Applies ToOutlook for Microsoft 365 Outlook 2024 Outlook 2021 Outlook 2019 Outlook 2016 New Outlook for Windows

When you need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it's converted from readable plain text into scrambled cipher text. Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key, however, sees indecipherable text.

There are two types of encryption options: S/MIME and  Microsoft 365 Message Encryption (Information Rights Management).

When you have a Microsoft 365 qualifying subscription, Outlook supports Microsoft 365 Message Encryption (Information Rights Management). To use Microsoft 365 Message Encryption, you must have Microsoft 365 Message Encryption, which is included in the Office 365 Enterprise E3 license.

You can also use S/MIME encryption (Secure/Multipurpose internet Mail Extensions), a widely accepted protocol for sending digitally signed and encrypted messages. To use S/MIME encryption, you and the recipient must have a mail application, such as Outlook, that supports the S/MIME standard. 

S/MIME in Exchange Online provides the following services for email messages: 

  • Encryption: Protects the content of email messages.

  • Digital signatures: Verifies the identity of the sender of an email message.

To send a message with encryption, choose instructions based on the version of Outlook you're using. What version of Outlook do I have?

New OutlookClassic Outlook

In new Outlook you can:

Encrypt a single message using S/MIME  |  Encrypt all messages using S/MIME  |  Encrypt a message with Microsoft 365 Message Encryption

Encrypt a single message using S/MIME in new Outlook​​​​​​​

Before you start this procedure and encrypt emails, you must first Get a digital ID, otherwise known as a digital certificate, and add it to the keychain on your computer.

Note:  New Outlook doesn't automatically import digital certificates. You must install the certificate manually or ask your administrator to configure policies to automatically install certificates.

  1. In an email message, from the ribbon, select Options > More Options.

  2. In Message options, you can choose the Sensitivity level as well as the read or delivery receipt and S/MIME protection options.Message options allows you to choose sensitivity levels, read or delivery receipts and S/MIME options. Choose one or both:Encrypt this message (S/MIME)Digitally sign this message (S/MIME)

  3. Select OK

  4. If you encrypt an outgoing message and new Outlook can’t verify that all recipients can decrypt the message, you’ll see a warning highlighting those recipients who might not be able to read the encrypted message. You can send the message anyway, remove those recipients, or retry to check again. ​​​​​​​

  5. Finish composing your email and then select Send.

Need help viewing an encrypted message? See View and reply to encrypted messages in Outlook.

Back to top

Encrypt all messages using S/MIME in new Outlook​​​​​​​

  1. Select Settings > Mail > S/MIME In S/MIME settings you can choose to Encrypt contents for all messages or add a digital signature to all messages

  2. Choose from: Encrypt contents and attachment for all messages I send: Automatically encrypts all outgoing messages.Add a digital signature to all messages I send : Digitally signs all outgoing messages. Automatically choose the best certificate for digital signing: Allows Outlook to select base certificate. If not checked, user will be prompted to select the right certificates.

  3. Select OK.

Back to top 

Encrypt a message with Microsoft 365 Message Encryption in new Outlook​​​​​​​

Note:  Microsoft 365 Message Encryption (IRM) protection should not be applied to a message that is already signed or encrypted using S/MIME. To apply IRM protection, S/MIME signature and encryption must be removed from the message. The same applies for IRM-protected messages; you should not sign or encrypt them using S/MIME.

New Outlook supports Microsoft 365 Message Encryption as long as your email server has an Office 365 Enterprise E3 license. If not, you can encrypt messages using S/MIME.

  1. In an email message, choose Options, and then select Encrypt.

  2. Pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward.In a new message, select Options > Encrypt > Encrypt.

  3. Finish composing your email and then choose Send.

Back to top

In classic Outlook you can:

Add a certificate to encrypt with S/MIME  |  Configure your S/MIME certificate  |  Encrypt a single message using S/MIME  |  Encrypt all messages using S/MIME

Add a certificate to encrypt with S/MIME in classic Outlook

Before you start this procedure and encrypt emails, you must first Get a digital ID, otherwise known as a digital certificate, and add it to the keychain on your computer.

Configure your S/MIME certificate in classic Outlook

Once you have your S/MIME certificate set up on your computer, you can configure it in Outlook:

  1. In Outlook, select FileOptions > Trust Center > Trust Center Settings.

  2. In the left pane, select Email Security.

  3. Under Encrypted email, choose Settings.

  4. Under Certificates and Algorithms, select Choose and then select the S/MIME certificate.

  5. Select OK.

Back to top 

Encrypt a single message using S/MIME in classic Outlook

  1. In an email message, select OptionsEncrypt

  2. Choose the encryption option that has the restrictions you'd like to enforce, such as Do Not Forward.

  3. Finish composing your email and then select Send.

Back to top 

Encrypt all outgoing messages using S/MIME in classic Outlook

When you choose to encrypt all outgoing messages by default, you can write and send messages the same as with any other messages, but all potential recipients must have your digital ID to decode or view your messages.

  1. In Outlook, choose FileOptionsTrust Center > Trust Center Settings.

  2. On the Email Security tab, under Encrypted email, select the Encrypt contents and attachments for outgoing messages check box.

  3. To change additional settings, such as choosing a specific certificate to use, select Settings.

  4. Once you're done selecting your settings, select OK to save your changes. 

Note:  Microsoft 365 Message Encryption (IRM) protection should not be applied to a message that is already signed or encrypted using S/MIME. To apply IRM protection, S/MIME signature and encryption must be removed from the message. The same applies for IRM-protected messages; you should not sign or encrypt them using S/MIME.

Back to top

 See also

View and reply to encrypted messages in Outlook

Secure messages by using a digital signature 

Get a digital ID

Find digital ID or digital ID services

Send a digitally signed or encrypted message for Mac

Advanced Outlook.com security for Microsoft 365 subscribers

Learn about encrypted messages in Outlook.com

Encrypt messages using S/MIME in Outlook on the web

Facebook LinkedIn Email

Need more help?

Want more options?

DiscoverCommunityContact Us

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Find solutions to common problems or get help from a support agent.

Online support