How to Encrypt Email in Outlook: Complete 2025 Guide

You can encrypt email in Outlook using S/MIME certificates, Office 365 Message Encryption, or by switching to a secure email service like ProtonMail or Fastmail. Outlook supports built-in encryption through S/MIME for desktop clients and Office 365 Message Encryption for Microsoft 365 subscribers. For maximum privacy, consider using a dedicated secure email provider that offers end-to-end encryption by default.

This guide covers three methods: S/MIME encryption for Outlook Desktop, Office 365 Message Encryption for Outlook 365, and secure email services as an alternative. Each method has different setup requirements and security levels.

Why Encrypt Email in Outlook

Email encryption protects your messages from being read by unauthorized parties. Standard email travels in plain text across the internet, meaning anyone intercepting the connection can read your messages. Encryption scrambles your email content so only the intended recipient can decrypt and read it.

Benefits of Email Encryption

Privacy Protection: Encrypted emails prevent ISPs, hackers, and government surveillance from reading your messages. Even if someone intercepts your email, they cannot decrypt it without the encryption key.

Compliance Requirements: Many industries require email encryption for sensitive data. Healthcare (HIPAA), finance (PCI-DSS), and legal communications often mandate encrypted email to protect client information.

Business Security: Encrypted email protects trade secrets, financial information, and confidential business communications from competitors and cybercriminals.

Personal Privacy: Encrypting personal emails protects sensitive information like passwords, financial details, and private conversations from being exposed in data breaches.

Outlook Encryption Limitations

Outlook’s built-in encryption has limitations:

• S/MIME requires certificates: Both sender and recipient need digital certificates installed
• Office 365 encryption: Requires Microsoft 365 subscription and recipient must have Microsoft account or view encrypted message in browser
• No end-to-end encryption by default: Microsoft can still access your emails on their servers
• Complex setup: S/MIME certificate installation and management can be technical

For maximum privacy, consider switching to a secure email service that offers end-to-end encryption by default. See our best secure email providers guide for recommendations.

Method 1: S/MIME Encryption in Outlook Desktop

S/MIME (Secure/Multipurpose Internet Mail Extensions) encrypts emails using digital certificates. Both you and your recipient need certificates installed for this to work.

Step 1: Obtain a Digital Certificate

You need a digital certificate from a Certificate Authority (CA). Options include:

Free Certificates:

• Comodo: Free S/MIME certificates (valid for 1 year)
• Actalis: Free personal email certificates
• StartSSL: Free email certificates (requires verification)

Paid Certificates (More trusted):

• DigiCert: $199/year (most trusted)
• GlobalSign: $149/year
• Sectigo: $99/year

For testing: Use a free certificate from Comodo or Actalis. For business use, consider a paid certificate from DigiCert or GlobalSign.

Step 2: Install the Certificate

1. Download your certificate from the Certificate Authority
2. Open Certificate Manager:
   • Windows: Press Win + R, type certmgr.msc, press Enter
   • Mac: Open Keychain Access (Applications > Utilities)
3. Import the certificate:
   • Windows: Right-click “Personal” > “All Tasks” > “Import” > Select your certificate file
   • Mac: Drag certificate file into Keychain Access
4. Verify installation: The certificate should appear in your certificate store

Step 3: Configure Outlook for S/MIME

1. Open Outlook and go to File > Options > Trust Center > Trust Center Settings
2. Click “Email Security” in the left sidebar
3. Check “Encrypt contents and attachments for outgoing messages”
4. Check “Add digital signature to outgoing messages” (optional but recommended)
5. Click “Settings” under “Digital IDs (Certificates)”
6. Select your certificate from the dropdown
7. Click “OK” to save settings

Step 4: Send Encrypted Email

1. Compose a new email in Outlook
2. Click “Options” tab in the ribbon
3. Click “Encrypt” button (or “Sign” for digital signature)
4. Enter recipient’s email address (they must have a certificate installed)
5. Send the email

Note: The recipient must have their own S/MIME certificate installed. If they don’t have one, Outlook will warn you that the email cannot be encrypted.

Troubleshooting S/MIME Issues

Problem: “Cannot encrypt message” error Solution:

• Verify your certificate is installed correctly
• Check that the recipient has a certificate
• Ensure certificate hasn’t expired

Problem: Recipient can’t decrypt email Solution:

• Recipient needs to install your public certificate
• Recipient must have their own certificate installed
• Check certificate expiration dates

Problem: Certificate not showing in Outlook Solution:

• Re-import certificate to certificate store
• Restart Outlook
• Check certificate is in “Personal” certificate store

Method 2: Office 365 Message Encryption

Office 365 Message Encryption (OME) encrypts emails sent through Microsoft 365. Recipients can view encrypted messages even if they don’t have Microsoft accounts.

