Forum Discussion
AIP - Am I missing something with "Recipient Only" label used with "View only" AIP permissions?
Am I missing something here or how do you handle this?
I am implementing AIP for the first time. I have a "Specific Recipients" sub label under "Highly Confidential" that allows the user to define custom permissions for users.
From my testing it looks like a user cannot assign an external user “view only” permissions on a document (via their PC) as when they share a link to that file with that user via SharePoint/OneDrive – the user won’t be able to read it in Office on the web as it won’t support this type of “specific permission” defined method for this external user and the external user can’t download it either and read it locally as they only have view only permissions which restricts download. Resulting in the user not being able to access or read the file.
How do you give an external user "view only" permissions via a label that is set to allow "custom permission" (in a way that results in them being able to view the file either via office on the web or locally through their desktop office application)?
6 Replies
Hi, have you looked into Allow or block invitations to B2B users from specific organizations?
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-list
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-listAzure portal.
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-listAzure Active Directory > Users > User settings.
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-listExternal users, select Manage external collaboration settings.
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-listCollaboration restrictions, select Allow invitations only to the specified domains (most restrictive).
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-listTARGET DOMAINS, enter the name of one of the domains that you want to allow. For multiple domains, enter each domain on a new line.
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-list
I have had labels work in the way you describe if I have understood you correctly. Would you be able to share screen shots of what you have tried please?
Hi Peter
See attached.
Test 1 - File with AIP View only permissions created on PC and sent to Gmail user. Gmail user downloads attachment but cannot open. Microsoft Word says user does not have permission.
Test 2 - File with AIP View and Edit (Receiver) permissions created on PC and sent to same Gmail user. Gmail user downloads attached and can open the file successfully.
OK, so on replicating your test 1, I cannot open the view only file in word online. I'm prompted to download, and when doing so I can successfully open the doc in full word.
