Can you keep Microsoft Outlook more secure?

If like many across the globe you use Microsoft Outlook to send and receive either personal or business emails, you may be wondering whether there is more you can do to protect your account. Emails can contain a lot of sensitive information, so it is natural to want to understand the privacy and security features that are built into Outlook. If you aren’t currently using all of those features, your email account may not be as secure as it could be. Luckily, this guide is here to help.

Microsoft Outlook Email

Below, we will walk you through all the most important settings necessary to shore up Outlook. We will also explain how to begin sending emails with strong encryption to ensure your data is protected from snooping and hackers.

Setup a password to protect your Outlook Data Files

Whether you use a standalone version of Outlook (2007, 2010, 2016, 2021) or Outlook on Office 365, the first thing you should do is set up a password for your Outlook data files (.pst). This will ensure that your personal data isn’t accessible if someone else uses your computer - or attempts to access your Outlook while you are away from a keyboard.

As soon as a password is set, you will be prompted for your password both when Outlook is launched and when a.pst file is opened.

  1. Open Outlook and click on the file tab in the top left of the window
  2. Click on Account Settings > Account Settings

    microsoft account settings

  3. Select the data files tab and highlight the Outlook Data File (.pst) that you want to password protect. On Office 365 you will see various types of Outlook data files (.pst files) including an archive file and inbox file. You want to password protect the inbox data file (inbox.pst) - so double click on that one.
  4. Click on Change Password

    change password under personal folders

  5. Now enter a password into the New password and Verify password boxes. The password should be robust, so ensure that it is a mix of upper and lowercase characters, numbers, and symbols.
  6. Click OK and the password will be set.

Remember that if you forget your password, you will be locked out of your Outlook Data File. Microsoft cannot retrieve lost passwords or accounts. So you must ensure that you can either remember your password - or that you have saved it in a secure password manager.

Choose a strong password

No matter whether you are selecting a password for logging into Office 365 or for an Outlook Data File, it is vital that you select a strong password.

Remember that if you are using Outlook at work or at school, it is possible that you are on a Microsoft exchange server. If this is the case you will need to talk to your local system administrator in order to set up a password.

Each password that you use (for each and every online account you own) should be unique. This will stop hackers from being able to access a secondary account should one happen to be penetrated. Strong passwords need to include upper and lower characters, numbers, and symbols.

The longer the password, the more secure it will be. For this reason, it is advisable to use a password manager in order to protect your Outlook (and all your other accounts) with strong unique passwords. Never pick obvious passwords such as birthdays, pet names, and other information that could potentially be guessed.

In addition, never leave your password lying around somewhere where it is easy to spot. A password on a post-it note that is stuck to your computer monitor may be convenient, but it also gives anybody with access to your PC easy access to your account.

Setup Dual Factor Auth

If you have moved over to using Outlook on Office 365, it is recommended that you setup dual factor auth (2FA). This will increase the security of your Office 365 account and protect all your emails.

Using the online Office 365 version of Outlook means that your password and 2FA method are always needed in order to log in. However, it is worth noting that if you leave the web client logged in - somebody could access your emails when you are away from your computer. For this reason, it is important to ensure that you regularly log out.

Make items private

Anybody using Outlook on an Exchange server can opt to make items private when they are created. When you make an item private, other users on the Exchange server can’t access any specific details for that item.

To make items private, click the private checkbox next to the items when you create them. Remember that other users with permission to access your folders will be able to open items unless you specifically deny them access.

Thus, to ensure that items are kept private, you must choose Options in the Tools menu and click on the Delegates tab. Now, select a user and click Permissions to deselect the Delegate Can See My Private Items check box. You will need to revoke access for each individual user.

Secure your folders

Password protecting individual folders is an excellent way to stop anyone accessing your private data. This can be crucial in a busy office where people are free to walk around desks unnoticed. To set up a password for your personal folders:

  1. Right click on your top-level folder, this is normally called Personal Folder
  2. Select Properties For Personal Folders
  3. While on the General tab click Advanced
  4. Click Change Password and enter a secure password in both fields


Selecting Save This Password In Your Password List will allow a would be hacker (or nosey colleague, family member, or housemate) to easily bypass this password protection. So, do not click this and instead ensure that you remember your password or store it in a secure password manager.

It is worth noting that you cannot password protect individual sub-folders. You can only password protect everything from the top-level folder.

Update Outlook

New vulnerabilities for browsers and software are discovered regularly. For this reason, it is important to regularly update your version of Outlook, as well as your browser, and your operating system.

Keeping your system updated with the most recent security patches for Windows Defender, as well as ensuring that you have up-to-date antivirus software - will stop you falling victim to viruses, spyware, rootkits, and trojans that could also give hackers access to your Outlook emails.

To check for updates, log into Office 365 and go to the Outlook Account Information window. Click Office Account in the menu pane to the left of your screen. The Microsoft Product Information window will now display. Click on Office Updates followed by Update Now to download and install the latest version. If you have office apps running, you may be prompted to restart them and your computer to make the updates complete properly.

