Microsoft 365: Encrypting Email Within Outlook Desktop

When you need to send or request information of sensitive nature via email, it is important that you enable encryption on your message. When you enable encryption on the message this will enforce additional security policies that will require all participants of the message chain to verify that they are who they say they are and that they are permitted to access the message chain along with any of its content.

This guide will show you how to Encrypt an email message within the Microsoft Outlook Desktop application. This process can also be done using the Microsoft Outlook Web application.

Before you begin:

Before sending encrypted messages, it is a good idea to inform your intended recipients that they should expect an encrypted message that will require additional authentication to access than a normal email.

How To:

Start by Creating a new message or replying to an existing message.
Click the Options Tab on the Ribbon of Outlook.

Note: If you are replying, you may need to click "Pop Out" to edit your reply in a dedicated window.
Under Options > Encrypt, select Encrypt Only or Do Not Forward

Encrypt-Only: This is the default option, but it allows messages to be forwarded to others and is not as secure as Do No Forward. This option is acceptable for most situations.

Do Not Forward: This option is more secure and disables the ability for participants to forward the message chain to another person. Use this to ensure confidentiality when the situation requires it.
Compose your message as you normally would for any other email.
Send the message to the intended recipients.

Warning: Encrypted email cannot be recalled. Verify recipients before clicking send.

Your recipients will receive the encrypted message and depending on their own email system will need to perform a verification process to confirm they are the intended recipient.

There are certain circumstances where a recipient is not able to open the encrypted email. In all cases this is caused by the recipient's environment. One example may be that they are forwarding email from one mailbox to another. Or, they are receiving an email message in a non-Microsoft 365 mailbox, but their web browser is logged into a Microsoft 365 account that is not associated with the mailbox where the message is received.

If the customer is not able to open the encrypted message, ask if there is an alternative email the encrypted email can be sent to. Utilizing Phone or eFax is an alternative that should be used when encrypted emailing is not working.