Choose your encryption level:
    • Encrypt-Only — encrypts the message. The recipient can forward, copy, or print it.
    • Do Not Forward — encrypts the message and prevents recipients from forwarding, copying, or printing it.
  5. Compose your message and click Send.

The recipient will see a banner indicating the message is encrypted. If they use Outlook with a Microsoft account, they can read it directly. Gmail, Yahoo, and other email users receive a link to read the message in a secure browser window after verifying their identity with a one-time code.

Method 2: Set All Emails to Encrypt by Default in Outlook

If you regularly send sensitive information, setting encryption as the default for all outgoing mail removes the risk of accidentally sending something unencrypted.

  1. Open Outlook and go to File → Options → Trust Center → Trust Center Settings.
  2. คลิก Email Security in the left panel.
  3. Under Encrypted Email, check Encrypt contents and attachments for outgoing messages.
  4. คลิก ตกลง twice to save.

Note: This requires an S/MIME certificate (see Method 3) or a Microsoft 365 encryption policy configured by your organization. If you don’t have either, the checkbox will be grayed out.

Method 3: Encrypt Outlook Email with S/MIME (Most Secure)

S/MIME (Secure/Multipurpose Internet Mail Extensions) is the industry standard for email encryption. It uses digital certificates to encrypt messages and digitally sign them — proving the email came from you and was not tampered with in transit.

Step 1: Get an S/MIME Certificate

You need a personal email certificate from a Certificate Authority (CA). Options include:

  • Sectigo (formerly Comodo) — offers free personal email certificates for 90 days, then paid plans starting at ~$15/year.
  • DigiCert — business-grade certificates.
  • Your organization’s IT department — many enterprises issue S/MIME certificates to employees automatically through Active Directory.

Step 2: Install the Certificate in Windows

  1. Download the certificate file (.p12 or .pfx) from your CA.
  2. Double-click the file to launch the Certificate Import Wizard.
  3. เลือก Current User as the store location and follow the prompts.
  4. Enter the password provided by the CA when prompted.
  5. เลือก Automatically select the certificate store and click Finish.

Step 3: Configure Outlook to Use Your Certificate

  1. Open Outlook → File → Options → Trust Center → Trust Center Settings.
  2. คลิก Email Security.
  3. Under Digital IDs (Certificates), click การตั้งค่า.
  4. คลิก เลือก next to Signing Certificate and select your certificate.
  5. คลิก เลือก next to Encryption Certificate and select the same certificate.
  6. Set Hash Algorithm to SHA-256 and Encryption Algorithm to AES-256.
  7. คลิก ตกลง to save.

Step 4: Send an Encrypted Email with S/MIME

  1. Compose a new email.
  2. คลิก Options → Encrypt → Encrypt with S/MIME.
  3. To also digitally sign the message, click Options → Sign.
  4. Send the email.

Important limitation: S/MIME encryption requires the recipient to also have an S/MIME certificate and to have shared their public key with you. Both parties must exchange signed emails first before encrypted communication can begin.

Method 4: Encrypt Email in Outlook on the Web (OWA)

If you access Outlook through a browser at outlook.com or your organization’s portal:

  1. คลิก New message.
  2. Click the three-dot menu (···) at the top of the compose window.
  3. เลือก Message options.
  4. Toggle on Encrypt this message (S/MIME) if available, or select the sensitivity label your organization has configured.
  5. Compose and send your message.

Method 5: Encrypt Email in Outlook Mobile (iOS and Android)

  1. Open the Outlook app on your phone.
  2. Tap the Compose button.
  3. Tap the three-dot menu (···) in the top right corner.
  4. เลือก Sensitivity หรือ Encrypt depending on your account type.
  5. Choose your encryption option and send.

Mobile S/MIME requires installing your certificate on your device. On iOS: go to Settings → Mail → Accounts → your account → Advanced → S/MIME. On Android, certificate management depends on your device manufacturer’s settings.

Encrypt vs. Digitally Sign: What’s the Difference?

คุณสมบัติการเข้ารหัสDigital Signature
สิ่งที่มันทำHides content from anyone except the recipientProves the email came from you and wasn’t altered
Protects againstInterception, unauthorized accessSpoofing, tampering
Requires recipient’s key?Yes (S/MIME) or uses Microsoft’s system (M365)No — anyone can verify your signature
Visible to recipientLock icon on messageCertificate/signature badge

For maximum security, use both: digitally sign to verify your identity and encrypt to protect the content.

