Why Secure Your Emails with Encryption in Office 365

Encryption conceals email contents by transforming them into code. This results in protecting your sensitive information. Why? Let's find out.
Why Secure Your Emails with Encryption in Office 365

Why should you secure email with Office 365 email encryption?

Answer: to maintain your data's confidentiality.

Encryption conceals email contents by transforming them into code. This results in protecting your sensitive information. Why?

Emails - sent and received over the internet - are vulnerable to hacking, bad actors, phishing attacks, and more risks. Securing emails with encryption adds a vital layer of security protection. It also ensures that only the intended/authorized individuals (usually the intended receiver) will read the email.

So, in this article, we'll teach you how to set up email encryption in Office 365.

Phishing Statistics and Cybercrime

Phishing is a key cyber threat today - and is growing. Emails, being sent online, form the key target for increasing phishing attacks. This makes email communications now more riddled with cybercrime than ever.

Phishing attacks target key industries such as retail, Manufacturing, Tech, research and development, food and beverages, medical institutions, and education. Their goal is to mine customer data and use it for other financial fraud.

In 2020, 1 in every 4,200 emails was a phishing email campaign.

These cybercrime and phishing statistics show how it's now a worrisome trend:

  • According to IMB, over 80% of reported cybersecurity incidents are phishing attacks.
  • CISCO reports that 90% of data breaches occur due to phishing
  • IBM confirms that spear phishing is the most common phishing attack used by cyber criminals comprising 65% of all reported phishing attacks.
  • In 2021, employees received an average of 14 malicious emails a year, according to Tessian research.
  • The retail industry was the highest hit, with workers receiving an average of 49 malicious emails.
  • CISCO also reported a 7.3% increase in email-based cyberattacks in 2021 than in previous years, with the majority being phishing campaigns.
  • Phishing attacks peak during holidays and soars by 52% in December, typically around Thanksgiving, Black Friday, Christmas, and New Year.
  • Over 96% of recorded cyber attacks infiltrate through phishing emails.
  • The most common phishing email subject lines are Urgent, Payment, Attention, Important, and Request.
  • Most phishing attacks target credentials (passwords, logins, usernames, PINs), Personal information (address, name, email, location, etc.), and Medical information.

Most phishing attacks result in a massive impact on organizations as follows:

  • 50% of accounts and credentials compromised
  • 60% data loss
  • 47% ransomware malware
  • 29% of other malware attacks
  • 18% financial loss due to cyberattacks and phishing

Importance of Email Encryption

Why encrypt your email with Microsoft 365 Message Encryption?

There's an increase in cyber schemes like spoofing and phishing. They are so prevalent, attacking both small businesses and corporates.

So, there are many reasons to encrypt your email on Office 365. Here are 3 key ones:

  • Prevent security breaches and accompanying data theft. Having email encryption provides an added security layer for cyber defense. This ensures that only the intended/authorized recipient will read the email. The emails stay protected against potentially malicious links that can expose the data to breaches, phishing, etc.
  • Protect confidential information and privacy. Encryption hides the identity of the email senders or recipients, preventing sensitive information and data from reaching an unintentional audience.
  • Saves money. You won't need to set up a dedicated encryption server. Data breaches and ransomware demands also don't come cheap, but email encryption prevents both.

When should you encrypt an email?

Simple answer: All the time.

You must always protect your email messages, keep their privacy, and protect your business from phishing and cyber-related risks.

Here's an example you can understand clearly: Can you send a confidential letter on a postcard? Yes, that's the same thing as sending a message through an unencrypted email. They both share the risk of exposure, which isn't what you want. It exposes your email to identity theft, cyber-attacks, and financial losses. So, it's important to encrypt your email to prevent these negative consequences.

How does encrypted email work?

Answer: Email is text. If unencrypted, it goes as text. When encrypted, the encryption converts the message from readable plain text to a scrambled cipher (code) text no one else can read except the intended recipient.

Let me explain.

Email encryption is 2-way. First, the sender uses a recipient's public key to encrypt the text. Second, the recipient decrypts the email/message to read the text using a private.

