Thank you for reaching out to us.
Its not possible to use the distribution of encrypted documents for viewing without creation of guest accounts in Azure AD. Following are the options we have for distribution of encrypted documents with external counterparties
- One option is to create these guest accounts yourself. You can specify any email address that these users already use. For example, their Gmail address.
The advantage of this option is that you can restrict access and rights to specific users by specifying their email address in the encryption settings. The downside is the administration overhead for the account creation and coordination with the label configuration. - Another option is to use SharePoint and OneDrive integration with Azure AD B2B so that guest accounts are automatically created when your users share links.
The advantage of this option is minimum administrative overhead because the accounts are created automatically, and simpler label configuration. For this scenario, you must select the encryption option Add any authenticated user because you won't know the email addresses in advance. The downside is that this setting doesn't let you restrict access and usage rights to specific users. Reference:
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/secure-external-collaboration-using-sensitivity-labels/ba-p/1680498 - Refers to detailed steps on how to setup labels/define permissions.
Let me know if you have any questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.