Encrypt email with Advanced Email Security
Keep your sensitive information secure with email encryption. When you send email to external recipients, Advanced Email Security hosts the message in the encryption portal where only the sender and the intended recipient can access and view it.
Microsoft 365 automatically encrypts email sent within your organization. You only need to manually encrypt your email when sending to external recipients, like a client or vendor.
Send encrypted messages
To send an encrypted message, add [encrypt] or (encrypt) at the beginning of the subject line. This works on any email client and on any device, including mobile.
After sending the message, you'll receive an email confirming that the encrypted message was successfully sent. In the confirmation email, select View Encrypted Message to see the message.
You might be prompted to sign in to the encryption portal. To sign in with your email address and password, select Sign in with Microsoft. Or, to receive a sign-in link in your email instead of providing your password, select Sign in with email.
Receive encrypted messages
When you're the recipient of an encrypted message, you’ll receive an email notification. To access the message, select View Encrypted Message.
You’ll see a sign-in page to access the encryption portal. To sign in with an existing email account, select Sign in with Microsoft or Sign in with Google. Or, you can select Sign in with email to receive a link in your email. This option allows you to sign in without using a password.
View and respond to encrypted messages
When you're signed in, you'll see a list of sent and received messages on the leftmost side. The messages are sorted by date. Select a message to decrypt it and view it.
To send a response, select Reply. Your response can include attachments and HTML elements. Secured messages can't be forwarded or saved locally.
Limitations for encrypted messages
There are some limitations to keep in mind when sending and receiving encrypted messages with Advanced Email Security:
- Encrypted outbound messages must be less than 75 MB including attachments.
- Replies in the encryption portal must be less than 75 MB including attachments.
- By default, encrypted messages will be retained for 30 days.
Microsoft 365 limitations also still apply.