Look for the trusted sender icon

When you receive emails, it is important to check for the green shield and trusted sender message. This will allow you to check the safety of a message that arrives in your inbox, particularly if something arrives that you are suspicious about. 

Anytime a message arrives in Outlook that does not have the trusted sender icon, it worth checking with the sender to verify that they actually sent the message; if not it could be a phishing attack.

Add contacts to safe and blocked senders lists

Adding a sender to your blocked senders list forces their messages to go to your Junk email folder. This is a good way to ensure unwanted emails are automatically filtered away.

Regularly update the password for your Microsoft account

In addition to updating the password for your Outlook Data Files and folders, it is essential to ensure that you regularly update the password for your online Microsoft account. To do so, follow these steps:

  1. Log in to your Microsoft account and click the profile icon in the upper right.
  2. Select View Microsoft account from the drop-down menu.
  3. Click Security from the menu that appears across the top of your screen.
  4. Click Change Password from within the security basics menu.
  5. Verify your identity via email or text code.
  6. Type your old password followed by a new password (you will need to enter it twice to set it).

Updating your password regularly protects against brute force attacks and phishing, which may have left your old password vulnerable to intruders. To be secure, you can set it to remind you to update your password every 72 days. If you have a password manager, you can use it to auto-generate a strong password each time you are asked to update it.

Check the address bar before logging in

Whether you use Outlook or Office 365, it is always worth checking the URL in the address bar to check that you are actually logging into the official website. Logging into your account from a link in an email or website could result in you accidentally handing your login credentials to a hacker.

Use encryption to send emails in Office 365

The only way to ensure that emails are protected in transit is to secure them using end-to-end encryption. Outlook for Office 365 provides users with the ability to send emails using S/MIME encryption and Office 365 Message Encryption.


Secure/Multipurpose Internet Mail Extensions (S/MIME) is a widely used protocol for sending digitally signed and encrypted email messages. This is the most recommended encryption that comes with Outlook.

To use S/MIME in Outlook, both the sender and recipient must have a mail application that supports the S/MIME standard. To send a message using S/MIME encryption it is also necessary to have added an S/MIME certificate to the keychain on your computer. After setting up the certificate on your computer you need to set it up in Outlook:

  1. Click File in the menu followed by Options > Trust Center > Trust Center Settings.
  2. Select Email Security from the window on the left.
  3. Under Encrypted email, click Settings.
  4. In the Certificates and Algorithms section, click Choose and opt for the S/MIME certificate.
  5. click OK

Information Rights Management

Office 365 Message Encryption is called Information Rights Management (IRM). It is an encryption method that is provided within Outlook it. To use IRM the sender must have Office 365 Message Encryption, which is included in the O365 E3 license.

To use this encryption method click on Options from within the compose window of a message. Select encryption and choose the setting that you require. The Encrypt-Only feature is only enabled for subscribers (Office ProPlus users) that also use Exchange Online.

Encrypting emails in Office 2010 or 2013

When it comes to encrypting messages within Office 2010, you have the option to either encrypt a single message or encrypt all outgoing messages. To encrypt a single message follow these steps:

  1. Compose a message and click on the Options tab.
  2. In More Options, click the small arrow in the lower-right corner.
  3. Select Security Settings followed by the Encrypt message contents and attachments checkbox.
  4. Compose your message, and then click Send.

If you choose to encrypt all messages by default, you will be able to write and send them without doing anything at the time. However, you must remember that in order for the recipient to decrypt those messages they will need your digital ID. To encrypt all messages follow these steps:

  1. Click the File tab in the top right.
  2. Click Options > Trust Center > Trust Center Settings.
  3. Click the E-mail Security tab, and under Encrypted e-mail select the Encrypt contents and attachments for outgoing messages check box.
  4. To select a specific certificate to use (S/MIME or Exchange Server Security) click Settings.

Use Mailvelope

If you prefer to send emails from within Outlook using strong PGP encryption, then it will be necessary to use the third party extension Mailvelope. The good news is that Mailvelope is very easy to use and will allow you to send PGP encrypted emails to any email provider that supports PGP.

Encrypt Outlook Emails

For more information about encrypting your outlook emails, check out our how to encrypt Outlook email guide. In this guide, we explain how to encrypt your Outlook emails using three different methods.

Setup IP Filtering

Another way to ensure that your Office 365 and Outlook is secure is to disallow extranet access to your business’ cloud services. By restricting which IP addresses can access your Office 365 account, it is impossible for a hacker to access Outlook even if they manage to get hold of an account credential and password.

However, it is worth noting that enabling this feature will mean that the email accounts are only available to staff members from outside of the office by setting up a VPN.


Outlook has a lot of native security features that can be used to ensure that your emails are well protected. No matter whether you are using a slightly older version of Outlook or the latest version that comes with the Office 365 subscription service - this guide will help you to make use of as many security settings as possible. 

If you want to take additional measures for securing your Windows PC then you should consider using a Windows VPN for Windows.

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 


There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: