Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    How Do I Send a Secure Email in Outlook?

    KnowBe4 Team | Mar 12, 2026

    Sending an unsecured email can be likened to writing sensitive information on a sticky note and leaving it on someone else's desk: anybody can intercept and share that information. Fortunately, there are ways to ensure your emails are safe from the prying eyes of hackers through encryption, meaning your message — no matter how sensitive — is seen only by the intended recipient.

    An encrypted message is changed from plain text into ciphertext, which is unreadable and remains that way until it reaches its destination. That means that even the most determined hacker won't be able to gather sensitive information from the email. Once it arrives with the intended person(s), the encryption is removed, provided their identity has been confirmed.

    Risks of Unsecured Email and Benefits of Encryption

    Most of us are guilty of occasionally copying in the wrong person, clicking 'reply all' unintentionally, or misspelling an email address. Without the security of encryption, this can lead to serious problems. If an unauthorized person sees sensitive information not intended for their eyes, a mere accident turns into a data breach.

    There are significant risks associated with sending unsecured emails. These include:

    • Risk of attack
    • Data loss
    • Damage caused by data breaches
    • Breaking data protection regulations
    • Fines and legal action
    • Damage to business reputation

    It's easy to become complacent about emails — something most of us have easy access to and use every day — but a simple layer of added security protects us from risk. Cybercriminals spend their lives searching for weak points they can take advantage of; the least we can do is make that more challenging for them. That's why it's so important to use all the tools at your disposal to make sure your emails are sent securely.

    How to Secure an Smail with Microsoft 365

    For most Outlook users, emails are encrypted through S/MIME. This only works if both sender and recipient use Outlook and have their certificates installed, confirming their identities. That works well as a layer of basic protection against data loss.

    Microsoft 365 also offers built-in message encryption for senders and recipients who use Outlook and have an Office 365 subscription. Here are step-by-step instructions outlining how to send an encrypted message when both parties use Microsoft 365.

    To summarize:

    • Use Outlook to open the email message
    • Navigate to the "File" and click "Properties"
    • Scroll to "Security Settings" and check the box next to "Encrypt message contents"
    • Compose your email message as you usually would
    • Click "Send"

    However, if one party doesn't have the correct certificates or encryption tools, sending that email using plain text might seem the only option. Thankfully, Outlook add-ons allow users to encrypt every email they send — even if the recipient is outside the organization and using another email provider.

    How Intelligent Email Security can Augment Microsoft 365's Existing Capabilities

    Intelligent email security tools, such as KnowBe4 Protect, ensure all outgoing emails are encrypted — even if they are intended for a recipient outside your network. Users can do this directly from Outlook with just a mouse click.

    Another significant benefit of this add-on service is that emails are encrypted at rest, not just when they're in transit, meaning your data is protected at every stage. That minimizes the chances attackers have to access sensitive information, leading to a data breach.

    Protect also offers maximum flexibility for users. In this bring-your-own-device world where so many individuals are working from their laptops, phones, and tablets, Protect operates on the principle of flexible authentication. That means sensitive information always remains secure, no matter what device that's in use. On top of this, users can select their encryption level depending on the sensitivity of the sent data. They can also control the actions of the email's recipient, such as preventing them from copying or forwarding data.

    To further this, machine learning tools, such as KnowBe4 Prevent can detect contextual errors that might lead to a data leak. For example, the tool analyzes user relationships to understand what should and shouldn't be sent. This tool helps prevent sensitive information from being sent to a mistyped email address or an external client being included in an email with an attachment meant for internal eyes only.

    While Microsoft Outlook's built-in encryption functionality offers a solid layer of security options for users, for maximum protection, consider add-ons that further improve your email security. These are seamless additions, removing any complexity for the user and making encryption an integrated part of daily life.

    FAQs

    What is the difference between email encryption and standard email?

    Standard email is often sent as "plain text," which is similar to a postcard that anyone handling it can read. Email encryption transforms your message into ciphertext, an unreadable format that can only be unlocked by the intended recipient with the correct digital "key" or authentication.

    Can I send an encrypted email to someone who doesn't use Outlook?

    Yes. While Microsoft’s built-in S/MIME requires both parties to have specific certificates, third-party add-ons like Egress Protect allow you to send encrypted messages to any recipient, regardless of their email provider. The recipient typically authenticates their identity via a secure web portal to read the message.

    What are the biggest risks of sending unsecured emails?

    The primary risks include:

    • Data Breaches: Sensitive information intercepted by hackers.
    • Compliance Violations: Failing to meet legal standards like GDPR or HIPAA.
    • Human Error: Accidentally sending private data to the wrong person via "Reply All" or typos.
    • Reputational Damage: Losing client trust after a security lapse.

    Does Microsoft 365 encrypt my emails automatically?

    Microsoft 365 provides encryption options, but they aren't always enabled by default for every message. Users often need to manually select encryption in the "Security Settings" or "Properties" menu before hitting send, or an administrator must set up specific mail flow rules.

    What is "Encryption at Rest"?

    Many security tools only protect email while it is moving (in transit). Encryption at rest ensures the email remains encrypted while it is sitting in your inbox or on a server. This adds a vital layer of protection in case a device is lost, stolen, or a server is compromised.

     

    Return To KnowBe4 Security Blog

    See KnowBe4 Cloud Email Security in Action

    Request a personalized demo today to see how KnowBe4's Cloud Email Security products will enhance your email security.

    Request a Demo

    Topics: Email Security, Cloud Email Security

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    We Train Humans & Agents
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.