MIP encrypted labels documents for external counterparties

Shevchenko, Vladimir 41 Reputation points
2022-02-21T13:52:32.777+00:00

Please tell me. Can I use encrypted labels Azure Information Protection to exchange documents with external counterparties?

For example, I have a document labeled confidential. I specify an external recipient's email, view-only rights, and a timer on the calendar for the week of the appointment.

So far, I realized that in order to be able to specify an external recipient in the Microsoft Information Protection, I need firstly to create a guest account in Azure AD for this external email.

Is it possible to use the distribution of encrypted documents for viewing without creating accounts for external counterparties in the Azure AD?

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
519 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,543 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,699 questions
0 comments
Accepted answer
  1. Givary-MSFT 28,321 Reputation points Microsoft Employee
    2022-02-24T08:04:43.457+00:00

    @Shevchenko, Vladimir

    Thank you for reaching out to us.

    Its not possible to use the distribution of encrypted documents for viewing without creation of guest accounts in Azure AD. Following are the options we have for distribution of encrypted documents with external counterparties

    1. One option is to create these guest accounts yourself. You can specify any email address that these users already use. For example, their Gmail address.
      The advantage of this option is that you can restrict access and rights to specific users by specifying their email address in the encryption settings. The downside is the administration overhead for the account creation and coordination with the label configuration.
    2. Another option is to use SharePoint and OneDrive integration with Azure AD B2B so that guest accounts are automatically created when your users share links.
      The advantage of this option is minimum administrative overhead because the accounts are created automatically, and simpler label configuration. For this scenario, you must select the encryption option Add any authenticated user because you won't know the email addresses in advance. The downside is that this setting doesn't let you restrict access and usage rights to specific users. Reference:

    https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#sharing-encrypted-documents-with-external-users

    https://techcommunity.microsoft.com/t5/security-compliance-and-identity/secure-external-collaboration-using-sensitivity-labels/ba-p/1680498 - Refers to detailed steps on how to setup labels/define permissions.

    Let me know if you have any questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest