Learn how to encrypt an email in Outlook 2016, Microsoft 365, etc., below and make your email communication more secure!

Did you know that 94% of malware is delivered by email? That’s a scary stat. What’s scarier is not knowing how to protect your emails and your recipients. Lucky for you, there are a couple simple ways that offer better protection for your email communications.

If you’re a Microsoft Outlook user and wondering how to encrypt an email in Outlook, we’ve got you covered. Below, we take a look at how to encrypt an email in Outlook 2016 and 2010. We’ll go over what your email encryption options and what you need to encrypt your emails.

What Is Email Encryption?

Encryption is the process of scrambling readable text (known as plaintext) into what looks like unreadable data (known as ciphertext) using a cryptographic key. However, you can decrypt this unreadable message using a unique but related cryptographic key. Essentially, a public key is used to encrypt, and a private key is used to decrypt. There are many types of encryption, and it is used in a variety of formats.

In regard to encrypting an email, encryption is generally used to ensure that the email does not get intercepted while going from the sender to the recipient. As mentioned, the sender would encrypt using the public key and the recipient would decrypt with the private key. This ensures that only the recipient can read the contents of the email.

If you’ve heard the term end-to-end email encryption, this means that the email is encrypted while it is on your own email provider’s server, while it is in transit and once it lands in the recipient’s inbox. This means it can’t be tampered with at any point. End-to-end email encryption is a safe way to send emails with sensitive information, such as:

  • Something personal like your social security number.
  • Financial information such as your credit card number.
  • Intellectual property, such as the series finale script of your favorite show.
  • Something simple like your telephone number.
  • Sensitive client or employee personal data.

Why Email Encryption Matters

In addition to securing your email communications, email encryption is necessary to meet certain government data privacy laws and industry regulations. Most notably, email encryption is mandatory for emails containing HIPAA (Health Insurance Portability and Accountability Act) or FERPA (Family Educational Rights and Privacy Act) related information. It is also highly recommended for anyone handling sensitive data in general.

With email encryption, you can:

  • Protect your communications,
  • Secure your (and other’s) sensitive information,
  • Be complaint with industry regulations, or (at the very least)
  • Show customers that you care about protecting their information.

Want to know more about encryption? We got you covered with more resources:

Recommended Read: What is Asymmetric Encryption? Understand with Simple Examples

Recommended Read: Explained: Hashing vs. Encryption

What Is S/SMIME and What Is an S/MIME Certificate?

When looking at ways to encrypt your email, you have to talk about S/MIME. An email security protocol called secure/multipurpose internet mail extension; S/MIME certificates are used for end-to-end email encryption. Once you go through a validation process from a trusted CA, you’ll be issued a S/MIME certificate. Because it comes from trusted roots, these S/MIME certificates will tell email clients (such as Outlook) that you’re trustworthy, which means that your S/MIME certificate will be supported by such mail clients.

As mentioned, S/MIME certificates provide end-to-end encryption for your emails. They also allow the recipient of the email to verify the identity of the sender. This is done with the use of a digital signature. Only you can sign an email with your unique digital signature, allowing your recipient to verify it is you sending the email. This is not to be confused with an electronic signature, which is just a typed name.

With end-to-end encryption and the digital signature, your email will be protected from being tampered with at all times and your recipients will be able to verify your identity. To learn more about S/MIME, their validation levels and the features they come with, I recommend reading our recently published blog on the topic.

Recommended Read: What Is S/MIME? What It Is & Why You Need It

How to Encrypt an Email in Outlook

For those who want to know how to encrypt an email in Outlook 2019, 2016, 2010, and Microsoft 365, you’ve come to the right place. You have two encryption options in which Outlook supports (per Microsoft Support). They are:

How to Encrypt an Email in Outlook Option 1 – Use an S/MIME Certificate

One option when you’re trying to figure out how to encrypt an email in Outlook is with an S/MIME certificate. In order to use an S/MIME certificate, you need to purchase a certificate, generate a CSR, go through the validation process, export the certificate and import it to Outlook.

To send an encrypted email, both the sender and recipient need to have S/MIME certificates and the sender needs to have a copy of the recipient’s public key. The easiest way to get this by having the recipient send you a digitally signed email (which automatically sends the public key) before you send them an encrypted message.

The following video titled “How to Install an S/MIME Certificate With Outlook on Windows 10” covers this process more in-depth. This is a very similar process for all newer versions of Outlook and most S/MIME vendors.

Once you have included the certificate on your computer’s keychain and configured it in Outlook, you can use your S/MIME certificate to encrypt your email. (We’ve provided a step-by-step process of how you encrypt your email in Microsoft Outlook 365 using an S/MIME certificate below.)

The following process works for Microsoft Outlook 365, Outlook 2019 and Outlook 2016. You will find information on Outlook 2010 at the bottom of the section.  

  1. Create a new email. Next, click the File tab to bring up the menu.
The first step of how to encrypt email in Outlook
Depiction of a user clicking “File” in Microsoft Outlook 365.
  1. Click Options in the left-hand navigation panel.
The second step showing how email encryption works in Outlook
Depiction of a user clicking “Options” in Microsoft Outlook 365.
  1. Select Trust Center and then Trust Center Settings.
The third step of how to encrypt an email in Outlook
Depiction of a user clicking “Trust Center” and then “Trust Center Settings” in Microsoft Outlook 365.
  1. Next, you’ll want to click on Email Security and then choose Settings (which is located under the Encrypted email header).
The fourth step of how Outlook email encryption works
Depiction of a user clicking “Email Security” and then “Settings” in Microsoft Outlook 365.
  1. In the Certificates and Algorithms section, click Choose. Then, you will select your S/MIME certificate and apply it to your email.
The fifth step of how to encrypt email in Outlook
Depiction of a user in the Change Security Settings window of Microsoft Outlook 365.

