Man sending secure email at office using Outlook
4 min

Does Microsoft Outlook Use Email Encryption? (FAQ Answered)

Microsoft Outlook uses a level of email encryption to protect everyday emails. However, this is not usually suitable for businesses who need to comply with regulatory guidance when sending sensitive information.

Microsoft Outlook is an organisation tool utilised by over 400 million users, with its email and calendar capabilities making it an ideal productivity tool for business use.

However, with 20,000 US organisations facing compromised Outlook accounts in March 2021, and an overall 83% of businesses suffering email data breaches within the last 12 months, companies are beginning to question how to amp up security measures for their email.

Why do we need to send emails securely?

Email, although a quick and convenient method of communication, was created to be a simple file sharing service between students at the Massachusetts Institute of Technology (MIT).

Now that email is used by businesses and consumers to transfer often confidential information, the level of inbuilt security is insufficient, leaving messages and attachments open to cyber threats such as interception. One key way to mitigate email interception is encryption.

What is email encryption?

Man using outlook to secure emails and smiling

Encryption is the process of disguising the contents of your email, translating messages and attachments into a code that is unable to be translated by human eyes alone. It achieves this through the use of ‘keys’; strings of randomly generated numbers that are used to encode data.

Email encryption is now seen as a vital tool for businesses to utilise, with the Information Conduct Authority advising that customer data should be encrypted to ensure secure processing.

Does Microsoft Outlook use email encryption?

woman in coffee shop using laptop for email

Microsoft Outlook offers different levels of email encryption, depending on your preference and budget:

Transport Layer Security (TLS)- As one of the most basic encryption methods on the market, TLS is offered natively with the basic Outlook package. It works by encrypting the connection between you and your recipients' email providers, preventing unwanted access to a message on its journey. However, emails using TLS level encryption may not remain encrypted once they have reached the recipient’s inbox, leaving them vulnerable to third-party access.

Microsoft Purview Message Encryption (MPME)- Available to Office 365 customers, MPME allows your message and attachments to remain encrypted for the entire journey, otherwise known as end-to-end encryption. However, there are a few reasons why this type of encryption may not be suitable for businesses, including:

  • No multi-factor verification (if the recipient inbox is hacked, data is vulnerable)
  • Only supports authentication for Microsoft attachments (e.g., docx, xls)
  • No revoke functionality (you can ‘request’ a recall for unopened messages)

Of course, Microsoft also allows for the use of third-party add-ins, including more advanced encryption solutions.

What is email encryption add-in software?

Couple at home using laptop for email on sofa

Outlook add-ins are useful integrations created specifically by third parties for use within the Outlook application. A popular type of Outlook add-in focuses on introducing additional security features to your email, seamlessly working alongside Microsoft’s existing features.

Encryption is just one aspect of these add-ins, offering simple, end-to-end message securing at the click of a button. This way, only the sender and receiver receive the decryption keys needed to read email messages and attachments.

Other capabilities found within security-based Outlook add-ins include:

  • Authentication: Although Outlook natively offers two-factor authentication when logging in to your personal account, add-ins enable you to verify the identity of the individual opening your email. By using the two in tandem, businesses can ensure that sensitive information remains in the right hands.
  • Revoke: Microsoft Outlook offers users a basic level of message recall. However, it only works based on a list of strict factors, such as whether the message has already been opened and how the recipient is accessing Outlook. An Outlook add-in removes these criteria, enabling you to recall any message that has been sent securely, protecting you from the threat of misdirected emails.
  • Audit trails: Auditing is extremely useful for company compliance, with Outlook add-ins enabling you to set up notifications to alert you when your messages have been opened, and by who.

Introducing Mailock..

When considering an Outlook add-in to boost your email security, Mailock offers all the above features and more.

Start a free trial of Mailock secure email

As a dedicated outbound email protection software, we deliver frictionless, end-to-end encryption directly to your Outlook, protecting your email whether it is on the move or within an inbox.

Mailock also allows you to authenticate, revoke messages and audit your emails, empowering both staff and consumers to communicate simply and securely. Learn more about the Mailock Outlook Add-in.

Further reading


Originally posted on 17 03 22
Last updated on April 20, 2023

Posted by: Sabrina McClune

Sabrina McClune is an expert researcher with an MA in Digital Technologies. She was a finalist in the Women In Tech Awards 2022. Sabrina has worked extensively with B2B technology companies conducting and compiling thorough academically driven research to produce online and offline media. She loves to read fantasy novels and collect special edition books.

Return to listing