Forum Discussion
AADSTS50020: protected PDF issue for external users
I have been recently (don't know when it was started) observed getting error from protected PDF (sensitivity label with user defined permission) file while trying to open that pdf via AIP viewer mobi...
Here is the observation:
- Tenant1 user protect pdf#1 with admin defined permission based sensitivity label where 'authenticated user' should be able to view file
- outcome:
- Windows device: If the user is microsoft or school account (other entra id tenant) then they can view that pdf via AIP client (aip viewer) from device but non-microsoft account - OK
- Windows device: If the user is non-microsoft or school account (like gmail.com, outlook.com or xyz.com) then they can't view protected pdf - NO OPTION to open protected PDF
- Android device: both microsoft (recipient entra id tenant) and non-microsoft account (like gmail.com) external user (not guest) with Android AIP viewer - UNABLE TO VIEW/OPEN protected PDF (keep getting above error: AADSTS50020) -
- outcome:
Here is the fact (poor product design):
- MIP App viewer on mobile (Android/iOS) DOES NOT support protected pdf for external (not guest) user and since MIP App viewer is going to deprecate by end of May 2026 there won't be any fix or improvement (as of July 2025)
- Adobe Mobile App DOES NOT support protected pdf for external (not guest) user (as of July 2025)
In summary, microsoft wants you to invite whole world as GUEST user if you need consistent user experience with protected content which is great example of poor product design and shipping things without enough coverage.