Forum Discussion
Solved
Sensitivity Labels & External Sharing
Can anyone help, please? We've rolled out sensitivity labels for emails and we're experiencing an issue with external recipients accessing downloaded attachments. In particular, when an encrypted ema...
PavIT5 I use these 2 solutions:
-Microsoft 365 Message Encryption (OME)
Microsoft 365 Message Encryption (OME) can be a simpler solution to send encrypted emails externally, including attachments. This method ensures that external recipients can access the protected content securely through a web portal, avoiding compatibility issues with on-premises software.
External recipients access the email through a secure link, open the message in their browser, and view the attachments directly. This reduces the possibility of format conversion issues during download.-Using a secure portal for external sharing
Use a secure portal or cloud sharing platform to send encrypted emails with attachments. This allows the recipient to access the files without having to deal with compatibility issues during download.
Instead of attaching the file directly to the email, you upload it to a secure cloud service (such as OneDrive, SharePoint, or another service), and the recipient accesses the file through a link. You can apply encryption and sensitivity labels to the document in the cloud, but the recipient views it through a web interface, avoiding download conversion issues.
Recipients can view and download the file without encountering format conversion issues.
You can control access rights, monitor downloads, and even revoke access if necessary.
micheleariis The recipients are external and use all sorts of apps. I was able to replicate the issue with iPhone Gmail app and a Gmail account.
PavIT5 Some file types, such as Office documents (Word, Excel, PowerPoint), when encrypted with sensitivity labels, may require a compatible application to open properly. If external recipients do not have the appropriate software or do not have the correct permissions configured, the conversion to .xml issue may occur.
If recipients use a different email client (for example, not Outlook), they may not handle encrypted files correctly.
Check your sensitivity label settings to see if there are options to allow easier access for external users, especially for files other than PDF.
- Thank you for this clarification. So, what is the common practice then for when you need to send encrypted emails externally with documents containing sensitive information attached? There's no way of knowing what apps all external recipients use.
PavIT5 I use these 2 solutions:
-Microsoft 365 Message Encryption (OME)
Microsoft 365 Message Encryption (OME) can be a simpler solution to send encrypted emails externally, including attachments. This method ensures that external recipients can access the protected content securely through a web portal, avoiding compatibility issues with on-premises software.
External recipients access the email through a secure link, open the message in their browser, and view the attachments directly. This reduces the possibility of format conversion issues during download.-Using a secure portal for external sharing
Use a secure portal or cloud sharing platform to send encrypted emails with attachments. This allows the recipient to access the files without having to deal with compatibility issues during download.
Instead of attaching the file directly to the email, you upload it to a secure cloud service (such as OneDrive, SharePoint, or another service), and the recipient accesses the file through a link. You can apply encryption and sensitivity labels to the document in the cloud, but the recipient views it through a web interface, avoiding download conversion issues.
Recipients can view and download the file without encountering format conversion issues.
You can control access rights, monitor downloads, and even revoke access if necessary.- Thanks very much for confirming this. This is very helpful. One more question though. Does it mean that I'd need to create a separate SharePoint site for external sharing in case I have a policy preventing downloads from SharePoint (and OneDrive) on unmanaged devices? Or is there a better way?
