How to Send Encrypted Email in Outlook: A Step-by-Step Guide for Beginners

🔐 Introduction of How to Send Encrypted Email in Outlook

In today’s world, email security isn’t optional — it’s essential. Especially when you’re sharing sensitive data like contracts, financial details, or health records. That’s where Outlook’s encryption features come into play.

So, if you’re wondering how to send encrypt email in Outlook, you’re in the right place. Let’s walk through the tools, methods, and tricks across the Outlook app, New Outlook, and Outlook on the Web (OWA) — and yes, we’ll also cover how admins can set this up in Microsoft 365.

💡 Why Encrypting Emails Matters

Ever sent an email and wondered who might be reading it besides your intended recipient? Without encryption, emails can be intercepted during transit. Encryption locks your email so only the person it’s intended for can open it — kind of like a digital envelope with a tamper-proof seal.

🔍 Types of Email Encryption in Outlook

Outlook supports two main methods:

• S/MIME Encryption – Uses certificates for end-to-end protection. Great for internal users with matching certificates.
• Microsoft Purview Message Encryption (MPME) – Works seamlessly across organizations, doesn’t require certificates, and supports “Encrypt” and “Do Not Forward” settings.

🧾 Prerequisites for Sending Encrypted Emails

Before diving in, let’s get the technical bits out of the way.

📋 Microsoft 365 Subscription Requirements

You need at least:

• Microsoft 365 Business Premium
• Microsoft 365 E3/E5
  Basic plans won’t cut it for Purview Message Encryption.

🔑 Licensing and Access

Ensure:

• You have mailbox rights.
• Encryption service is included in your license.
• You’re not using a POP/IMAP setup — it must be Exchange Online.

🔧 Admin Setup for Encryption Features

Admins must configure:

• Sensitivity labels with encryption
• Rights Management Services (RMS)
• Optional: Mail flow rules to trigger encryption automatically

💻 How to Send Encrypted Email in Outlook App (Desktop)

Here’s how to lock down your message in a few clicks:

1. Open Outlook Desktop App.
2. Click New Email.
3. Compose your message.
4. Click on the Options tab.
5. Click Encrypt and choose:
   • Encrypt-Only
   • Do Not Forward

📌 Encrypt-Only vs Do Not Forward

• Encrypt-Only: Message can be read and forwarded but only by intended recipients.
• Do Not Forward: Locks down forwarding, copying, or printing the email.

📥 Sending and Receiving

Recipients get a clear message like, “This email is protected.” If they’re using Outlook or a modern web browser, it’s seamless.

🆕 How to Send Encrypted Email in New Outlook

Using the New Outlook experience?

1. Enable the “New Outlook” toggle.
2. Click New Mail.
3. Click on the Options tab at the top of the compose window.
4. Choose between Encrypt or Do Not Forward.
5. Send!

It’s just as smooth as the classic version — and maybe even more intuitive.

🌐 How to Send Encrypted Email in Outlook on the Web (OWA)

If you’re using Outlook in your browser (https://outlook.office.com), follow these steps:

1. Click New message.
2. Click on the Options tab at the top of the compose window.
3. Select Encrypt.
4. Write and send your email!

The beauty? No plugins or extensions needed — just your browser and login.

🔐 Admin Guide: Configuring Email Encryption in Microsoft 365

The Email Encryption option should already be enabled. However, If email encryption options (such as Encrypt or Do Not Forward) are not available in Outlook or OWA, follow these PowerShell steps to configure Azure Rights Management (Azure RMS) and enable Information Rights Management (IRM).

✅ Step-by-Step PowerShell Configuration with Explanations

1. Connect to Exchange Online

Connect-ExchangeOnline

Connects your session to Exchange Online, allowing you to run mailbox and IRM-related commands.

2. Connect to Azure Information Protection (AIP) Service

Connect-AIPService

Establishes a session with the Azure Information Protection service, required to configure rights management.

3. Check Current IRM Configuration

Get-IRMConfiguration

Displays the current Information Rights Management (IRM) settings for your Exchange Online environment.

4. Reset IRM Configuration (if misconfigured)

Set-IRMConfiguration -LicensingLocation $null -InternalLicensingEnabled $false

Resets the licensing location and disables internal licensing temporarily to allow reconfiguration.

