Forum Discussion

ashmelburnian's avatar
ashmelburnian
Brass Contributor
Jun 01, 2020
Solved

External users cannot open encrypted email

Hi all, I searched the communities but couldn't find the answers I need in regards to Office 365 Message Encryption.   We have a customer that wants to send encrypted emails from Outlook.   When ...
microsoft 365
  • PeterRising's avatar
    PeterRising
    Jun 04, 2020

    ashmelburnian 

     

    Hi, I received your test message and whilst I was unable to access it via the Gmail web interface, I was able to open it via Outlook using the AIP viewer.  This is going to be the only way that the Gmail users will be able to do this.

     

    As ChristianBergstrom pointed out, the options you are using for encryption are the built-in OME / and older default AIP templates.  I would recommend taking a look at updating your labels and policies.  Could be a good time to start looking to migrate to Sensitivity Labels from the Security and Compliance Center, as Microsoft are planning to "sunset" the older AIP method in 2021 as per https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179

     

    But, for the meantime, if you want Gmail accounts to access the encrypted emails, then Outlook and the. AIP viewer is going to be the way.

piekedahla's avatar
piekedahla
Copper Contributor
Jan 25, 2021

We had been using the previous version of OME; however, encryption via the mail flow rule that was set up stopped working for one user some time ago. Other accounts, and new ones, were not affected. Suddenly on December 16 the previous version of OME stopped working for all. We switched to the new version, Azure Information Protection. It works for internal staff members who are using the Outlook client. It does not work for external recipients, as described by telecaster below. We have read extensively on what to do, reviewed the steps provided below, and have run numerous PowerShell scripts that are published in Microsoft's extensive library. All our efforts have not brought us closer to collaborating securely with outside users, which we were able to do with the previous version of OME before December 16. And out internal users cannot decrypt their secure messages when signed in to Outlook Web Access e-mail. Does anyone have suggestions? Where do we go from here?

ChristianBergstrom's avatar
ChristianBergstrom
Silver Contributor
Jan 25, 2021

piekedahla Hi, this is a rather delicate subject trying to explain in the community. So I'm just going to start by saying that as I understand it you've been using legacy OME (only mail flow rules possible) and then you have moved on to AIP. What you could have done is to upgrade to the new OME instead of going over using AIP. OME is built on Azure RMS as part of AIP, securing only the email/attachments while AIP are securing the documents wherever they may be in all products and services. If you do use AIP labels right now you need to migrate to the sensitivity labels before March 31st.

 

You mentioned you have read extensively but I wonder if you been reading the associated docs? I'm attaching a couple of links, if it still doesn't make sense I recommend you contact Microsoft for assistance.

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/ome?view=o365-worldwide

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-worldwide 

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-version-comparison?view=o365-worldwide#migrate-from-legacy-ome-to-the-new-capabilities 

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide 

 

https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-migrate-labels 

Resources