How to Encrypt Microsoft Outlook Emails and enhance Email Security

By: Standss Contributor , Mar 12th, 2024
Outlook Email Security

Email encryption is one way to protect sensitive information from being shared inappropriately with people who shouldn’t have it. In this article, we will show you two ways of easily encrypting emails sent from Microsoft Outlook to enhance Outlook email security.

Microsoft Outlook remains the prevailing communication method to exchange sensitive and confidential information, such as personal details, financial data, or business secrets.

Encrypting emails is important because many organizations are bound by regulatory mandates—such as GDPR, HIPAA, or PCI DSS—that demand stringent protection of sensitive data transmitted via email.

We will explore how you can use an Outlook add-in called SendGuard to trigger encryption as well maximize security for outbound emails for secure email communication.

What is Email Encryption?

Email encryption conceals the contents of your messages so that only the intended recipients can read it.

Encrypting emails plays a crucial role in safeguarding your data, as cybercriminals often exploit email communication to gain access to sensitive information.

How Email Encryption works?

Encrypting emails involves creating a public-private key pair. You share the public key with anyone who wants to send you encrypted messages, while keeping the private key secret for decryption. The sharing of keys is done behind the scenes by the encryption software.

When someone sends you an encrypted message, your email software uses your private key to unlock it, ensuring only you can read it.

Encrypting emails using SendGuard

SendGuard triggers the encryption (does not perform encryption itself) by adding a specific string to the subject line of the email or by tagging the email with an x-header (depending on what is required by your encryption program).

This feature is designed to work with any existing encryption software that you currently have including encryption available in Microsoft 365 plans and Microsoft Purview Encryption as well. Most software currently adds a checkbox to the Outlook ribbon that is too easy for users to miss.

Enabling this feature now ensures that users make a conscious decision on encryption for all emails that are sent out.

Two ways of encrypting emails using SendGuard

Encrypting emails using SendGuard can be done in two ways:

  • Manually encrypt emails from the SendConfirm screen
  • Set up rules to encrypt emails based on content and recipient(s)

Manually Encrypt Emails

SendGuard allows users to mark emails for encryption by choosing Yes or No on the SendConfirm screen.

Figure 1: The SendConfirm Screen to confirm emails sent

To enable manual email encryption, you’ll need to modify the registry settings. Administrators can deploy this configuration centrally.

For detailed instructions, please reach out to us at, and we’ll provide our Administrator’s Guide.

The process of editing the registry is outlined below to clarify how this method functions.

Please Note: We do not recommend that you make any registry settings yourself as doing so can affect your computer settings. If you are our existing customer, you can contact your account manager at Standss or drop us an email on to request assistance with implementing this feature.

The registry key that you need to edit is the _EncryptEmailAction. This setting controls where the encryption value will be added together. You can add the value before the start of the subject, end of the subject or the Xheader of the email.

A keyword (unique string) will be used to communicate to the encryption software to encrypt the email.

Figure 2: Edit Registry Keys

For the purpose of this blogpost, we will use the keyword Encrypt and this keyword will be added at the start of the subject.  Please be advised that you will need to use a keyword that your encryption software uses (you will need to find out from your IT admin).

Once the email gets sent, the encryption software will see the keyword and then encrypt the email accordingly.

As an IT admin you can chose to have Encrypt Email option turned on by default. The SendGuard setting screen can be locked as well to prevent users from turning off the Encrypt Email option.

Set up rules to Encrypt Emails

SendGuard can scan email/attachments for confidential information and encrypt emails if there is any sensitive information found inside the email or the attached file.

This is done through the SendRules component of SendGuard.  

Suppose we want to encrypt email attachments that have credit card numbers.

You can do this by creating a rule. SendRules uses the IF/THEN approach. We will create the rule using the IF statement as follows (see screenshot below):

Figure 3: IF screen of SendRules

SendGuard has pre-existing data loss prevention templates that you can use, or you can create your DLP policies.

I will add the following condition in the THEN statement:

Figure 4: THEN screen of SendRules

This will add the keyword Encrypt to the subject which will in turn tell the encryption software to encrypt this email. Please be aware that you will need to use a keyword that your encryption software uses.

While encryption is one way of protecting sensitive information there are other defences of preventing email threats.  SendGuard is an all-in-one SaaS based solution for outbound emails.

Here are other ways SendGuard protects your organization:

How to enhance Outlook Email Security?

While Microsoft Office 365 offers robust email security features, they can’t eliminate all threats.

To safeguard against email data loss and strengthen Microsoft’s native defences, consider using SendGuard to your manage data security and compliance needs.

Misdirected Email Protection

Monitor outbound email traffic and prevent users from accidentally sending emails to the unintended/wrong recipient caused by Outlook autocomplete errors. Ensure emails and attachments are sent to the intended recipient only.

Scan emails for confidential data

SendGuard has built-in DLP rules to scan email and attachments to detect credit card numbers, social security numbers, patient health information (PHI) and personally identifiable information (PII). You can also build your own DLP rules to define which data is sensitive to your organization.

Integration with Microsoft Information Protection Labels

SendGuard can be configured to detect sensitivity labels of the emails or attachments and warns users or block emails based on the labels prompting additional verification steps when necessary.

Reply-all Warning

To avoid unintentional spamming and sharing of confidential information it is important to double-check recipients before sending a reply-all response. SendGuard offers the ability to alert users when they’re replying to all recipients.

BCC Warning

If someone who was BCC’d on an email hits reply-all, their response will be sent to the original sender, in addition to other recipients in the TO and CC field.

This can cause major trust and privacy issues for those people who didn’t know that other people also received the email. SendGuard can warn you if you are about to reply-all to an email you are bcc’d on.

Encourage off-email Resolution

SendGuard allows you to reduce reply-all storms in your organization by prompting users to use Microsoft Teams or Phone Call rather than replying to an already cluttered email chain.

Implement SendGuard in your Organization

Talk to our sales specialist on on implementing SendGuard to enhance your outbound email protection. If you are our existing client, you can contact us to help you configure SendGuard to trigger encryption.

SendGuard for Outlook

Image Credit:

Image by on Freepik

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts


Get the free eBook

© , Standss (South Pacific) Limited. All Rights Reserved.