Message encryption in MS Outlook 2019, 2016, 2013 and 2010

[Update]: This post was updated on April 14, 2017.

Sometimes there is a need for additional protection of your private messages from other people. There may be plenty of reasons for that – from private ones, like writing a personal letter to a close friend or telling your family where you usually keep your keys, to more formal and serious situations, like mailing a check to pay a bill. Whatever the reason, encrypted e-mails are like sealed envelopes, as opposed to the postcard-like availability of unencrypted e-mails.

Microsoft Outlook 2019, 2016, 2013 and 2010 message encryption protects the privacy of the message by converting it from readable plaintext to scrambled ciphertext.

In order to send and read encrypted messages, both the sender and recipient must share a digital ID, which contains the private key stored on the sender’s computer and a certificate with a public key. The certificate is sent with a digitally signed message. The recipient saves the certificate and uses the public key to encrypt the sender’s messages. It means that both the sender and recipient must send a digitally signed message, which allows adding the certificate to Outlook Contacts (more in this Microsoft article). From then on it is possible to send encrypted messages similarly to sending not encrypted ones. You can learn more about it here.

Before it is possible to start encrypting and decrypting messages, both the sender and recipient should get a personal mail certificate. Messages encrypted with such certificate ensure the recipient about the authenticity of an e-mail and keep it unreadable to others.

Let’s now proceed to encrypt a single message.

NOTE: The below screenshots were taken from Microsoft Outlook 2013 – in Outlook 2010 and Outlook 2016/2019 the procedure, option names and their locations are all identical.

Step 1.

When editing a new message in the Options ribbon click More Options.

Options in a new message

Step 2.

In the next window click Security Settings….

Security Settings option

Step 3.

In the resulting Security Properties window, check Encrypt message contents and attachments.

Encrypt message contents and attachments

Now, all that’s left is composing and sending the message.

It is also possible to set Outlook to encrypt messages globally by default. In this case, composing and sending messages is the same as with unencrypted messages, but the sender and recipient will need to have a digital ID in order to decrypt the message.

Step 1.

In the MS Outlook File menu (MS Outlook Backstage View) click Options and in the Trust Center tab click Trust Center Settings….

Trust Center Settings

Step 2.

In the resulting window click E-mail Security, then check the Encrypt contents and attachments for outgoing messages option.

E-mail Security

Step 3.

Confirm the changes by clicking OK.

From now on all the outgoing messages will be encrypted.

If the recipient’s e-mail settings do not support message encryption, Outlook will notify about this and suggest sending an unencrypted message.

Suggested reading

© All rights reserved. No part or whole of this article may not be reproduced or published without prior permission.

15 thoughts on “Message encryption in MS Outlook 2019, 2016, 2013 and 2010


  1. Hi, I have enabled the default encryption option in MS Outlook based on the guidance provided.
    (File menu -> Options -> Trust Center -> Trust Center Settings -> E-mail Security -> check the Encrypt contents and attachments for outgoing messages). However, If I work in some other PC, I have to do the same settings again in that. Is there any option to make the default encryption settings checked in my outlook even I work in different PCs.

  2. If you encrypt the message at the outlook client and then send from Exchange (not using an Exchange issued certificate) is the message searchable by the administrator in a compliance archive? What are the drawbacks of doing this?

  3. Outlook needs your digital ID so that you will be able to read your own sent message. If a message was only encrypted with the public key of the sender you would not be able to decrypt it in your Sent folder.

  4. Why does Outlook require that BOTH the sender and receiver have digital ID’s in order to encrypt a message? As I understand PKI, to be able to encrypt a message, I need only the public key of receiver, right? Then why does Outlook require that sender also have digital ID?

  5. Hi Pawel,

    We’re looking to encrypt email to various recipients. So far I haven’t been able to find anything online regarding Exchange 2013 (deployed inhouse) and digital IDs. Is it capable? Do we need to go to a 3rd party like Symantec to accomplish this?

    • Hi Michael,

      If you want to encrypt emails sent to a large number of different external recipients, you will need to obtain a 3rd party certificate that is trusted worldwide. Apart from Symantec, Comodo, DigiCert and Thwate are the most popular choices.

      Hope this helps,
      Pawel

  6. Does anyone know if the mobile Outlook on a Windows Phone is able to accept/ perform PKI encryption and digital signatures?

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

CodeTwo sp. z o.o. sp. k. is a controller of your personal data.
See our Privacy Policy to learn more.