Skip to main content
Team meeting to review Microsoft secure email offering
13 min

Microsoft's Secure Email vs Mailock: A Comparison

When it comes to safeguarding your business communications, choosing the right secure email solution is crucial.

In this review, we look at how Microsoft 365's secure email offering, Microsoft Purview Message Encryption, compares to Mailock.

Microsoft Purview Message Encryption is included with several Microsoft 365 and Office 365 plans, including Enterprise E3 and E5, Microsoft 365 Business Premium, and some education and government plans. It can also be added to certain other plans with Azure Information Protection Plan 1.

Key features include:

  • AES-256 encryption
  • Inbox access verification
  • Audit trails (limited)

We often receive questions regarding the differences between Microsoft Purview Message Encryption and Mailock secure email.

So, let's compare the two solutions in terms of their core features for secure communications.

Microsoft 365 Encryption vs Mailock: Key Features

Email Encryption

  • Microsoft Purview Message Encryption:
    • Microsoft 365 message encryption and rights management controls
    • Encrypted reply option for recipients
    • Designed to help protect messages within Microsoft 365 policy and rights management workflows
  • Mailock:
    • End-to-end AES-256 encryption
    • Encrypted reply option for recipients
    • Designed for secure customer communications with recipient authentication and access control

Security Alerts

  • Microsoft Purview Message Encryption:
    • Encryption can be applied by users or policy; broader Microsoft Purview DLP warnings depend on licence and configuration
  • Mailock:
    • Custom security alerts for users sending confidential data by unsecured email

Recipient Authentication

  • Microsoft Purview Message Encryption:
    • No recipient authentication
  • Mailock:
    • Question-and-answer
    • SMS code
    • Unipass ID

Email Verification 

  • Microsoft Purview Message Encryption:
    • One-time code
  • Mailock:
    • One-time code

Message Revoke

  • Microsoft Purview Message Encryption:
    • No message revoke with lower tier plans (e.g., AIP P1)
    • Revoke is available for emails sent outside M365 ecosystem (in certain instances)
  • Mailock:
    • Available with all paid plans (e.g., Pro and Enterprise+)
    • Revoke is unilateral regardless of recipient ecosystem

Read Notifications

  • Microsoft Purview Message Encryption:
    • Read notifications for Outlook recipients (recipient can refuse)
  • Mailock:
    • Read notifications for recipients regardless of their ecosystem

Message Tracking

  • Microsoft Purview Message Encryption:
    • Accessible to administrators only, no proof-of-delivery
  • Mailock:
    • Accessible to senders and administrators, including proof-of-delivery/access

Usage and Limits

  • Microsoft Purview Message Encryption:
    • Rate limits prevent delivery at high volumes
  • Mailock:
    • No ceiling on send volume for delivery at scale

Setup/Management

  • Microsoft Purview Message Encryption:
    • Requires Microsoft specialist familiar with PowerShell
  • Mailock:
    • Simple deployment, manageable by anyone using admin dashboard

Overview of Microsoft and Mailock Secure Email

M365 secure email vs Mailock

What Is Microsoft Purview Message Encryption?

Microsoft Purview Message Encryption uses Microsoft Purview Information Protection and Azure Rights Management capabilities for email encryption and rights management.

It can let supported Outlook recipients read protected messages directly, while other recipients receive instructions for opening the encrypted message.

What Is Mailock Secure Email?

Mailock secure email uses encryption and multi-factor recipient authentication to deliver sensitive information to the right person.

It integrates with Microsoft 365 and Windows Outlook, helping organisations to remain compliant with regulatory guidance, protect valuable data, and deliver sensitive messages at high volumes.

Microsoft Purview Message Encryption Reviewed

Microsoft Purview Message Encryption is a Microsoft-native encrypted email option for eligible Microsoft 365 environments.

Microsoft Purview Email Encryption 

Microsoft Purview Message Encryption uses Microsoft Purview Information Protection and Azure Rights Management to protect email messages.

This prevents sensitive message data from being accessed if an email were to be intercepted.

For highly sensitive customer communications, firms should assess whether Microsoft 365 account-based access, rights management, and policy controls match their threat model and evidence requirements.

