How to send encrypted emails in Outlook in 2026?
Nicolas,
Sending an unencrypted email is like sending a postcard: anyone along the route can read its contents. In 2026, email data breaches remain one of the main vectors for leaking confidential information in business and for individuals alike. Outlook offers several methods to encrypt your messages — here is how to implement them depending on your configuration.
The two encryption methods available in Outlook
Outlook supports two distinct encryption technologies, each suited to a different context:
| Method | Requirements | Recommended context |
|---|---|---|
| S/MIME | Digital certificate installed on each device | Businesses, advanced professional use |
| Microsoft 365 Message Encryption (OME) | Microsoft 365 subscription (Business or Enterprise plan) | Organisations using Microsoft 365 |
Method 1: S/MIME encryption
S/MIME (Secure/Multipurpose Internet Mail Extensions) is the most widely used email encryption standard. It relies on a public key / private key system via a digital certificate. Each sender and recipient must have their own certificate for encryption to work in both directions.
Step 1: obtain an S/MIME digital certificate
You must first obtain an email signing certificate from a certificate authority (CA). Several authorities offer free or paid certificates:
- Comodo / Sectigo: offers a free 90-day personal S/MIME certificate
- DigiCert, GlobalSign: paid certificates for professional use
- Your organisation: in a corporate environment, the certificate is often provided and managed by IT via Active Directory Certificate Services
Step 2: install the certificate in Outlook
- Download and install the certificate on your machine — it installs into the Windows certificate store
- Open Outlook and go to File → Options → Trust Center → Trust Center Settings
- Click on Email Security
- In the Encrypted email section, click Settings
- Under Certificates and Algorithms, click Choose and select your installed certificate
- Confirm and close the settings
Step 3: send an encrypted email with S/MIME
- Compose a new message in Outlook
- Go to the Options tab of the message
- Click Encrypt (padlock icon) and select Encrypt with S/MIME
- You can also enable the Digital Signature to certify that the message genuinely comes from you
- Send the message normally
Good to know: to encrypt an email with S/MIME, you must possess the recipient's public key — meaning the recipient must have previously sent you a digitally signed email. Outlook then automatically extracts their public key from the signature to enable encryption. Without the recipient's public key, Outlook cannot encrypt the message.
Method 2: Microsoft 365 Message Encryption (OME)
Microsoft 365 Message Encryption (formerly Office 365 Message Encryption) is available with Microsoft 365 Business Premium, E3 and E5 subscriptions. It does not require a certificate on the user side and works with any recipient, whether they use Outlook or not.
Sending an encrypted message with OME
- In Outlook (desktop or web version), compose a new message
- Go to Options → Encrypt
- Select one of the available protection options:
- Encrypt-Only: the message is encrypted but the recipient can forward it
- Do Not Forward: the recipient cannot forward, copy or print the message
- Confidential or other sensitivity labels configured by your administrator
- Send the message normally
The recipient receives a notification indicating that the message is protected. If they use Outlook with a Microsoft 365 account, they can read the message directly. Otherwise, they receive a link to view it via a secure portal by authenticating with their Microsoft account, Google account or a one-time code.
Good to know: OME encrypts the content of the message and attachments, but not the metadata (subject, sender and recipient email addresses). If the confidentiality of the message subject is also important, avoid including sensitive information in it.
Encryption in Outlook.com (free version)
Outlook.com users with a personal Microsoft account (not Microsoft 365) have access to a limited version of encryption via the Encrypt option in the message composer. This option uses Microsoft's IRM (Information Rights Management) and requires the recipient to have a Microsoft account to decrypt the message.
Verifying that a received email is encrypted
In Outlook, an encrypted email can be identified by a padlock icon in the message header. For S/MIME messages, additional details about the certificate used are accessible by clicking the padlock icon or the digital signature icon.
Good to know: email encryption protects the message content in transit and at rest, but does not protect against a recipient forwarding the decrypted message to a third party. For the most sensitive communications, combine encryption with the "Do Not Forward" option and a rights management policy suited to your organisation.