Here's where the protection comes in: The recipient's private key must match the public key for the email to be decrypted. Otherwise, no one can read the text. This is called end-to-end encryption.

The encryption's private key is stored on the recipient device or server.

An encrypted email keeps the message encrypted (ciphertext) as it transits the receiver to protect it from being opened if it's intercepted.

So, as you can see, email end-to-end encryption prevents unintended recipients or third parties from accessing or reading the message at any point, even in transit.

How to set up email encryption in Microsoft 365 (Office 365)

We've all been here, stuck on what to do. If it's email, you want to call the IT guy, but he/she's away or held up. So you're left tapping your pen or looking at your computer like, what now!

Well, here's the news: setting up Office 365 email encryption is a straightforward process.

Summary: In an email message, choose Options, select Encrypt and pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward. Note: Microsoft 365 Message Encryption is part of the Office 365 Enterprise E3 license.

But don't be in a hurry.

Before we go through the setup, there are a few prerequisites you need:

  1. Office 365 subscription with email encryption capabilities [such as Office 365 Personal or Family and Office 365 Corporate] can come with Exchange Online. Office 365 corporate also includes cybersecurity features for businesses, such as anti-malware, anti-spam protection, etc.
  2. Rights To email management enabled. Office 365 encrypted emails will need to run on the Azure Rights Management platform. You need to keep this enabled and working; otherwise, when disabled, it may hinder your email encryption. To check if it's enabled, here are the steps to follow:
    1. Go to Microsoft 365 admin center or Azure portal.
    2. Sign in using your Microsoft 365 account
    3. Go to the Azure Information Protection panel > Manage Menu Options > Protection Activation.
    4. Proceed to the Activate window and confirm.

Once you see that it's activated or confirmed, proceed to the encryption setup. Use the steps below:

  • Configure Azure information protection tenant key. Microsoft manages this tenant key, but you cna as well configure it to work as you want. We recommend that you let Microsoft manage it.
  • Verify Microsoft 365 tenant configuration. Is your Microsoft 365 tenant configured through Exchange Online PowerShell? Check and verify. To do this, connect to PowerShell through a Microsoft 365 tenant account (must have global administrative permission). You'll also need to run the Get-IRMConfiguration cmdlet, then follow the commands. This should show you the configuration.
  • Define your email service's rules of mail flow. Go to the Admin center> Exchange page > Mail Flow > Rules. Then, modify message security and apply different encryption rights and protection to Office 365 emails.

Now, you can easily send an encrypted email within the server service. Try it out as shown below.

Send encrypted email from Office 365 [to third-party]

Once your encryption set up is complete, you can send an encrypted email from Office 365 to a third-party email service to see if it's working. Use these steps:

  1. Open Outlook Online and go to email.
  2. Click "Compose a new email."
  3. Now, choose "Encrypt" in the toolbar.
  4. If you don't want the email to be forwarded, click the "Change Permissions" option. The email won't be forwarded after its decryption.
  5. Finally, compose your email message > input your intended recipient > add a signature (optional) > then hit send.


You may or may not see the 'encrypt button. But this depends on your Office 365 setup and layout. But you may see three dots that will open up email adjustments/commands and encryption that don't fit the native screen size.


It's important to enabling Office 365 email encryption to protect personal and company data. You'll also prevent phishing and data breaches in the process. Have you managed to set up the encryption?

Now, if you’ve read this article up to here, we thank you :)

Now, one more thing…

Ask us any other questions left unanswered. We have experts who would love to help. Or, you can just visit our help center or blog sections.

Also, subscribe to our newsletter to keep up with everything tech, get Windows, Office, and productivity software at wholesale prices, and get troubleshooting articles.

Finally, please share this article with your friends and colleagues using the social media buttons therein.

Recomended Articles

» Step by Step Guide to Set Up Office 365 Business eMail
» Why You Should Block Microsoft Legacy Authentication
» Mobile Device Management (MDM) for Microsoft 365: Ultimate Guide
» How to Keep Your Data Safe When Using Microsoft Office 365
» Differences Between Microsoft 365 vs. Google Workspace
» Microsoft 365 Data Loss Prevention: Guide to Data Protection and Compliance