Think your Outlook emails are secure? Think again. Default settings provide basic security, but don’t offer adequate protection for sensitive information.
To encrypt an email in Outlook, you have several options:
- For basic protection: use TLS encryption (enabled by default)
- For stronger security: enable S/MIME encryption via Settings > Mail > S/MIME
- For Microsoft 365 users: use OME by clicking Options > Encrypt when composing emails
- For complete protection: integrate a third-party solution like Zivver with your Outlook
Find out which type of Outlook email encryption you need and how to keep your most sensitive information safe.
How does Outlook email encryption work?
When you send an unencrypted email, it travels across multiple servers in plaintext – readable to anyone with access to those servers. When you send an encrypted email, the content is scrambled during transmission, becoming readable only when the recipient uses the correct "key" that converts it back to plain text.
Types of email encryption in Outlook
Outlook email encryption falls into two main categories:
- Native options built into Microsoft's ecosystem
- Enhanced solutions that fill critical security gaps
While Microsoft's built-in encryption provides rudimentary protection, organizations with compliance requirements or sensitive data need robust safeguards that incorporate business email encryption capabilities.
- Native Outlook email encryption options:
- Transport Layer Security (TLS)
- S/MIME (Secure/Multipurpose Internet Mail Extensions)
- Microsoft 365 Message Encryption (OME) - Enhanced Outlook email encryption solutions
- Third-party integrations that provide superior security, such as zero-knowledge encryption
A closer look at Outlook email encryption
Transport Layer Security (TLS)
TLS is the most basic form of Outlook email encryption. It encrypts the connection between email servers, not the email itself. It's similar to how websites use HTTPS to secure your browsing.
How to use it: TLS is enabled by default in Outlook, so requires no additional action from users.
Benefits:
- Works in the background
- No learning curve for employees
- No impact on the recipient's experience
Limitations:
- Vulnerable to man-in-the-middle attacks
- No protection once the email reaches its destination
- No verification that emails reach the intended server
S/MIME Encryption
S/MIME provides stronger protection than TLS. It uses digital certificates to verify sender identity and encrypt message content.
How to use it:
- Get your digital certificate (from IT or a certificate authority)
- Install it on your computer
- Configure S/MIME in Outlook:
- Select Settings > Mail > S/MIME
- Select Encrypt contents and attachment for all messages I send
- Select Add a digital signature to all messages I send
- Select Automatically choose the best certificate for digital signing (if available) - Once configured, your encryption will work behind the scenes to protect your correspondence
Note: New Outlook doesn't automatically import digital certificates. You must install the certificate manually or ask your administrator.
Benefits
- End-to-end encryption of message content
- Digital signature verification
- Better protection than TLS alone
Limitations
- Both the sender and recipient must have S/MIME certificates installed
- Complex setup process
- No protection for forwarded emails
Office 365 Message Encryption
OME comes with Microsoft 365 subscriptions and offers a more user-friendly approach to Outlook email encryption.
How to use it:
- Ensure your admin has enabled OME for your organization
- Create a new email
- In Outlook desktop:
- Click Options > Encrypt > Encrypt-Only or Do Not Forward - In Outlook Web:
- Click Encrypt button at the top of the compose window
- Choose Encrypt-Only or Do Not Forward
Benefits:
- Works with recipients on any email platform
- No certificate management necessary
- Easy to use
Limitations:
- Requires Microsoft 365 subscription
- Microsoft holds encryption keys
- Limited to 25MB attachment size
Enhanced Outlook email encryption with Zivver
Zivver provides comprehensive encryption that addresses the limitations of native Outlook options. It integrates seamlessly with Outlook to providezero-knowledge encryption, prevent human error, and support compliance.
How to use it:
- Install the Zivver add-on for Outlook (typically deployed by IT)
- When composing an email containing sensitive information:
- The Zivver sidebar will appear in your Outlook window
- Toggle encryption on with a single click
- Optional: set additional security like two-factor authentication or message expiration - Send your email as normal
Features:
- Zero-knowledge encryption
- Multi-factor authentication for recipients
- Large file transfers (up to 5TB)
- Message recall capabilities
- Compliance with regulations like GDPR, HIPAA, NIS2, and DORA
Zivver vs. Outlook native encryption: key differences
When to use enhanced Outlook email encryption
While native Outlook encryption features may be sufficient for routine communications, you should deploy enhanced email encryption software in these scenarios:
- When handling data subject to regulations like GDPR or HIPAA
- For financial or legal communications containing confidential information
- When sharing large sensitive files that exceed Outlook's 25MB limit
- For industries with specific compliance requirements, such as healthcare, finance, legal, government etc.
- When communicating with external parties who may not have compatible encryption systems
Do you need enhanced email encryption?
FAQ: Outlook email encryption
Is Outlook email secure without encryption?
No. Standard emails can be intercepted and read by unauthorized parties.
Does Outlook encrypt emails by default?
Outlook uses TLS when available, but this only secures the connection, not the content. Full encryption requires additional steps.
Can I encrypt attachments in Outlook?
Yes, encrypting an email also encrypts its attachments. However, size limitations apply.
Can I recall an encrypted email in Outlook?
Yes, but you can only do so in Outlook on the web and Outlook for Windows.
Do recipients need special software to read my encrypted emails?
It depends. With S/MIME, recipients need compatible certificates. With OME, external recipients use a web portal.
A smarter outlook on email security
Native Outlook encryption falls short where it matters most – leaving gaps in your email security that cybercriminals are all too ready to exploit.
For full protection, choose zero-knowledge business email encryption that has data loss prevention as a standard.