Action

Office 365 Message Encryption capabilities make it easier to share protected emails with anybody—inside or outside your organization. Follow the instructions below to encrypt specific messages you send.

Instructions

Outlook for Windows

In an email message, choose Options, select Encrypt and pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward.

Encrypt button options

Outlook for Mac

In an email message, choose Options, select Encrypt and pick the encryption option that has the restrictions you'd like to enforce, such as Do Not Forward or Encrypt-Only.

Showing Encrypt button in an email message

Outlook on the web

Go to the top of the message and select more options > Message options.
Select or deselect Encrypt this message (S/MIME).

If you encrypt an outgoing message and Outlook on the web can’t verify that all recipients can decrypt the message, you’ll see a notice warning you which recipients might not be able to read the encrypted message. You can then send the message anyway, remove those recipients, or retry to check again.

Outlook on the web requires a Windows desktop device to support S/MIME. S/MIME isn't available in Outlook on the web on Mac, iOS, Android, or other non-Windows devices.

One of the three most recent versions of Edge or Chrome is required to send and receive encrypted messages, digitally sign messages that you send, and to verify digital signatures on messages that you receive.

Additional Information

Permission Level Descriptions

Unrestricted Access: There are no restrictions in place. This is the default option.
Encrypt-Only: When this option is selected, the email is encrypted and recipients must be authenticated. Then, the recipients have all usage rights except Save As, Export and Full Control. This combination of usage rights means that the recipients have no restrictions except that they cannot remove the protection. For example, a recipient can copy from the email, print it, and forward it. (https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#encrypt-only-option-for-emails)
Do Not Forward: When the Do Not Forward option is applied to an email, the email is encrypted and recipients must be authenticated. Then, the recipients cannot forward it, print it, or copy from it. For example, in the Outlook client, the Forward button is not available, the Save As and Print menu options are not available, and you cannot add or change recipients in the To, Cc, or Bcc boxes. (https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-option-for-emails)
University at Albany – SUNY – Confidential: The message is not encrypted, but the recipient is restricted to the following abilities: View, Open, Read; Save As, Export; Copy; View Rights; Change Rights; Allow Macros; Print; Forward; Reply; Reply All; Save; Edit Content, Edit; Full Control (https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#rights-included-in-the-default-templates)
University at Albany – SUNY – Confidential View Only: The message is not encrypted, but the recipient is restricted to the following abilities: View, Open, Read; Copy; View Rights; Allow Macros; Print; Forward; Reply; Reply All; Save; Edit Content, Edit (https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#rights-included-in-the-default-templates)

Reading an Encrypted Email Message

https://support.microsoft.com/en-us/office/how-do-i-open-a-protected-message-1157a286-8ecc-4b1e-ac43-2a608fbf3098

Need more help? Contact the ITS Service Desk.