Nevertheless, Microsoft Purview Message Encryption provides useful protection for many Microsoft 365 email workflows.

The additional features it provides, such as account-based access, rights management, and conditional revocation for eligible encrypted messages, can also strengthen protection.

Microsoft Purview Security Alerts

Microsoft Purview Message Encryption can be applied manually by users or automatically through administrator policies such as mail flow rules.

Broader Microsoft Purview Data Loss Prevention can also show policy tips and warnings in supported Outlook experiences, depending on licence, client, and configuration.

However, that is not the same as Mailock's message-level security alerts and secure-send workflow for customer communications.

Sending an email is so commonplace that employees do not always remember to think twice before hitting 'send'.

Graphic showing the top cause of a data breach

Given that sensitive email sent to the wrong person is the top cause of a data breach, providing employees with a safety net that checks the information they are sending by unsecured email is vital.

Companies should invest adequately in data security training for employees using Microsoft Purview Message Encryption unless they intend to integrate additional tools.

Microsoft Purview Email Verification

An additional check that a recipient has live access to their email account when they attempt to open a message (with an emailed one-time code) can prevent messages from being opened if they are intercepted.

Email verification is an important preventative measure that helps to eliminate a number of the most common email threats.

This makes it easy for recipients to verify they have access to their inbox on receiving a message, regardless of their email provider.

Microsoft Purview Message Encryption email verification screen

Recipients must click on the link contained within their message, select the verification type, and enter their credentials.

Recipients are not obliged to use email verification, however.

They can also select alternative single sign on (SSO) options to verify that they have a Google or a Microsoft account instead of verifying live access to their email inbox with a code.

In certain other contexts, recipients using a compatible version of Outlook are not required to verify inbox or account access, and messages are automatically decrypted (one factor being whether they have used two-factor authentication at login).

Microsoft Purview Recipient Authentication

Email verification cannot protect against all risks.

If an unauthorised individual obtains a recipient's account credentials, they can still access all the messages in the inbox.

Email verification may also fail to provide a strong enough record that information has been delivered to the intended recipient, which is key for compliance with certain regulatory guidelines.

For this reason, many secure email solutions offer multi-factor recipient authentication to make sure that only the intended parties can access secure emails, and that evidence of this is recorded.

Microsoft Purview Message Encryption does not provide Mailock-style recipient Q&A, SMS, or sector identity checks for encrypted customer messages.

Note: Many recipients of secure emails have two-factor authentication enabled on their email accounts, which helps to ensure that only the intended person can access secure emails. However, this can only be enabled by recipients and is not something over which senders have direct control.

Microsoft Purview Message Revoke

For emails that have already been sent to the wrong person, Microsoft Purview Advanced Message Encryption provides the ability to revoke secure emails under certain conditions.

This function can be accessed by senders within their Outlook client and by administrators with PowerShell access.

However, it is only available with Azure Information Protection P1 under some M365 plans (e.g., E5).

The revoke function only works if the recipient has received a link-based experience.

If a message has been automatically decrypted, the sender will be unable to revoke access.

This means that secure emails sent to other Microsoft 365 users, most often, cannot be revoked.

Microsoft Purview Read Notifications

For confirmation that a secure email has reached its destination, senders using Microsoft Purview Message Encryption can request a read receipt (or notification).

This will prompt the recipient to confirm if they are willing to share that they've accessed the message with the sender upon opening the email.

Outlook read receipt request option

As the recipient chooses whether to allow a read notification to be sent, there are no analytics on open and download rates for secure emails.

This also prevents organisations from gathering proof of delivery for regulatory compliance and in case of litigation.

Microsoft Purview Message Tracking

For many organisations and their industry regulators, keeping records of sensitive communications is essential.

Microsoft Purview Message Encryption provides a searchable compliance dashboard for sent secure messages including timestamps, revocation details, and expiration periods.

 

Shortlisting Secure Email Options?

Book a Mailock demo to see how secure email, recipient authentication, secure replies, and tracking would work in your own workflow.

Book a Mailock demo

However, this does not include data on recipient access.

For organisations that require proof-of-delivery, message tracking is limited in this capacity as they can only be used as a send record.

The compliance dashboard is only accessible to Microsoft 365 account administrators.

