External people can't open files with Sensitivity Label encryption.

Encrypted Sensitivity Labels often block external recipients because they must authenticate to your tenant to decrypt the file. The most practical approach is to have users share sensitive documents through SharePoint or OneDrive links instead of email attachments, as this automatically provisions a guest account for the recipient. For frequent partners, you can pre-create guest accounts in bulk, and for trusted organizations using Entra ID, consider enabling B2B Direct Connect—though it’s not realistic for everyone. Avoid enabling “Allow All” in B2B Direct Connect for security reasons, and train staff to use non-encrypted or partner-friendly labels when external sharing is necessary. This combination keeps sharing simple for users while maintaining security.