Are you ready for a cyber attack?
Back to Resources

Are Outlook emails encrypted on Microsoft 365?


Emily Keeling

Posted Jun 21, 2024

Email encryption has become a critical aspect of securing communication, especially for businesses and professionals who handle sensitive information. If you're using Outlook for your email needs, you might be wondering whether your emails are encrypted and how secure they are. Let's delve into the details of email encryption in Microsoft 365 and Outlook.


Understanding Email Encryption

Before we explore how Microsoft 365 and Outlook handle encryption, it's essential to understand what email encryption is. Email encryption involves encoding the content of emails to protect them from being read by anyone other than the intended recipients. This ensures that even if an email is intercepted during transmission, the information remains secure and confidential.


Encryption in Microsoft 365 and Outlook

Microsoft 365 (formerly known as Office 365) and Outlook provide robust encryption features to protect email communications. Here are the key encryption methods employed by Microsoft:

  1. Transport Layer Security (TLS)

TLS is a standard protocol that encrypts email while it is in transit from the sender's email server to the recipient's email server. Microsoft 365 uses TLS to secure the connection between email servers, ensuring that emails are protected from interception during transmission. This is a default feature, providing a baseline level of security for all emails sent through Outlook.

  1. Microsoft Purview Message Encryption (MPME)

For more advanced encryption needs, Microsoft offers Microsoft Purview Message Encryption (formerly known as Office 365 Message Encryption or OME). MPME allows users to send encrypted emails both inside and outside their organisation. With MPME, the email content and attachments are encrypted, and only authorised recipients can decrypt and read the message.

Key Features of MPME:

  • End-to-End Encryption: Ensures that email content is encrypted from the sender to the recipient.
  • User-Friendly: Recipients do not need to have Microsoft 365 to read encrypted emails. They can use a one-time passcode or sign in with a Microsoft or Google account to access the message.
  • Customisable Policies: Administrators can set up rules to automatically encrypt emails based on specific criteria, such as keywords or recipient domains.
  1. Information Rights Management (IRM)

IRM is another layer of protection available in Microsoft 365. It allows users to apply usage restrictions to emails and documents. With IRM, you can prevent recipients from forwarding, copying, or printing sensitive information. This feature ensures that even after an email is delivered, the content remains secure and under the sender's control.


How to Use Email Encryption in Microsoft 365/Outlook

Using email encryption in Microsoft 365 and Outlook is straightforward. Here are the steps to send an encrypted email:

  1. Via Outlook on the Web:
    • Compose a new email.
    • Click on the Encrypt button in the email toolbar.
    • Choose the level of encryption you want to apply (e.g., Encrypt Only, Do Not Forward).
  2. Via Outlook Desktop Application:
    • Compose a new email.
    • Click on Options in the menu.
    • Select Encrypt and choose the desired encryption option.

Benefits of Using Microsoft 365/Outlook Email Encryption

  • Enhanced Security: Protects sensitive information from unauthorised access.
  • Compliance: Helps meet regulatory requirements for data protection and privacy.
  • Trust: Builds trust with clients and partners by ensuring their information is secure.



Yes, Microsoft 365 and Outlook emails are encrypted, employing various encryption methods such as TLS, Microsoft Purview Message Encryption, and Information Rights Management. These features provide comprehensive protection for your email communications, ensuring that your data remains secure during transmission and beyond. By leveraging these encryption capabilities, you can enhance your organisation's security posture and safeguard sensitive information effectively.

For more detailed information and specific use cases, refer to Microsoft's official documentation and guidelines on email encryption.