Email encryption

Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information. 

In this article:

How email encryption typically works

  • A message is encrypted, or transformed from plain text into unreadable ciphertext, either on the sender's machine or by a central server while the message is in transit. 

  • The message remains in ciphertext while it's in transit in order to protect it from being read in case the message is intercepted. 

  • Once the message is received by the recipient, the message is transformed back into readable plain text in one of two ways: 

    • The recipient's machine uses a key to decrypt the message, or 

    • A central server decrypts the message on behalf of the recipient, after validating the recipient's identity. 

Email encryption options

Using certificates for sender and recipients (S/Mime)

This option works with any email account that you have added to Outlook but requires your recipients to also use Outlook (or an S/Mime compatible email application). Both you and your email recipients must install and share encryption certificates.

Microsoft 365 Message Encryption (OME)

If you have a Microsoft 365 email account you can send an encrypted message using OME. This option does not require installing certificates and allows you to send encrypted messages to any email recipient.

When to use email encryption 

Email encryption should be used when sending information that is classified as Confidential or Restricted. Highly Restricted information should never be transmitted by email.

Comparison and use cases


 Certificates (S/MIME) 

 O365 Message Encryption (OME) 


 Certificates (S/MIME) 

 O365 Message Encryption (OME) 

Recommended for Confidential and Restricted information (see section above) 

When either your organization or the recipient's organization requires true peer-to-peer encryption. i.e. government agencies.  

Sending sensitive information to people inside or outside your organization.  

Ease of setup 

Moderate: Both you and your recipients must install certificates. 

Easy: no setup required, just select the option to encrypt (Microsoft 365 email required). 

Ease of use - sending encrypted messages 

Moderate: Sender and recipient must exchange keys in advance. 
In Outlook - Select options > More options > Security > Settings > Encrypt > Ok > Send 

Easy: In Outlook - Select options > Encrypt > Send 

Ease of use - receiving encrypted messages 

Moderate: Recipient must install certificate. 

Easy/Moderate: if you have a Microsoft account and you're using Outlook the message should just open. 

If not, a passcode is required. 

Mobile use 

Moderate: Certificates need to be installed on all devices. 

Easy/Moderate: if you have a Microsoft 365 account and you're using the Outlook mobile app the message should just open. 

If not, a passcode is required. 

Sending secure replies 

Easy: since recipient also installed certificate, they can send encrypted. 

Easy: replies are automatically encrypted. 

Email encryption instructions

Need help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.

Article feedback

If you’d like to share any feedback about this article, please let us know.