There is no Message Tracker record available to the individual sender of a secure email.

 Microsoft Purview Usage & Limits

Delivering confidential information to customers at scale is critical for large organisations in regulated sectors such as financial services.

Since Microsoft Purview Message Encryption sits within Microsoft 365 email infrastructure, organisations should check relevant Exchange Online message, recipient, and rate limits before relying on it for high-volume delivery.

Smaller companies will not find rate limits to be an issue, though larger organisations should be aware that there are caps to usage:

  • 30 messages per minute
  • 10,000 recipients per day

If your usage could reach these limits, you should consider other secure email solutions designed for scaled delivery.

Microsoft Purview Setup & Management

To set up Microsoft Purview Message Encryption for your organisation you will need the help of a Microsoft specialist to configure it in PowerShell.

Microsoft Purview Message Encryption setup screen

Your Microsoft specialist will have to activate Azure Information Rights Management for your tenancy and set up the rules to apply encryption to custom templates using the message encryption facility.

Mailock Secure Email, Reviewed

Mailock is a powerful solution for the secure exchange of confidential information with customers at any scale.

 Mailock Email Encryption

Mailock uses AES-256 end-to-end encryption to protect confidential email data and attachments.

The encryption used by Mailock is designed so that patterns in the encrypted data can't be used to crack it.

Each block of data is injected with an identifier that ties it to the last, making it unique.

"Security is fundamental to the Mailock system, and always comes first.

Our most valued financial organisations use the network to deliver highly sensitive information on a daily basis."

Michael Wakefield, CTO, Beyond Encryption (Mailock)

Mailock's encryption architecture, combined with the authentication challenges it provides, is designed to ensure that only the intended parties can decipher secured messages and attachments.

The end-to-end encryption used by Mailock is also available to recipients of secure emails, who can reply for free.

Mailock Security Alerts

How does Mailock prevent users from sending confidential information in an unsecured email?

Organisations can set custom security alerts or use the default set.

When a matched term appears in an email, users will be alerted to send the email securely.

Mailock security alert in Outlook

This helps to train employees to think twice before sending an email and prevents confidential information from being leaked.

Administrators can create rules in addition to these user-level prompts to unilaterally force emails to be sent securely when they contain particular keywords or other criteria.

By providing flexible control over data loss prevention, Mailock allows organisations to easily match their protection to their needs.

Mailock Email Verification

As with Microsoft's secure email service, Mailock gives its users the option to require a one-time code from recipients of secure emails (sent to their inbox) before they gain access to a message.

This helps to prevent interception by double-checking that recipients have live access to their email accounts.

However, with Mailock, more robust recipient identity authentication methods can also be accommodated.

Mailock Recipient Authentication

Authenticating email recipients beyond their inbox access is the only way to ensure sensitive information is delivered to the right people.

Checking that a recipient has instantaneous access to their account when they attempt to open a secure email eliminates a majority of threats.

Mailock recipient authentication options in Microsoft 365

However, inbox access verification does not stop an unauthorised party who has gained access to a recipient's inbox.

Mailock offers multiple recipient authentication types that go beyond inbox access verification, including:

  • SMS: Send a one-time code to your recipient's mobile device.
  • Q&A: Ask your recipient a question only they could correctly answer.
  • Unipass ID: Allow financial professionals to use their Unipass ID.

Authenticating recipients provides recorded confirmation that a message has been received by the intended party.

Many organisations require such proof-of-delivery for particular types of documentation in order to comply with regulations.

 

 Mailock Message Revoke

Access to a Mailock email can always be revoked by the sender.

This can save a small problem from becoming a bigger one by giving a business the power to immediately contain a breach.

Mailock's revoke function stops a recipient from accessing a secure email instantaneously, regardless of their device or email client.

The revoke function is available both to individual senders using Mailock For Outlook and to company administrators via the admin portal.

Note: Unilateral revoke is a critical feature that helps organisations comply with regulatory guidelines such as the Information Commissioner's Office guidance on misfired emails (emails sent in error to the wrong person).

Mailock Read Notifications

For organisations that need to confirm that sensitive information has been delivered, Mailock also offers read notifications.

Notification settings are accessible within the Outlook add-in and work in every case, regardless of the receiving email client.

