How to Encrypt Email in Outlook & Office 365 in 2024?

Email communication is integral to a business’ daily work, and it's hard to imagine a day without sending or receiving emails. However, digital communication has also increased the threat of data breaches. In fact, stats show that business emails are the second most difficult breach to identify and contain, taking an average of 308 days.

Outlook and Office 365 are two of the most popular email platforms in use today, and both offer robust email encryption features. This guide will lead you through the simple yet essential process of how to encrypt email in Outlook and Office 365.

Why Email Encryption is Crucial in Outlook and Office 365?

Businesses deal with highly sensitive data daily, whether it's financial data, client information, or internal communications. This data exchange often happens via email, making it a prime target for cybercriminals. An individual breach can lead to financial losses and damage a company's reputation and client relationships.

Outlook and Office 365 email encryption is a safeguard, ensuring that confidential information is accessible only to the intended recipient. It provides additional security beyond password protection, making it incredibly difficult for unauthorized users to access the email content. This is especially important in the era of remote work, where secure communication channels are vital for business continuity.

Licensing Requirements for Office 365 Message Encryption

Office 365 Message Encryption (OME) is not available in all Microsoft 365 subscriptions, so you'll need to ensure that your current plan includes this feature.

Microsoft 365 Business Premium, Microsoft 365 E3, and E5 are some of the subscription plans that come with OME included. These plans are intended for companies that require a high level of security, including advanced Office 365 email encryption. 

You won't have access to OME by default if you're on a different subscription, such as Microsoft 365 Business Basic or Microsoft 365 F3. In such cases, you may need to purchase an add-on license or consider upgrading your subscription to include OME.

Methods to Encrypt Emails in Outlook

There are multiple ways to encrypt Outlook email, each designed to meet different security needs. Let’s explore these in detail so you can choose the right one.

• Using the Outlook Desktop Client
• Using the Outlook Web Client
• Encryption Options Within Outlook

Using the Outlook Desktop Client

Encrypting emails using the Outlook desktop client is a straightforward process. Here's a step-by-step guide on how to encrypt email in Outlook.

• Compose a New Email: Open Outlook and click on "New Email" to compose a new message.
• Go to Options: In the message window, navigate to the "Options" tab.
• Click on Encrypt: Under the "Lock" icon, you'll find the "Encrypt" button. Click on it.

• Choose Encryption Type: A dropdown menu will appear with options like "Encrypt Only" and "Do Not Forward." Choose the one that suits your needs.
• Send the Email: Once you've selected the encryption type, compose your email and click "Send."

Using the Outlook Web Client

When using the Outlook web version, you can encrypt Outlook email using the below steps:

• Log In: Open your browser and log in to your Outlook account.
• Compose a New Email: Click on the "New Message" button.
• Click on the Lock Icon: You'll see a lock icon at the top of the message window. Click on it.
• Select Encryption Option: A panel will appear on the right side, offering encryption options like "Encrypt" and "Prevent Forwarding."

• Send the Email: After selecting the encryption type, compose your email and click "Send."

Encryption Options Within Outlook

 Outlook offers various encryption options to cater to different needs:

• Encrypt Only: This option encrypts the email but allows the recipient to forward it.
• Do Not Forward: This option encrypts the email and prevents the recipient from forwarding, copying, or printing it.

These options are part of the broader Microsoft Outlook encrypt email features.

Using the Outlook client for Mac

1. Compose a New Email
2. Access the message toolbar and select the “Encryption” option.

3. If the “Encryption” option is not readily available, navigate to the three dots to add items to your toolbar
4. Drag the “Encryption” button to your toolbar and then click “Done” to complete the process.

What encryption options are available?

As an Outlook.com user with a Microsoft 365 Family or Personal subscription, you'll notice a few things:

• Do Not Forward: Your message stays encrypted within Microsoft 365 and can’t be copied or forwarded. Microsoft Office attachments like Word, Excel, or PowerPoint files stay encrypted even after they’re downloaded. But, other attachments like PDFs or images can be downloaded without encryption.
• Encrypt: Your message stays encrypted and doesn’t leave Microsoft 365. Recipients with Outlook.com or Microsoft 365 accounts can download attachments without encryption from Outlook.com, the Outlook mobile app, or the Mail app in Windows 10. If you're utilizing a different email client or other email accounts, you can use a provisional passcode to download attachments from the Microsoft 365 Message Encryption portal.
• No permission set: Default setting. Uses Outlook.com's opportunistic Transport Layer Security (TLS) to encrypt the connection with a recipient’s e-mail provider.

