How to Apply Security Permissions to Emails in Outlook

People are often concerned with the confidentiality of their email content. Fortunately, Outlook has ways to change permissions on email with a few clicks.

As more and more information is exchanged through email, it’s important to think about the security and confidentiality of that information. What are the privacy concerns on the messages you are sending? What information needs to be sent using an encrypted email? How difficult is it to send an encrypted email?

Outlook offers solutions to many of these concerns with their permissions settings. This article will cover the basics of permissions in Outlook as well as how to enable them when sending a new message.

What are Outlook permissions?

Permissions can be applied by the sender when a message warrants it. Applying a specific permission is a 3 step process.

  1. Open a new email draft (or use one you are currently working on).
  2. Go to options
  3. Click on permissions

This will give you a few different options for setting restrictions and/or labels on your message and any attachments. We’ll go over the default options in a little more detail.

Use the drop down menu to set security permission on this email.


The basics: This message is encrypted, recipients cannot remove this encryption.

Use this when: This type of message requires encryption (such as financial information). Encryption will change the message from plain text to a coded message while in transit. When the recipient receives it, they can decrypt it to read the message.

The sender will see the Encrypt-Only message before sending their email.

What the recipient will experience: If they use Office 365, they can use the link provided in the email and open your message in webmail. If the don’t they will have to request a one time passcode to decrypt the email. This tends to require some coordination and expectation on the recipient.

This is a message received by a gmail user for an encrypt-only message.

Do not forward

The basics: Recipients can read this message but cannot forward, copy, or print the message.

Use when: You have concerns for intellectual property/confidentiality. This makes it difficult for the information to be spread beyond where you send it.

A note will appear at the top of the email composition indicating Do Not Forward is enabled.

What the recipient will experience: They will see a label that the message has the above restrictions. If they are not an Outlook user, they will have to log into the secure message center much like the encrypted email above. In any case, if they try to forward, print, or download the email, they will receive an error message.

If the user attempts to forward the message, it will not let them. Instead, it will display a lock icon.


The basics: Marking an email as confidential protects documents so only users with your domain (your company users) can access them.

Use when: You want to send a document that should not be shared externally.

The sender will get a message that defines the confidential persmissions setting.

What the recipient will experience: They will see the message marked as confidential but will otherwise have no issues accessing it. If it is sent to someone outside of your company they will be prompted to log into Office 365 and will receive an error message instead of being able to access the email.

Error messaged received after trying to access this message in the secure message center.


The basics: Using the internal permission setting marks documents for internal (your company) use only. However, this policy does not enforce internal only the way do not forward or confidential would. Its just a label.

Use when: You want to urge caution and discretion for internal emails, but don’t want to require anyone to have to be logged into Office 365 to access the information.

The sender can see that the message is marked as internal.

What the recipient will experience: For recipients within your company, there will be a label marking the email as internal. If an external recipient is added they will receive the secure message email and and error will occur when they try to open it.

This was received by an intenal email. The top is flagged that it is for internal use only.

Customizable permissions options

The above are the default options on the latest version of Outlook. However, your administration can set additional custom permissions if desired such as a certain permission set for finance emails. If you have an older version of Outlook installed, you may not see the same options as above. Always get the latest updates to Outlook and other Office 365 applications by getting a subscription model of Office 365.

Using these options, you can better protect the data you transmit and help ensure that information stays where it belongs. We recommend using this tool as a part of your information security policy. Don’t have a defined Infosec policy? Contact us to get in touch with a vCIO.

Valiant Technology is the award-winning managed service provider to innovative industries in New York.

Continue reading

Subscribe to Valiant's Monthly Email Digest

Valiant's monthly email digest is filled with original content written by our staff, tech news, and business insights.

    Get in touch

    Have a question or want to learn more about our services? Submit this form and you'll hear from a Valiant team member within 24 hours.

    Note: If you are a Valiant client with a support request, please email or call (646) 775-2771.

    Schedule a Meeting

    Our sales team is here to answer questions and explore the benefits of Valiant Managed service for your business.