Read notifications are useful for anyone wishing to progress a customer along a journey, from sales to customer support, as they can follow up when the customer is most likely to respond.

The ability to track recipient interactions with a message in this way also enables detailed open rate analytics for administrators.

Mailock Message Tracking

Need to maintain records of sensitive communications in line with regulatory guidance?

Mailock provides a secure email Message Tracker, which can be accessed at both user and admin-level.

Mailock message tracking and revoke controls in Outlook

The Message Tracker allows users to view timestamps of activity, to revoke messages, and to view all sent secure emails in one place.

 Mailock Usage & Limits

Mailock is designed to support enterprise organisations that deliver sensitive documents to customers at scale.

For this reason, there is no hard ceiling on the volume of secure emails that can be sent securely.

Mailock is a viable alternative for organisations that deliver a high volume of confidential post and are considering secure email for the cost and carbon savings it affords.

Mailock Setup & Management

Setting up Mailock for your organisation is simple.

Depending on your choice of deployment (cloud/on-premise), you will use an installation pack or be guided through the process by a specialist.

Mailock company admin dashboard setup screen

The solution can be monitored using Mailock's company admin dashboard - a secure browser-based experience where you can manage your users, email domains, and security alerts.

Microsoft Purview Message Encryption vs Mailock Secure Email

Every organisation has different requirements when it comes to choosing a secure email solution that fits. In summary:

  • Microsoft Purview Message Encryption helps protect message content in eligible Microsoft 365 workflows
  • Microsoft Purview Message Encryption does not provide Mailock-style recipient Q&A, SMS, or sector identity checks
  • Microsoft Purview Message Encryption is subject to relevant Exchange Online limits
  • Microsoft Purview Message Encryption setup depends on tenant configuration and administrator permissions
  • Mailock supports high-volume secure delivery workflows
  • Mailock offers recipient authentication
  • Mailock is designed for scaled secure customer communication
  • Mailock is easy to deploy and manage

Download the fact sheet (PDF)

 

FAQs

What Is Microsoft Purview Message Encryption?

Microsoft Purview Message Encryption is a secure email capability within Microsoft 365 that combines email encryption and rights management.

It can allow supported Outlook recipients to read encrypted messages directly, while other recipients receive instructions for opening the protected message.

How Does Mailock Differ from Microsoft Purview Message Encryption?

Mailock offers additional security features, such as multi-factor recipient authentication and custom security alerts. Microsoft Purview Message Encryption works inside the wider Microsoft Purview ecosystem, but it does not provide Mailock-style recipient Q&A, SMS, or sector identity checks.

Can I Revoke an Email Sent via Microsoft Purview Message Encryption?

Microsoft Purview Advanced Message Encryption allows email revocation under specific conditions, mainly if the recipient receives a link-based experience.

However, emails sent within the Microsoft 365 ecosystem may not be revocable.

Does Mailock Have a Limit on the Number of Secure Emails I Can Send?

Mailock is designed for organisations that need to send large volumes of secure emails, including automated delivery workflows.

Which Secure Email Solution Is Easier to Set Up and Manage?

Mailock is managed through its admin dashboard, while Microsoft Purview Message Encryption setup depends on Microsoft 365 tenant configuration, administrator permissions, and the policies being used.

 

References

Microsoft Purview Message Encryption, Microsoft Learn, checked 3 June 2026

Microsoft Purview Message Encryption FAQ, Microsoft Learn, checked 3 June 2026

Revoke email encrypted by Advanced Message Encryption, Microsoft Learn, checked 3 June 2026

Exchange Online limits, Microsoft Learn, checked 3 June 2026

Is Azure Information Protection Plan 1 Enough?, Microsoft Learn

Common Data Protection Mistakes and How to Fix Them, Information Commissioner's Office

Reviewed by

Sam Kendall, 03.06.26

This content is for general information only and is not legal advice.

 

Originally posted on 20 01 23
Last updated on July 11, 2026

Posted by:  Sabrina McClune

Sabrina McClune writes about cybersecurity, data protection, digital identity, and digital transformation for Beyond Encryption, helping regulated sectors understand complex technology and compliance topics with greater clarity.

Return to listing