Mimecast Logo
Get a Quote

    Office 365 Email Encryption

    Protect sensitive information and send secure messages with Office 365 Email Encryption.
    Schedule A Demo
    Office 365 Email Encryption
    Schedule A Demo
    Key Points

    What you'll learn in this article

    • Office 365 email encryption protects sensitive information by encrypting message content so only authorized recipients can read it.
    • Microsoft 365 offers multiple encryption options, including Office 365 Message Encryption (OME), Information Rights Management (IRM), and S/MIME.
    • Native Office 365 encryption features may introduce usability and administrative challenges, especially for external recipients or TLS-dependent environments.

    Mimecast enhances Office 365 email encryption by simplifying secure messaging, adding malware scanning and DLP controls, and enabling encrypted communication even when TLS is unavailable.

    What is Office 365 email encryption?

    Email encryption in Office 365 is a security feature that lets you send encrypted emails to people inside or outside your organization.

    When you encrypt an email, only the people who have the encrypted email key can read it. Encrypted email is different from regular email because -

    • The subject line and body of the encrypted email are encrypted so that only the intended recipient can read them, even if someone else intercepts the message in transit.
    • The encrypted email doesn't include a link to download the key, so only the intended recipient can get the key and read the message.

    The Importance of Office 365 Encrypted Email

    The importance of encrypted email cannot be understated. In today's world, email is one of the most used communication tools. However, it is also one of the most vulnerable, as email messages are often stored on servers and can be accessed by unauthorized individuals.

    Office 365 email encryption helps protect your emails from being read by anyone other than the intended recipient. Encrypted emails are converted into a code that can only be deciphered by the person with the proper key. This ensures your emails remain private and confidential.

    In addition, encrypted email can help to prevent fraud and identity theft. By encrypting your emails, you can help to protect yourself and your business from potential risks. 

    Email Encryption Options Available in Office 365

    Office 365 provides multiple email encryption options to support secure email communication across different use cases, recipient types, and compliance requirements. Each encryption option offers a different balance of usability and security, making it important to choose the approach that fits your organization’s needs.

    Office 365 Message Encryption (OME)

    Office 365 Message Encryption is the most commonly used encryption option for securing messages sent both inside and outside the organization. Built on Azure Rights Management, OME allows users to encrypt email without requiring recipients to have an Office 365 account.

    Encrypted messages can be opened through a one-time passcode or by signing in with a Microsoft account, making it practical for external communication. Administrators can apply encryption policies automatically using mail flow rules, ensuring consistent protection without relying on manual user actions.

    Information Rights Management (IRM)

    Information Rights Management extends encryption by adding usage controls to encrypted messages. In addition to protecting message content, IRM can restrict actions such as forwarding, copying, printing, or replying to an email. This option is useful when sensitive information must remain controlled even after delivery. IRM works within Exchange Online and integrates with Microsoft Outlook, allowing users to apply protection templates directly when composing messages.

    S/MIME Encryption

    S/MIME is a certificate-based encryption option designed for environments that require strict identity verification and message-level security. It encrypts messages and digitally signs them using public and private key pairs, ensuring both confidentiality and sender authentication. While S/MIME provides strong security guarantees, it requires certificate management for every user and recipient, which can increase administrative overhead.

    How to set up Office 365 email encryption

    Microsoft 365 supports Message Encryption (Information Rights Management). To enable encryption, the sender must have the Microsoft 365 Message Encryption that is included in the Office 365 Enterprise E3 license.

    To encrypt a single message:

    1. Click File and then Properties.
    2. Click Security Settings and select the Encrypt message contents and attachments check box.
    3. Compose your message and hit Send.

    It is possible to encrypt all outgoing messages by default, however, all potential recipients must have your digital ID to be able to decrypt and view your messages. To enable encryption by default:

    1. Go to File > Options > Trust Center > Trust Center Settings.
    2. On the Email Security tab, select the Encrypt contents and attachments for outgoing messages check box.

    The limitations of Office 365 email encryption

    Microsoft has recently added secure email encryption to its popular Office 365 productivity platform, providing users with the option to send encrypted files and messages in order to protect sensitive data. But while Office 365 email encryption is certainly a needed component of this cloud-based platform, it may not be the right fit for every user and organization.

    Office 365 email encryption simplifies secure messaging for senders, but decrypting those messages may be more difficult for recipients. In order to ensure that an encrypted message can be opened once received, organizations may need to pay for mandatory TLS connections for their business partners or run the risk of not being able to use Office 365 email encryption when a TLS connection is not available.

    Enhance Office 365 email encryption with Mimecast

    Mimecast provides email encryption services that complement Office 365 email encryption, providing users with simple-to-use tools for protecting email messages and attachments. With Mimecast Secure Messaging, users can share sensitive information easily by sending protected messages directly from their regular mailbox application, without requiring senders or recipients to download software or install additional hardware.

    Mimecast augments Office 365 email encryption by enabling organizations to:

    • Make encryption easier for users and administrators alike.
    • Support compliance by enabling secure messages to be subjected to anti-malware, data leak prevention and compliance policies.
    • Provide an encryption email service even when TLS encryption is not an option.
    • Improve protection by eliminating the ability of administrators to view information within a message.

    How Mimecast solutions for Office 365 email encryption work

    To initiate a secure message or an encrypted file transfer in Office 365, users simply need to create a new email in Outlook and to select the Send Secure option on the Mimecast tab. Users have the option of sending the message with settings that require read receipts, enforce message expiration dates, and limit or prevent printing, replying and forwarding of the message.

    When the user clicks Send, the email and any attachments are securely uploaded to the Mimecast cloud. There they are scanned for malware, checked against content and data leak prevention policies, and safely stored in a secure AES encrypted archive.

    The message recipient receives a notification that a secure message has been sent, along with instructions for how to retrieve the message and attachments from Mimecast's Secure Messaging portal.

    Explore Microsoft 365 Solutions

    Office 365 email encryption FAQs

    When you open an encrypted email in Office 365, you'll see a message at the top of the screen that says "This message is encrypted." This will let you know that the contents of the secure email are safe. You can also tell if an email is encrypted by looking for a lock icon next to the sender's name. If you see this icon, it means that the email is encrypted and you can rest assured that your information is safe.

    Office 365 email encryption has benefits for both individual users and organizations.

    Message encryption through Office 365 can prevent security breaches and data theft and is easy to set up and low cost, too, since you don’t need a dedicated encryption server.

    Office 365 encryption also protects your privacy by hiding the identity of email senders or recipients. It prevents sensitive company or personal data from being read or leaked unintentionally.

    By using Office 365 email encryption, your sensitive data is encrypted at rest and transit, using multiple robust encryption protocols and technologies.

    The level of safety, however, depends on various factors and how your organization configures and uses the encryption features provided by Office 365. Additionally, user awareness and training play a crucial role in ensuring that employees understand how to use encryption features effectively.

    Related Office 365 Email Encryption Resources

    Resources_31.jpg
    Email & Collaboration Threat Protection

    Email Security, API-Based Protection

    Datasheet
    SOHR-2026-thumbnail-resource.png
    Email & Collaboration Threat Protection

    The State of Human Risk 2026

    Ebook
    tumbnail_woodruff.png
    Email & Collaboration Threat Protection

    Woodruff Arts Center Secures Communications & Protects Donor Data with Mimecast

    Case Study

    Discover threats with advanced security from Mimecast

    Start your free 30-day scan today to uncover all the threats that Microsoft misses.

    M365 Threat Scan
    Back to Top