Provided it is installed properly, the communication in an email system between the email client (e.g. Microsoft Outlook) and the email server (e.g. Microsoft Exchange) is realised via encrypted paths. The same applies to mobile end devices which communicate with the email server within an internal company network, for instance via Active Sync. Thus, all connections between the communication partners are secure.

However, one potential point of attack could be the

a.email server on which an administrator would have the option of unauthorised access.
To counter this, the email server itself can be encrypted, and access can be secured by means of the four-eyes principle.
 

b.email client as soon as access was gained and/or granted (representative).
Unauthorised access cannot be excluded even if the certificate for an end-to-end encryption is stored locally.