This part of our directions on how to encrypt an email in Outlook where things get a little different (depending on which version of Outlook you’re using).

  • If you’re using Microsoft 365 Outlook: In your email message, you will select Options and then Encrypt. Then you will select Encrypt with S/MIME from a drop-down menu.
  • If you are using Outlook 2019 or Outlook 2016: There is a slight variation at this point. In your email message, you will select Options and then Permissions. Then Encrypt with S/MIME.
  • For Microsoft Outlook 365, Outlook 2019 and Outlook 2016: This is the end of the process. You are good to compose your email and send it off.

For users who are wondering how to encrypt an email in Outlook 2010 (AKA Office 2010), Microsoft Support has got you covered.

How to Encrypt an Email in Outlook Option 2 — Microsoft 365 Message Encryption

The other option when you’re trying to figure out how to encrypt an email in Outlook is by using Microsoft 365’s Message Encryption tool (also known as Office 365 Message Encryption). Microsoft 365 Message Encryption is included in the Office 365 Enterprise E3 license. Microsoft 365 Message Encryption comes with a host of features, including:

  • Rights Management Services templates,
  • Easy-to-use simplified user management, and
  • The ability to encrypt your email messages.

You won’t need an S/MIME certificate when using this service. Also, you can send encrypted emails to pretty much anyone (including Google and Yahoo accounts) by simply using your recipient’s email address as the public key.

If you’re looking for step-by-step instructions for how to use Microsoft 365 Message Encryption, Microsoft Support has got you covered.

S/MIME vs. Microsoft 365 Message Encryption

At first glance, you might think that encrypting emails using these two processes — using an S/MIME certificate or using Microsoft 365’s Message Encryption tool — are the same. They both encrypt your email communications, right? Yes, but there are some differences you should keep in mind.

For one, S/MIME allows you to digitally sign your email. Microsoft 365 Message Encryption does not. This is an added perk for S/MIME certificates because recipients can verify the email is coming from you and not just know that the email was encrypted. This gives them greater peace of mind knowing that you’re not an imposter sending them an encrypted (and potentially malicious) email.

This is a similar concept to comparing domain validation (DV)and extended validation (EV) SSL certificates in terms of identity assurance:

  • A DV SSL certificate only has the purchaser validate their domain. This means a user can land on a website with a DV SSL cert and know that the website is HTTPS protected, but they can’t use the certificate to verify who owns the website. So, yes, your communications are secure, but how do you know who you are sending these secure communications to?  
  • An EV SSL certificate, on the other hand, involves the purchaser validating more than their domain. EV SSL certificates require CAs to verify many details about a requesting company or organization before issuing a certificate to them. So, when you install an EV SSL certificate on your user, the user knows they’re protected by HTTPS and can verify the website owner’s information. This is much like how users can use an S/MIME certificate and a digital signature to verify an email is legitimate and hasn’t been altered.

The Difference Between Convenience and Security

Microsoft 365 Message Encryption doesn’t allow you to put any usage restrictions on the email messages. This means that once you send the email, you can trust that it is encrypted and protected. But once it’s in your recipient’s hands, they can do what they please with it. This could be printing it or forwarding it. There is no way to stop this.

It seems that the Microsoft 365 Message Encryption option is really about convenience. You can send encrypted emails to any address, including many of the major email clients, but there is no control beyond that.

Now, this isn’t to say that using an S/MIME certificate isn’t convenient; it’s just a different process. And with S/MIME, you have much more control. This makes it the perfect option for organizations who want to send emails safely and securely to both internal and external parties. An example of this could be a software company and a law firm that frequently partner on projects and exchange sensitive information. It would make sense to establish a secure line of communication and to have a way to authenticate each other’s identity.

Microsoft 365’s Message Encryption tool is more so an option for users who want to send encrypted emails to people outside of the organization. This would be ideal for a business-to-customers communication line.  

Where to Buy S/MIME Certificates for Outlook

You can buy S/MIME certificates from any reputable certificate authority or authorized dealer such as CheapSSLSecurity.com. We currently offer the DigiCert S/MIME Certificate starting at $26.67/year. This is a steal at 30% off the vendor price! It’s supported by Microsoft Outlook and all other top email clients.

If you’re wondering how to encrypt an email in Outlook, as mentioned earlier, this will get it done. This is a business validated certificate that can be issued in two days or less. No waiting, no wasted time. This S/MIME certificate comes with a document signing and client authentication feature as well. This is your chance to secure your emails from the moment you open it all the way through to when your recipient does as well. All this and it’s backed by the top CA in the world, DigiCert!

How to Encrypt an Email in Outlook – Final Word

We have come to the end of our journey. I hope that you now know how to encrypt an email in Outlook. Remember, you have two options that you can choose from. You can:

  1. Encrypt your emails using the Microsoft 365 Message Encryption tool, or you can
  2. Use an email signing certificate to both encrypt and digitally sign your emails. (Such as the DigiCert S/MIME Certificate!)

At the end of the day, whichever option you choose, the most important thing is that you are protecting yourself, your business, your customers and your employees from cybercriminals who want to intercept their sensitive information.


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.