Hey everyone! I've been working with Azure Information Protection (AIP) and I've hit a bit of a snag. When I email AIP-encrypted attachments, the recipients can view the email just fine, but they can't open the attached files unless they have a Microsoft account (like Entra ID or Microsoft 365). This makes it tough when I need to send confidential documents to external partners who aren't using Microsoft services or aren't in our Azure AD tenant. I'm looking for a way to keep the encryption for security but also allow these external recipients to access the files without needing to create an account. Has anyone experienced this? I'm curious if there are any alternative settings in AIP, Purview, or MIP labels that might help. I'd really appreciate any insights!
2 Answers
I don’t have a solid solution either, and to be honest, it hasn’t been pressing enough for us to prioritize. A workaround we've suggested is for the end users to zip files before attaching them to encrypted emails. In theory, the email gets encrypted, and while the individual files inside the zip aren’t protected by AIP, it does mean that users don’t need to log in to access them. Just a thought! Also, we have a pretty strict policy for guest accounts, so if someone needs to share files with guests, they’ll have to go through a specific process to get that set up.
I might have a solution, but I'm currently on holiday in Ibiza. If you send me a message, I can share how I got around this using Purview and Exchange Online. Just a heads up, Purview isn't the crux of the issue; it’s actually a setting in Exchange Online that you can only tweak via PowerShell.
I'd love to hear more about your solution when you get a chance! From my experience, you don’t need an account if the recipient is authorized; they can log in with a code. It’s been a while since I tested it, though—it’d be good to retest.