Requirements

• Microsoft 365 subscription (Business Standard, E3, E5, or higher)
• Office 365 Message Encryption enabled (included in most plans)
• Outlook 365, Outlook Desktop, or Outlook Web

Step 1: Enable Office 365 Message Encryption

1. Sign in to Microsoft 365 admin center
2. Go to “Admin centers” > “Exchange”
3. Click “Mail flow” > “Rules”
4. Click ”+” to create new rule
5. Name the rule: “Encrypt all outgoing emails” (or specific conditions)
6. Set conditions: Choose when to encrypt (all emails, specific recipients, keywords)
7. Add action: “Modify the message security” > “Apply Office 365 Message Encryption”
8. Save the rule

Note: For individual emails, you can encrypt manually without creating a rule.

Step 2: Encrypt Individual Email in Outlook 365

1. Compose a new email in Outlook 365
2. Click “Options” tab in the ribbon
3. Click “Encrypt” button
4. Select encryption option:
   • Encrypt: Standard encryption
   • Do Not Forward: Prevents forwarding, copying, or printing
   • Confidential: Adds confidentiality notice
5. Send the email

Step 3: Encrypt Email in Outlook Web

1. Open Outlook Web (outlook.office.com)
2. Click “New message”
3. Click the lock icon in the toolbar (or three dots > “Encrypt”)
4. Choose encryption level:
   • Encrypt: Standard encryption
   • Do Not Forward: Prevents forwarding
5. Compose and send your email

Step 4: Recipient Views Encrypted Email

When recipients receive an encrypted email:

1. They receive an email with “View the message” button
2. Click the button to open encrypted message
3. Sign in options:
   • Microsoft account: Sign in with Microsoft account
   • One-time passcode: Receive code via email (if no Microsoft account)
4. View the encrypted message in browser

Note: Recipients don’t need Microsoft accounts to view encrypted messages. They can use a one-time passcode sent to their email.

Office 365 Encryption Limitations

• Requires Microsoft 365 subscription: Not available on free Outlook.com accounts
• Microsoft can access emails: Messages are encrypted but Microsoft holds the keys
• Browser-based viewing: Recipients view encrypted messages in browser, not in email client
• No end-to-end encryption: Microsoft can decrypt messages if required by law

For true end-to-end encryption where only you and the recipient can read messages, use a secure email service like ProtonMail. See our ProtonMail review for details.

Method 3: Use a Secure Email Service (Recommended)

The easiest way to encrypt email is using a secure email service that offers end-to-end encryption by default. These services encrypt emails automatically and don’t require certificate management.

Why Switch to Secure Email

End-to-End Encryption: Only you and the recipient can read emails. The service provider cannot decrypt messages.

Zero-Knowledge Architecture: The email service cannot access your encryption keys or read your messages, even if requested by law enforcement.

Easy Setup: No certificates or complex configuration. Encryption works automatically.

Better Privacy: Secure email providers are based in privacy-friendly jurisdictions and don’t scan emails for advertising.

Cross-Platform: Works on all devices with native apps and web interfaces.

Recommended Secure Email Services

ProtonMail (Best for Privacy)

Features:

• End-to-end encryption by default
• Zero-knowledge architecture (Swiss-based)
• Free tier available (1 GB storage)
• Paid plans from $4.99/month
• Mobile apps for iOS and Android
• Open-source encryption

Best For: Privacy-conscious users, journalists, activists, anyone needing maximum email security.

Get ProtonMail → Start with free plan, upgrade to Plus ($4.99/month) for custom domains and more storage.

See our complete ProtonMail review for detailed analysis.

Fastmail (Best for Features)

Features:

• Strong encryption and privacy
• Excellent search and organization
• Custom domains included
• Calendar and contacts sync
• Paid plans from $3/month
• Based in Australia (privacy-friendly)

Best For: Users who want Gmail-like features with better privacy, business users needing custom domains.

Get Fastmail → Plans start at $3/month with 2 GB storage, $5/month for 30 GB.

See our Fastmail vs ProtonMail comparison to choose between these services.

Tutanota (Best Free Option)

Features:

• End-to-end encryption
• Free tier with 1 GB storage
• Paid plans from €3/month
• German-based (strong privacy laws)
• Open-source

Best For: Users wanting free encrypted email with good privacy protection.

How Secure Email Services Work

1. Sign up for a secure email service (ProtonMail, Fastmail, etc.)
2. Create your account (takes 2 minutes)
3. Start sending encrypted emails automatically
4. Emails to other users of the same service are encrypted automatically
5. Emails to external recipients can be encrypted with password protection

No certificates needed: Encryption happens automatically in the background.

