Email sent over the internet should be considered more of a postcard rather than a letter in an envelope.  Parts of the emails' journey may be encrypted, but the email itself is not.  Because of this, sensitive information such as credit card numbers and social security numbers should never be sent through an unencrypted email.  If you attempt to send an email outside of our organization and it contains detectable sensitive information, the email will not deliver, and you'll receive a bounce-back notification email similar to this:


To safeguard sensitive information sent through email, your message should be encrypted.  The easiest way to encrypt a message is through Outlook Online on Office 365.  You can access Outlook Online through https://outlook.office365.com/.  Because encryption needs to interact with Office 365's website, encrypting emails through Outlook on the desktop is not easily done.  


When you create an email in Outlook Online, you'll see the following:



Click the Encrypt button, and you'll see the following:



Complete your email as you normally would, and send the message.  The recipient will not receive your email in their inbox.  Instead, they'll receive something that looks like this:


When they click Read the message, they'll be directed to a page similar to this:


If the recipient has a Microsoft account associated with the email address the message was sent to they can sign in with those credentials.  Otherwise, they can click on Sign in with a One-time passcode. That will send a one-time passcode to the email address the encrypted message was sent to.  When entered, the original email containing sensitive information will be displayed.


As you can see, it's a multi-step process that isn't appropriate for all email but can be used to encrypt email that contains sensitive information that would normally be blocked (for good reason) by our mail server.