Forum Discussion
Should I expect AWS to respect Azure Information Protection (AIP) protected e-mails?
MicrosoftJoe Cistaro can you describe what is an AWS session? are you referring to the Amazon Chime application?
The screen blocking is a function of the screen sharing application versus a function of the email. So while Teams may respect the information protection of emails, it sounds like you may be using an amazon product for your screen sharing which may not.
msExchangeDude Teams knows nothing about Office 365 Message Encryption, so it wouldn't apply any protection to messages with DNF set when displayed in a screen sharing session. All of which goes to prove that it's important people understand that encryption is not a perfect way to stop message content leaking. For instance, people can still take a screen photo of a message and send it to someone else with WhatsApp.
I have no idea what Amazon Chime might be doing with the display, but I suggest that this is their problem, not Microsoft's.
TonyRedmondand msExchangeDude thanks for replies. AWS=Amazon Workspace which is a Windows 10 desktop that lives in the Amazon cloud, domain connected and for all intents and purposes, the same setup as my laptop but virtual.
TonyRedmondTeams has some awareness I feel when Do Not Forward is selected for an Outlook mail. i.e. When I try and share my screen with a message protected by Office Message Encryption in MS Teams from my Windows 10 physical laptop, the remote users see a black screen. When I perform that same exact action from my AWS Windows 10 virtual desktop, Teams displays the e-mail during the screen sharing session.
We are aware that where there is a will there is a way, and bad actors can exfiltrate our data in other ways than forwarding a message or screen sharing.I was curious to know if others can reproduce this and help me to understand where I should be taking this concern. i.e. is MS responsible to ensure that their O/S (whether on a VM or physical machine) operates consistently or is the responsibility with Amazon in some way?
Teams doesn't know anything about the DNF-protected message because Outlook has already fetched a use license to decrypt and display the content before Teams gets a chance to show the message in the meeting window. As far as Teams is concerned, it's just displaying an Outlook message. I tried to replicate this issue in my tenant and couldn't using a physical Windows 10 workstation connected to an E3 or an E5 account.
