Forum Discussion
External people can't open files with Sensitivity Label encryption.
Encrypted Sensitivity Labels often block external recipients because they must authenticate to your tenant to decrypt the file. The most practical approach is to have users share sensitive documents through SharePoint or OneDrive links instead of email attachments, as this automatically provisions a guest account for the recipient. For frequent partners, you can pre-create guest accounts in bulk, and for trusted organizations using Entra ID, consider enabling B2B Direct Connect—though it’s not realistic for everyone. Avoid enabling “Allow All” in B2B Direct Connect for security reasons, and train staff to use non-encrypted or partner-friendly labels when external sharing is necessary. This combination keeps sharing simple for users while maintaining security.
Thanks Nilson_ , really reassuring to know my understanding wasn't way off the mark. It sounds like the options I listed were correct, and that sharing links are ideal wherever possible. We can also setup B2B Direct Connect with orgs we want to regularly share encrypted content with. The confusing thing is that I think TonyRedmond is saying that the external users should NOT need to be a Guest or for us to have B2B Direct Connect set up with their tenant. #StillSlightlyConfused