How to share confidential files

Question

Hi, not sure if this is the right channel please refer me to the rigth one if not.

We would like to share a report (stored in our SharePoint Online) with specific people at one of our clients (who also are in O365 by the way). I wanted to do this by restricting access on the file itself using the built in feature for this and then add those email adresses needed to allow specific people to read the file.

However, I ran into multiple issues.
1. When restricting access. No one else in my org. could retain full control access to the file (I want anyone in my org to be able to add recipients, make changes, print etc). Adding users to the list of people who can edit the file is not sufficient.

2. When people at our client clicks on the link they get a prompt saying "Sorry, Word cannot open this document in a browser because it is protected by IRM..." with no link or option to open in desktop instead.

3. when they try to open it from within e.g. Word they still cannot access even if their email-address is in the list of allowed readers.

4. It works if we send a copy of the file - but that is likely less secure and creates unneccessary redundance and diverging versions of the file.

What is the "proper" way of doing this?

vasilmichev · Answer

Protect the file via AIP/sensitivity label? The old IRM method is a bit outdated now...

erik wettergren · Answer

Thanks Vasil, I Will look into AIP.So, as I understand it, the method that is readily available for everyone is outdated and the preferred (aip) needs to be installed specifically for each user?Could AIP handle our scenario:* retain full control for all users in our org* block all access for externals* allow specific external users read access (But prevent them from sharing, copying, printing or taking screen shots)* work well with sharing (so we don’t need to attach a copy)?

moe_kinani · Answer

Microsoft Information Protection ( formerly AIP) should do the trick, you don’t have install AIP addin for each user as it’s part of O365 applications now. You just need to migrate your existing Labels from Azure Portal to Security Portal in O365 using Unified Labeling.

Hope this helps!
Moe

https://www.microsoft.com/en-us/us-partner-blog/2018/11/05/microsoft-information-protection-and-unified-labeling/

https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-migrate-labels

erik wettergren · Answer

Thank you Moe, very helpful!/Erik

erik wettergren · Answer

So, I finally got to try using Microsoft Information Protection and got a test label in place.It was completely hassle free to get it up and running and to be available in the Office Apps.However, when actually sharing a protects file I must be doing something wrong because it is exactly the same terrible user experience for the receiver as before. A popup screen saying the file cannot be opened in the online version of Word because the file protected by IRM - and with no way to open it as it should be opened (in desktop apps).I've worked together with MS support to do whatever is possible to ensure all docs are always opened directly in desktop apps wherever possible - but still this annoying "bug by design" occurs.

Forum Discussion

How to share confidential files

8 Replies

Resources