Office 365 Email Encryption

Email is extensively used by businesses as a convenient way to instantly communicate important information internally and with customers, partners, suppliers, and shareholders, but email communications are not secure by default. Businesses that use Office 365 for email should seriously consider implementing Office 365 email encryption to ensure that their messages – and the sensitive data they contain – are protected against unauthorized access.

Why Email Encryption is Necessary

Email started to be extensively adopted by businesses in the 1990s and for the past two decades email has been the main method of business communication. Email was developed for convenience, but security has never been a key consideration. Email security solutions can be deployed to block spam/junk email and to prevent phishing emails and malware from reaching inboxes, but they will not protect against unauthorized access and tampering of emails in transit. Protecting emails in transit requires Office 365 email encryption.

Protection of emails in transit should not be overlooked. Emails often contain highly sensitive information, and they are an attractive target for cybercriminals. Emails can contain sensitive company information that other businesses could use to gain a competitive advantage. Sensitive business information in emails could affect share prices if leaked, and it is common for emails to contain personal data. If personal data in emails is compromised, businesses would be at risk of compliance fines for violations of laws such as the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA), and General Data Protection Regulation (GDPR) to name but a few. Office 365 email encryption solves these issues and ensures emails are protected from the instant they are sent until they are opened by the intended recipient. If the emails are intercepted, the message content and attachments cannot be read.

Email encryption also protects against accidental data exposure. Even diligent employees make mistakes from time to time and accidentally send emails to the wrong person, or accidentally reply to all and send sensitive information to the wrong people. In healthcare for example, an email containing patient data that is sent to the wrong person is an error that can have serious repercussions. Office 365 email encryption solutions can be configured to ensure any email containing sensitive data is automatically encrypted to prevent interception in transit. There are also effective message recall and remote deleting options, and reporting options to determine whether messages have been opened to determine if there has been a reportable data breach.

Office 365 email encryption can protect against targeted and accidental email breaches, helps with compliance with state, federal, and industry regulations, and can protect against data loss and prevent costly litigation costs. Ensuring only the intended recipients of emails can open messages also protects against brand damage and long-lasting loss of reputation.

Office 365 Email Encryption Options

There are many different methods used to encrypt emails, with the two most common types being transport level encryption and end-to-end encryption.

Transport Layer Encryption

Transport Layer Encryption is usually the cheaper option and will protect against unauthorized access in transit. This protocol is also used to protect connections between a web browser and a website via HTTPS. This method encrypts emails between the sender and receiver during transit to prevent interception and message tampering. In order for this protocol to be used, the sender and the receiver must both support TLS. TLS is extensively used for email encryption, but what happens if the recipient does not support TLS? While this would put emails at risk of being read by unauthorized individuals, some vendors get around this issue by routing messages to a secure web portal if TLS is not supported or other conditions are not met. The intended recipients can then authenticate to the portal to view a message. One of the advantages of TLS is that this method does not cause workflow problems, as the sender and recipient do not need to take any actions to view the content of messages. This method also does not require software installations.


Pretty Good Privacy (PGP) and S/MIME are two of the most common methods of providing end-to-end encryption for email. PGP is an end-to-end encryption solution that uses both symmetric and public keys for encryption and algorithms for hashing, compression, and cryptography. An email is encrypted with a session key and the session key is encrypted with a public key. The recipient gets the encrypted message and encrypted session key, then uses a private key to decrypt the session key, which allows the session key to decrypt the message. PGP is considered the gold standard for email encryption but does require a software client running on an endpoint or a plugin. S/MIME – Secure Multi-Purpose Internet Mail Extension – uses a digital signature and asymmetric cryptography to secure emails, which requires the recipient organization to obtain the key directly from the certificate authority.

Benefits of Office 365 Email Encryption

Office 365 email encryption will protect against the interception of emails in transit which provides several benefits:

  • Ensures only intended recipients can view emails and attachments
  • Protection against disclosures of sensitive data
  • Prevents employees sharing unsecured data
  • Prevents employee misuse of email
  • Ensures compliance when sending regulated data
  • Encryption solutions provide information on who has read, printed, saved, delivered, and replied to messages
  • Helps to build trust with customers, partners, suppliers, and shareholders
  • Protects against reputation damage
  • Helps companies avoid costly email breaches and litigation