Encrypting emails in Outlook: A practical guide for businesses

Digital communication today is faster and easier than ever – but also more risky. Especially in business environments, sensitive data is exchanged via email every day: personal information, contracts, financial data or technical documents. Without encryption, this content is highly vulnerable to attack.

In this article, you’ll learn how to encrypt emails in Outlook – using S/MIME, Microsoft’s built-in options, or FTAPI. This way, you can choose the method that best suits your company’s needs.

Why should you encrypt emails in Outlook?

Emails are sent quickly, but they can easily be intercepted as they travel across the internet. Without encryption, attackers can read, manipulate or even extract files from messages. This becomes particularly critical when internal information or customer data is involved.

Encryption ensures that only the intended recipient can access the content. In effect, the message is placed in an encrypted vault that cannot be opened even if it is intercepted.

At the same time, companies have a legal obligation to protect data. Under Article 32 of the GDPR, they are required to safeguard personal data through appropriate measures – and encrypted transmission is explicitly one of them. Unencrypted emails can pose security risks and lead to data protection breaches.

Consistent encryption not only ensures compliance with legal requirements but also demonstrates to customers and partners that information security is part of everyday business practice.

How to encrypt emails in Outlook: An overview

Microsoft Outlook offers several ways to encrypt email messages – depending on which version you use and what security requirements apply in your organisation.

Here’s an overview of the main methods:

• S/MIME (Secure / Multipurpose Internet Mail Extensions) is an internationally established standard and the most common method for end-to-end encryption. Emails are digitally signed and encrypted using certificates. Outlook supports this standard and allows users to upload certificates obtained from a certification authority. While this provides a high level of security, it can be cumbersome to set up and maintain, as certificates typically have to be requested, installed, exchanged and renewed manually.

• FTAPI makes it easier: S/MIME is seamlessly integrated (available as an add-on), certificate management runs automatically, and FTAPI automatically selects the appropriate encryption method for each email during transmission based on intelligent rules – more on that later. With the FTAPI Outlook add-in, FTAPI’s own encryption can also be used directly within Outlook, independently of S/MIME.

• Microsoft’s own message encryption is available only to Microsoft Office 365 users. The previous Office 365 Message Encryption (OME) has now been replaced by Microsoft Purview Message Encryption. Here, encryption is performed server-side via Microsoft’s service. It is easier to handle but does not provide true end-to-end encryption.

In addition, you can password-protect an email attachment before uploading it to Outlook. This does not replace full email encryption but can serve as an extra security measure for less sensitive information.

Encrypting an Outlook message: The classic method

Depending on your Outlook version and the encryption method you use, different steps are required to send an encrypted email. Let’s first take a look at the methods that Outlook supports by default: manually configured S/MIME certificates and Microsoft’s own Office 365 message encryption.

Setting up S/MIME manually in Outlook

1. Install the certificate: Go to File > Options > Trust Center > Trust Center Settings. Under Encrypted email, add your personal S/MIME certificate.

2. Enable default encryption (new Outlook): Under Settings > Mail > S/MIME, you can choose whether to “Encrypt contents and attachments for all messages” and/or “Add a digital signature to all sent messages.”

3. Encrypt an email: Open and compose a new message. Click Options > Encrypt > S/MIME. Optionally, enable a digital signature. Then send the message as usual.

Important: In order for the message to be encrypted, both sender and recipient must have exchanged their public certificates in advance. Without this exchange, the recipient will be unable to read the email.

Using Microsoft Office 365 message encryption

1. Open Outlook and click New Email.

2. Go to the Options tab and click Encrypt.

3. Choose an encryption option, such as Encrypt-Only or Do Not Forward.

4. Send the message as usual.

Recipients with a Microsoft account can open the message directly in Outlook, while external recipients can access it securely via a Microsoft link in their browser.

Challenges of traditional encryption in Outlook

In practice, users often encounter limitations with these classic Outlook encryption methods. The following are some of the most common issues:

• Recipients without a certificate: S/MIME encryption requires both sender and recipient to have a valid digital certificate. If either party lacks one, the message usually cannot be encrypted or opened. This often causes problems when communicating externally with customers or partners.

