Man using Microsoft Outlook email encryption
4 min

Does Microsoft Outlook Use Email Encryption?

Microsoft Outlook, a widely-used tool by over 400 million users globally, offers a level of email encryption to safeguard everyday emails. But is this encryption sufficient for businesses that need to send sensitive information to their customers? Let’s take a look.

Understanding The Basics of Email Encryption

Encryption disguises the contents of your email, transforming messages and attachments into a code that cannot be read by human eyes.

Encryption disguises the contents of your email

It achieves this through the use of ‘keys’; strings of randomly generated numbers that are used to encode data.

Encryption is particularly relevant to business emails. The UK Information Commissioner's Office (ICO) advises that all personal information sent by email should be protected using encryption.

Email Encryption In Microsoft Outlook

Microsoft Outlook offers different levels of email encryption, depending on your preference and budget.

1. Transport Layer Security (TLS)

As one of the most basic encryption methods on the market, TLS is offered natively with the basic Outlook package.

It works by encrypting the connection between you and your recipients' email providers, preventing unwanted access to a message on its journey.

Emails using TLS encryption may not remain encrypted once they have reached the recipient’s inbox, leaving them vulnerable to third-party access and insufficient alone for protecting sensitive email data.

2. S/MIME (Secure/Multipurpose Internet Mail Extensions)

Unlike TLS which encrypts the transmission, S/MIME encrypts the content of the emails themselves and not just the connection.

It requires that both sender and recipient have a mail application that supports S/MIME, and both must exchange 'digital certificates'.

Outlook encrypt button

S/MIME provides appropriate protection for sensitive information. However, it is inconvenient for communication with recipients who do not have the necessary setup, for example customers.

Learn how to encrypt an Outlook email with S/MIME.

3. Microsoft Purview Message Encryption (MPME)

Available to Office 365 customers, MPME encrypts messages and attachments throughout their journey, known as end-to-end encryption.


Recipients of encrypted emails must click a link and then verify they have access to their inbox using a code or their Microsoft/Gmail credentials. This decreases the risk posed by email account takeover attacks.

MPME is designed to help protect confidential data. However, it lacks the accessible user experience required to deliver documents to customers who may not be familiar with this type of enterprise technology.

For businesses sending secure emails to their customers, there may also be a concern that MPME has no recipient authentication features to ensure that messages reach the right people.

Read our full review of Microsoft Purview Message Encryption.

Prioritising Security with Data Classification

Before diving into specific email encryption methods, it's crucial to understand data classification.

This process involves categorising your organisation's information based on its sensitivity. Imagine customer credit card details compared to a company announcement.

Data Classification Levels

Classifying your data helps determine the most appropriate security measures for each type. For example:

Highly Confidential: This classification applies to information with severe consequences if leaked, such as financial data, trade secrets, or personal details.

Confidential: This includes sensitive information that could still cause harm if exposed, like marketing strategies or internal reports.

Internal: This covers company information intended for internal use only, such as meeting minutes or departmental updates.

Public: This refers to information that can be publicly shared, like press releases or product information.

Security Measures Based on Classification

Once you've classified your data, you can choose the appropriate security measures. Here's a guideline:

Highly Confidential: This level might require a combination of strong encryption (like MPME or third-party solutions), access restrictions within your organisation (e.g., role-based access control), and additional measures like digital rights management (DRM) tools that restrict copying or forwarding.

Confidential: For this level, S/MIME or MPME encryption might be sufficient, alongside access controls within your organisation.

Internal: You might choose to encrypt internal emails for additional security, but password protection or access controls might be enough depending on the information's sensitivity.

Public: Public information typically doesn't require encryption.

By classifying your data, you can ensure that your most valuable information receives the strongest protection.

This helps prioritise your security efforts and avoid applying excessive security measures to less sensitive data.

Role Of Email Encryption Add-Ins

Outlook add-ins are useful integrations created by third parties for use within the Outlook application.


Add-ins can introduce additional security features such as email encryption and recipient authentication.

For example, our Outlook email encryption add-in for secure email provides everything you need to exchange sensitive emails safely.

It is designed for businesses to share information with customers easily while maintaining compliance with data protection regulations.

Learn more about our Outlook Add-in.

Further Reading

Deliver sensitive information with Outlook


Originally posted on 17 03 22
Last updated on March 22, 2024

Posted by: Sabrina McClune

Sabrina McClune is an expert researcher with an MA in Digital Marketing. She was a finalist in the Women In Tech Awards 2022. Sabrina has worked extensively with B2B technology companies conducting and compiling thorough academically driven research to produce online and offline media. She loves to read fantasy novels and collect special edition books.

Return to listing