How to Encrypt Email in Outlook: Every Method (Step-by-Step 2025)
Tháng 7 01, 2026 • security
Encrypting email in Outlook protects your messages from being read by anyone other than the intended recipient — including hackers intercepting your connection, your email provider’s servers, and anyone who gains unauthorized access to the recipient’s inbox after delivery.
This guide covers every encryption method available in Outlook in 2025: Microsoft 365 Message Encryption, S/MIME certificates, and the built-in Encrypt button — with step-by-step instructions for each.
Why You Should Encrypt Emails in Outlook
Standard email travels across the internet as readable text. Anyone with access to the servers it passes through can read it. Encryption converts your message into unreadable ciphertext that only the recipient’s key can unlock.
You should encrypt Outlook emails when sending:
- Passwords, login credentials, or security codes
- Financial information — account numbers, tax documents, invoices
- Legal documents, contracts, or NDAs
- Personal identifying information — Social Security numbers, ID scans
- Medical records or health information (required by HIPAA)
- Confidential business communications
Method 1: Encrypt a Single Email in Outlook (Microsoft 365)
This is the fastest method if you use Outlook with a Microsoft 365 business or personal subscription.
- Open Outlook and click New Email to compose a message.
- In the compose window, click the Options tab in the ribbon.
- Nhấp chuột Encrypt.
- Choose your encryption level:
- Encrypt-Only — encrypts the message. The recipient can forward, copy, or print it.
- Do Not Forward — encrypts the message and prevents recipients from forwarding, copying, or printing it.
- Compose your message and click Send.
The recipient will see a banner indicating the message is encrypted. If they use Outlook with a Microsoft account, they can read it directly. Gmail, Yahoo, and other email users receive a link to read the message in a secure browser window after verifying their identity with a one-time code.
Method 2: Set All Emails to Encrypt by Default in Outlook
If you regularly send sensitive information, setting encryption as the default for all outgoing mail removes the risk of accidentally sending something unencrypted.
- Open Outlook and go to File → Options → Trust Center → Trust Center Settings.
- Nhấp chuột Email Security in the left panel.
- Under Encrypted Email, check Encrypt contents and attachments for outgoing messages.
- Nhấp chuột ĐƯỢC RỒI twice to save.
Note: This requires an S/MIME certificate (see Method 3) or a Microsoft 365 encryption policy configured by your organization. If you don’t have either, the checkbox will be grayed out.
Method 3: Encrypt Outlook Email with S/MIME (Most Secure)
S/MIME (Secure/Multipurpose Internet Mail Extensions) is the industry standard for email encryption. It uses digital certificates to encrypt messages and digitally sign them — proving the email came from you and was not tampered with in transit.
Step 1: Get an S/MIME Certificate
You need a personal email certificate from a Certificate Authority (CA). Options include:
- Sectigo (formerly Comodo) — offers free personal email certificates for 90 days, then paid plans starting at ~$15/year.
- DigiCert — business-grade certificates.
- Your organization’s IT department — many enterprises issue S/MIME certificates to employees automatically through Active Directory.
Step 2: Install the Certificate in Windows
- Download the certificate file (.p12 or .pfx) from your CA.
- Double-click the file to launch the Certificate Import Wizard.
- Lựa chọn Current User as the store location and follow the prompts.
- Enter the password provided by the CA when prompted.
- Lựa chọn Automatically select the certificate store and click Finish.
Step 3: Configure Outlook to Use Your Certificate
- Open Outlook → File → Options → Trust Center → Trust Center Settings.
- Nhấp chuột Email Security.
- Under Digital IDs (Certificates), click Cài đặt.
- Nhấp chuột Chọn next to Signing Certificate and select your certificate.
- Nhấp chuột Chọn next to Encryption Certificate and select the same certificate.
- Set Hash Algorithm to SHA-256 and Encryption Algorithm to AES-256.
- Nhấp chuột ĐƯỢC RỒI to save.
Step 4: Send an Encrypted Email with S/MIME
- Compose a new email.
- Nhấp chuột Options → Encrypt → Encrypt with S/MIME.
- To also digitally sign the message, click Options → Sign.
- Send the email.