• Complex certificate management: S/MIME certificates typically need to be requested, installed, distributed and renewed manually. This means extra administrative effort for IT teams and additional guidance for users.

• User-friendliness: Ultimately, secure email transmission depends on user behaviour. Many users are unsure how to send data securely, which encryption method to use, or whether the recipient even supports S/MIME. Mistakes are therefore almost inevitable.

Making it easier: Encrypting emails in Outlook with FTAPI

The effort required for certificates and manual settings often makes traditional email encryption in Outlook impractical.

FTAPI offers a simpler solution: it integrates directly into Outlook and automatically handles secure email transmission – either via FTAPI SecuMails or certificate-based S/MIME encryption.

Encryption with FTAPI + S/MIME

FTAPI has fully integrated S/MIME into its platform, providing comprehensive email security with no extra effort. Employees can write emails as usual, while FTAPI automatically manages encryption, decryption and digital signatures in the background.

Thanks to intelligent rules, the system automatically determines which encryption method to apply:

• If the recipient supports S/MIME, FTAPI automatically encrypts and decrypts the message according to this standard.

• If no S/MIME infrastructure is available, FTAPI seamlessly switches to its own SecuMail encryption.

This ensures that every message remains optimally protected – regardless of the recipient’s IT environment. Certificates are created, renewed and managed centrally in the background, without users having to take any action. This saves time and reduces the workload for IT teams. Everything is fully GDPR- and BSI-compliant and hosted in German data centres.

Encryption with the FTAPI Outlook add-in

With the FTAPI Outlook add-in, FTAPI’s own encryption can be integrated directly into Outlook – independently of S/MIME. This is particularly useful for users who are not required to use certificate-based encryption, frequently send sensitive and/or very large files, and already work within the Microsoft environment.

The best part: The FTAPI add-in is available for both the classic and the new Outlook. The version for the new Outlook is fully web-based.

How it works in the classic Outlook:

1. Create your email as usual: Enter the recipient address, subject and message text in the email window as you normally would.

2. Add attachments: Attach the files you wish to send securely. You can select files of any size using the standard Attach file function.

3. Choose security level and validity period (optional): Define the security level for your transmission and specify how long the files should remain available for download. These settings can also be managed centrally by your organisation.

4. Insert a download button (optional): You can add a Download button for attachments within your email – either manually or automatically at the end of the message.

5. Send securely: With one click on Send with FTAPI, the message and its attachments are transmitted with end-to-end encryption.

How it works in the new Outlook:

1. Open the add-in: Start a new email and open the FTAPI add-in via the ribbon (Apps) or the apps icon in the toolbar.

2. Launch FTAPI: In the add-in, click Open FTAPI. The task pane will appear on the right-hand side, where you can sign in, upload files and configure security options.

3. Sign in: The first time you use the add-in, enter your server URL (e.g. myaccount.ftapi.com). Then sign in – either via single sign-on or with your username and password.

Once logged in, you have two ways to send attachments securely:

• Upload in the task pane: Upload any large files you wish to encrypt by dragging and dropping them into the pane or selecting Browse files. These are always sent via FTAPI. You can set the security level, expiry date and language of the download button.

• Attachments directly in Outlook: Attach files as usual via Attach file or drag and drop. The transmission automatically uses the settings defined in the task pane (security level, validity period). With the task pane open, simply click the regular Send button in Outlook.

Recipients do not need an FTAPI account or add-in to open the message. They receive a secure download link and can access the data via a protected connection.

💡 Tip: You can learn more about encrypting attachments securely with FTAPI in our article “Encrypting email attachments: How to do it securely.”

Conclusion: Communicate securely – easily and in line with your IT environment

Ultimately, email encryption is no longer a nice-to-have but an essential part of modern information security. Companies face the challenge of protecting sensitive data reliably while maintaining efficient workflows.

Outlook provides solid foundations with its support for S/MIME certificates and Microsoft’s built-in message encryption, though these can be cumbersome to manage in everyday use.

This is where FTAPI comes in: with seamlessly integrated S/MIME and the Outlook add-in for FTAPI’s own encryption, email security becomes automated and embedded into daily operations – allowing users to focus on their work without worrying about technical details.