Troubleshooting Common Outlook Encryption Issues

“The Encrypt Button is Grayed Out”

This usually means your account doesn’t have an active Microsoft 365 subscription that includes Message Encryption, or your organization’s admin hasn’t enabled the feature. Contact your IT department or upgrade your subscription.

“Recipient Can’t Open the Encrypted Email”

For Microsoft 365 encryption, non-Microsoft recipients should receive a link to open the message in a browser. If they’re not receiving it, check your organization’s email gateway settings — some filter out the delivery mechanism. For S/MIME, the recipient needs to have your public key and their own certificate installed.

“Certificate Has Expired”

S/MIME certificates have expiration dates, typically 1–3 years. Renew through your CA. Emails encrypted with an expired certificate may still be readable if the private key is retained.

คำถามที่พบบ่อย

Does encrypting email in Outlook protect attachments too?

Yes. Both Microsoft 365 Message Encryption and S/MIME encrypt the full email including all attachments. The recipient receives the attachments as part of the encrypted message and can open them after decryption.

Can Gmail users receive encrypted emails from Outlook?

Yes, with Microsoft 365 encryption. Gmail recipients receive an email with a link to read the message in a secure browser window. They verify their identity with a one-time code sent to their Gmail address. With S/MIME, both parties need compatible certificates.

Is Outlook encryption end-to-end?

S/MIME is true end-to-end encryption — only the recipient’s private key can decrypt the message, not even Microsoft’s servers. Microsoft 365 Message Encryption is managed by Microsoft and is not fully end-to-end in the same way; Microsoft holds encryption keys. For the highest security, use S/MIME.

How do I know if an email I received in Outlook is encrypted?

Encrypted emails show a lock icon in the message list and at the top of the open message. Digitally signed emails show a certificate/ribbon icon. You can click the icon to view certificate details.

Is email encryption required by law?

For certain industries, yes. HIPAA requires encryption of Protected Health Information (PHI) sent over email. GDPR and various state privacy laws (CCPA, CMPA) require reasonable security measures for personal data, which courts and regulators increasingly interpret to include encryption. Financial institutions subject to Gramm-Leach-Bliley are also expected to encrypt customer financial data in transit.

security, Cybersecurity Author at Security Briefing

ความปลอดภัย

แอดมินเป็นนักเขียนอาวุโสของ Government Technology ก่อนหน้านี้เธอเคยเขียนบทความให้กับ PYMNTS และ The Bay State Banner และสำเร็จการศึกษาระดับปริญญาตรีสาขาการเขียนสร้างสรรค์จากมหาวิทยาลัยคาร์เนกีเมลลอน เธออาศัยอยู่ชานเมืองบอสตัน

  1. วิธีใช้กระเป๋าเงินคริปโตที่ปลอดภัย
  2. GTA Group เผยแพร่ผลการวิจัยเกี่ยวกับมัลแวร์ Hermit
  3. ความเป็นส่วนตัวและความปลอดภัยเป็นลักษณะสำคัญของ Blockchain: ตอนที่ 1
  4. ความปลอดภัยของ WordPress: เคล็ดลับดีๆ เพื่อปกป้องเว็บไซต์ของคุณ
  5. วิธีปกป้องโครงสร้างพื้นฐานที่สำคัญจากการโจมตีห่วงโซ่อุปทานในระหว่างการทำงาน
  6. เหตุผลในการซื้อขาย Crypto กับโบรกเกอร์ออนไลน์
  7. บทบาทของเทคโนโลยี KYC ในการสร้างความไว้วางใจและความปลอดภัยบนแพลตฟอร์มดิจิทัล
  8. อะไรทำให้การชำระเงินด้วยสกุลเงินดิจิทัลปลอดภัยมาก 
  9. สัญญาณบ่งชี้ที่เป็นไปได้ของมัลแวร์คืออะไร การระบุตัวบ่งชี้ทั่วไป สัญญาณบ่งชี้ที่เป็นไปได้ของมัลแวร์คืออะไร
  10. วิธีสังเกตการหลอกลวงคริปโตก่อนที่มันจะทำให้กระเป๋าเงินของคุณหมดตัว
  11. ผู้ดูแลข้อมูลคืออะไร และเหตุใดจึงสำคัญ
  12. แนวทางการใช้กระเป๋าเงินอย่างปลอดภัยสำหรับการลงทุนโทเค็นใหม่: การปกป้องสินทรัพย์ดิจิทัลของคุณ
thThai