Important limitation: S/MIME encryption requires the recipient to also have an S/MIME certificate and to have shared their public key with you. Both parties must exchange signed emails first before encrypted communication can begin.
Method 4: Encrypt Email in Outlook on the Web (OWA)
If you access Outlook through a browser at outlook.com or your organization’s portal:
- Nhấp chuột New message.
- Click the three-dot menu (···) at the top of the compose window.
- Lựa chọn Message options.
- Toggle on Encrypt this message (S/MIME) if available, or select the sensitivity label your organization has configured.
- Compose and send your message.
Method 5: Encrypt Email in Outlook Mobile (iOS and Android)
- Open the Outlook app on your phone.
- Tap the Compose button.
- Tap the three-dot menu (···) in the top right corner.
- Lựa chọn Sensitivity hoặc Encrypt depending on your account type.
- Choose your encryption option and send.
Mobile S/MIME requires installing your certificate on your device. On iOS: go to Settings → Mail → Accounts → your account → Advanced → S/MIME. On Android, certificate management depends on your device manufacturer’s settings.
Encrypt vs. Digitally Sign: What’s the Difference?
| Tính năng | Mã hóa | Digital Signature |
|---|---|---|
| Nó làm gì | Hides content from anyone except the recipient | Proves the email came from you and wasn’t altered |
| Protects against | Interception, unauthorized access | Spoofing, tampering |
| Requires recipient’s key? | Yes (S/MIME) or uses Microsoft’s system (M365) | No — anyone can verify your signature |
| Visible to recipient | Lock icon on message | Certificate/signature badge |
For maximum security, use both: digitally sign to verify your identity and encrypt to protect the content.
Troubleshooting Common Outlook Encryption Issues
“The Encrypt Button is Grayed Out”
This usually means your account doesn’t have an active Microsoft 365 subscription that includes Message Encryption, or your organization’s admin hasn’t enabled the feature. Contact your IT department or upgrade your subscription.
“Recipient Can’t Open the Encrypted Email”
For Microsoft 365 encryption, non-Microsoft recipients should receive a link to open the message in a browser. If they’re not receiving it, check your organization’s email gateway settings — some filter out the delivery mechanism. For S/MIME, the recipient needs to have your public key and their own certificate installed.
“Certificate Has Expired”
S/MIME certificates have expiration dates, typically 1–3 years. Renew through your CA. Emails encrypted with an expired certificate may still be readable if the private key is retained.
Câu Hỏi Thường Gặp
Does encrypting email in Outlook protect attachments too?
Yes. Both Microsoft 365 Message Encryption and S/MIME encrypt the full email including all attachments. The recipient receives the attachments as part of the encrypted message and can open them after decryption.
Can Gmail users receive encrypted emails from Outlook?
Yes, with Microsoft 365 encryption. Gmail recipients receive an email with a link to read the message in a secure browser window. They verify their identity with a one-time code sent to their Gmail address. With S/MIME, both parties need compatible certificates.
Is Outlook encryption end-to-end?
S/MIME is true end-to-end encryption — only the recipient’s private key can decrypt the message, not even Microsoft’s servers. Microsoft 365 Message Encryption is managed by Microsoft and is not fully end-to-end in the same way; Microsoft holds encryption keys. For the highest security, use S/MIME.
How do I know if an email I received in Outlook is encrypted?
Encrypted emails show a lock icon in the message list and at the top of the open message. Digitally signed emails show a certificate/ribbon icon. You can click the icon to view certificate details.
Is email encryption required by law?
For certain industries, yes. HIPAA requires encryption of Protected Health Information (PHI) sent over email. GDPR and various state privacy laws (CCPA, CMPA) require reasonable security measures for personal data, which courts and regulators increasingly interpret to include encryption. Financial institutions subject to Gramm-Leach-Bliley are also expected to encrypt customer financial data in transit.

bảo vệ
admin là một biên tập viên cấp cao của Government Technology. Trước đây cô đã viết cho PYMNTS và The Bay State Banner, và có bằng Cử nhân Nghệ thuật sáng tác của trường Carnegie Mellon. Cô sống ở ngoại ô Boston.