Are attachments also encrypted?

All attachments are encrypted. Recipients can view attachments in the browser if they access the email via the Office Message Encryption portal.

Attachments act differently after they’re downloaded, depending on the encryption option:

• If you choose the Encrypt option, recipients with Outlook.com & Microsoft 365 accounts can download attachments without encryption. This is true for Outlook.com, the Outlook mobile app, new Outlook, or the Mail app in Windows 10. Other email accounts can use a provisional passcode to download attachments from the Microsoft 365 Message Encryption portal.
• If you choose the Do Not Forward option, there are two possibilities:some text
  • Microsoft Office attachments like Word, Excel, or PowerPoint files stay encrypted after download. This means the recipient can’t send the attachment to others without permission. They won’t be able to open it.
    But, if the recipient has an Outlook.com account, they can open encrypted Office attachments on Windows apps. If they have a Microsoft 365 account, they can open the file on any platform.
  • All other attachments, like PDFs or images, can be downloaded without encryption.

Encrypting Emails in Office 365

Office 365 integrates seamlessly with Outlook to offer additional encryption features. Here's how to allow Microsoft 365 email encryption:

• Log In to Office 365: Open your browser and log in to your Office 365 account.
• Navigate to Outlook: Click on the Outlook icon to access your emails.
• Compose a New Email: Click on "New Message."
• Go to Options: Navigate to the "Options" tab within the message.
• Select Permission: Choose the "Permission" option and select the type of encryption you want to use.

📝Note: Azure Rights Management is crucial to Microsoft 365 email encryption. It allows you to set up policies that automatically apply encryption based on certain conditions, such as the presence of sensitive data. This feature ensures that emails containing confidential information are always encrypted, reducing the risk of data breaches.

Advanced Features for Encryption in Office 365

Beyond the basic encryption methods, Office 365 offers a suite of advanced features for additional security and customization.

Customization and Branding

MS Office 365 allows you to customize the appearance and text of Office 365 encrypted email. This is particularly useful for businesses that want to maintain a consistent brand image, even in secure communications. You can customize various elements such as:

• Logo: Replace the default Office 365 logo with your company's logo.
• Background Color: Change the background color to align with your brand's color scheme.
• Disclaimer Text: Add a custom disclaimer text at the bottom of the email.

To customize these elements, you'll need to use PowerShell commands. The process involves

• Uploading your custom images and text to the Office 365 Security & Compliance Center.
• Applying them to your encrypted emails.

Mail Flow Rules for Automatic Encryption

Setting up mail flow rules for automatic encryption can significantly enhance your email security by ensuring that sensitive emails are always encrypted. You can create these rules using the Exchange Admin Center in Office 365. Here's how:

• Log In to the Exchange Admin Center: Open your browser and log in to your Office 365 account. Navigate to the Exchange Admin Center.

• Go to Mail Flow: On the left sidebar, click on "Mail Flow."
• Create a New Rule: Click on the "+" symbol and then select "Create a new rule."

• Set Conditions: Define the conditions under which the email should be encrypted. For example, you can set a rule to encrypt emails that contain the word "confidential."
• Apply Encryption: Under "Do the following," select "Modify the message properties" and then choose "Apply Office 365 Message Encryption."

Is there an automatic way to encrypt email in Office 365?

Yes, with Strac Email DLP - organizations can choose to encrypt ALL outgoing emails OR alert/block/redact sensitive emails when they are sent from the organization.

Why do you need Email Data Loss Prevention like Strac?

While Office 365 and Outlook provide robust encryption features, it does not offer email redaction. Strac Office365 Email DLP detects and redacts sensitive email body and attachments. Any kind of sensitive data like PII, PHI, PCI or Confidential data. Also, Strac has support of all kinds of attachments - pdf, jpeg, png, docx (Word docs), xlsx (spreadsheet), screenshots and more. Here is a glimpse of what one of our clients has to say about Strac Email DLP

‍

Instant Detection and Redaction of Sensitive Data

Strac detects and redacts sensitive information instantly in emails and attachments. This feature works cooperatively with Office 365 encrypted emails to ensure that even if an email is accidentally sent to the wrong recipient, the sensitive data within it remains secure.

Seamless Integration with Office 365 and Outlook

Strac integrates effortlessly with both Office 365 and Outlook, enhancing the native encryption features of these platforms. The integration process takes just a few minutes, allowing you to bolster your email security quickly without any technical hassles.