No technical setup: Sign up and start using encrypted email.

Works everywhere: Native apps for all platforms, plus web interface.

Migrating from Outlook to Secure Email

Step 1: Sign up for secure email service (ProtonMail recommended)

Step 2: Set up email forwarding from Outlook to new secure email

Step 3: Update contacts with your new secure email address

Step 4: Import emails from Outlook (if needed)

Step 5: Start using secure email for all new communications

Ready to switch? Get ProtonMail now → Free plan available, upgrade anytime for more features.

Comparison: Outlook Encryption vs Secure Email Services

Best Overall: Secure email services (ProtonMail, Fastmail) offer the best balance of security, ease of use, and privacy protection.

Security Best Practices

For Outlook Users

Use Strong Passwords: Protect your Outlook account with a strong, unique password. Enable two-factor authentication if available.

Keep Certificates Updated: S/MIME certificates expire. Renew certificates before expiration to maintain encryption.

Verify Recipients: Before sending encrypted emails, verify the recipient’s email address and certificate to prevent sending to wrong person.

Backup Certificates: Export and securely backup your S/MIME certificates. If you lose your certificate, you cannot decrypt old emails.

Use Office 365 Encryption: If you have Microsoft 365, enable Office 365 Message Encryption for automatic encryption of sensitive emails.

For Secure Email Users

Enable Two-Factor Authentication: Add an extra layer of security to your secure email account.

Use Strong Passwords: Create a unique, strong password for your secure email account. Consider using a password manager.

Verify Recipients: Double-check email addresses before sending sensitive information, even with encryption.

Use Password-Protected Emails: When sending encrypted emails to non-secure email users, use password protection and share the password through a different channel.

Regular Backups: Export important encrypted emails and store backups securely.

Frequently Asked Questions

Q: Can I encrypt emails in Outlook for free?

A: Yes, you can use S/MIME with free certificates from Comodo or Actalis. However, setup is complex and both sender and recipient need certificates. Office 365 Message Encryption requires a Microsoft 365 subscription ($6.99+/month). For easier free encryption, use ProtonMail’s free tier.

Q: Do recipients need special software to read encrypted Outlook emails?

A: For S/MIME: Recipients need their own S/MIME certificate installed in their email client. For Office 365: Recipients can view encrypted emails in a web browser, even without Microsoft accounts (using one-time passcode).

Q: Is Outlook encryption as secure as ProtonMail?

A: S/MIME encryption is secure, but Office 365 encryption is not end-to-end (Microsoft can decrypt). ProtonMail offers true end-to-end encryption where only you and the recipient can read emails. For maximum privacy, use a secure email service like ProtonMail.

Q: Can I encrypt emails sent to Gmail users?

A: Yes, but it’s complicated. Gmail users need S/MIME certificates installed, which most don’t have. Office 365 encrypted emails can be viewed by Gmail users in a browser. The easiest solution is using ProtonMail, which can send password-protected encrypted emails to any email address.

Q: What’s the easiest way to encrypt email?

A: Use a secure email service like ProtonMail or Fastmail. They encrypt emails automatically with no certificate management or complex setup. Sign up and start sending encrypted emails.

Q: Does Outlook encrypt emails by default?

A: No, Outlook does not encrypt emails by default. You must manually enable S/MIME encryption or use Office 365 Message Encryption. For automatic encryption, use a secure email service.

Q: Can I use both Outlook and secure email services?

A: Yes, you can use both. Many users keep Outlook for work emails and use ProtonMail or Fastmail for personal encrypted emails. Some secure email services support IMAP/SMTP, allowing you to use them with Outlook.

Q: Is email encryption legal?

A: Yes, email encryption is legal in most countries. Some countries restrict encryption, but it’s legal in the United States, European Union, and most Western countries. Check local laws if you’re in a restrictive country.

Conclusion

You can encrypt email in Outlook using S/MIME certificates or Office 365 Message Encryption, but both methods have limitations. S/MIME requires complex certificate management, and Office 365 encryption isn’t true end-to-end encryption.

For maximum privacy and ease of use, we recommend switching to a secure email service like ProtonMail or Fastmail. These services encrypt emails automatically with no certificate management, offer true end-to-end encryption, and are easier to use than Outlook’s built-in encryption.

Ready to encrypt your emails? Get ProtonMail now → Free plan available with 1 GB storage. Upgrade to Plus ($4.99/month) for custom domains and more features.

For more secure email options, see our best secure email providers guide comparing ProtonMail, Fastmail, Tutanota, and other encrypted email services.