5. Activate Azure RMS

Enable-AIPService

Activates the Azure Rights Management service, which is required to use IRM and message protection.

6. Retrieve Azure RMS Licensing Configuration

$rmsConfig = Get-AipServiceConfiguration

$licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl

Retrieves the licensing URL needed for IRM. This URL points to the Azure RMS licensing endpoint used for user authentication and license acquisition.

7. Fetch Existing IRM Configuration

$irmConfig = Get-IRMConfiguration

$list = $irmConfig.LicensingLocation

Gets the current list of licensing URLs in the IRM configuration. These URLs are used by Office applications to enforce encryption policies.

8. Add Azure RMS Licensing URL (if missing)

if (!$list) { $list = @() }

if (!$list.Contains($licenseUri)) { $list += $licenseUri }

Ensures that the correct Azure RMS licensing endpoint is present in the configuration list.

9. Enable Azure RMS in IRM Configuration

Set-IRMConfiguration -LicensingLocation $list

Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true

Applies the correct licensing location and enables Azure RMS and internal IRM licensing for Office 365 message protection.

10. Enable the ‘Protect’ Button in Outlook on the Web

Set-IRMConfiguration -SimplifiedClientAccessEnabled $true

Enables the simplified ‘Protect’ interface in Outlook on the Web, allowing users to apply encryption and rights restrictions easily.

Make sure all of the above settings are set to True, and the Licensing Location is configured using the Azure RMS (ARM) template.

🧪 After Configuration

• Restart Outlook or refresh Outlook on the Web to see the “Encrypt” and “Do Not Forward” options.
• Ensure users are licensed for Microsoft 365 plans that include Microsoft Purview Message Encryption (MPME).
• You can verify protection by sending a test email with encryption and checking if it applies restrictions as expected.

👁 Viewing Encrypted Emails (Sender and Receiver Experience)

Recipients using Outlook or OWA will see the message directly. External users (like Gmail) get a link to securely view the email.

If they’re using a third-party app, they might need to verify via OTP (one-time passcode). It’s all browser-based and secure.

🔐 Benefits of Using Encrypted Email in Outlook

• Keeps data safe in transit and at rest
• Complies with regulations like HIPAA and GDPR
• Builds trust with clients and stakeholders

🧰 Tips for Managing Encrypted Emails

• Use auto-labeling to ensure sensitive data is always protected.
• Train users on when to use “Encrypt” vs “Do Not Forward.”
• Track email usage and revoke access if needed using Microsoft Purview.

🚫 Best Practices and Common Mistakes to Avoid

• Don’t rely only on mail flow rules — users should know when to encrypt.
• Avoid using encryption with unsupported email clients.
• Test externally — make sure external partners can open your emails smoothly.

✅ Conclusion

Sending encrypted emails in Outlook isn’t just for big corporations or IT geeks — it’s for anyone who wants to protect sensitive information. Whether you’re using the desktop app, new Outlook, or the web version, encryption is just a few clicks away.

Admins, don’t forget to configure everything on the backend — that’s what makes this tool powerful and reliable for your entire org.

Now go ahead, lock those emails down — because privacy is power. 🔐

❓FAQs

1. What happens if the recipient doesn’t use Outlook?
They’ll get a secure link to view the encrypted message in their browser using a one-time passcode.

2. Is encrypted email available in the free version of Outlook?
No. Encryption features like MPME require a Microsoft 365 Business Premium or Enterprise subscription.

3. Can I set encryption automatically for certain users or keywords?
Yes! Admins can create mail flow rules to apply encryption based on keywords, departments, or recipient domains.

4. What’s the difference between S/MIME and Microsoft Purview Encryption?
S/MIME requires certificates and is more complex to deploy. Microsoft Purview is cloud-native and much easier to manage.

5. How can I tell if my email was encrypted successfully?
You’ll see a banner in the sent message indicating encryption, and the recipient will receive it in a protected format.

If you enjoyed this blog and want to explore more topics on Microsoft 365, SharePoint, Teams, Identity, Security, and Compliance, subscribe to our newsletter and follow us on LinkedIn for the latest updates.