Forum Discussion
External users cannot open encrypted email
Hi, I received your test message and whilst I was unable to access it via the Gmail web interface, I was able to open it via Outlook using the AIP viewer. This is going to be the only way that the Gmail users will be able to do this.
As ChristianBergstrom pointed out, the options you are using for encryption are the built-in OME / and older default AIP templates. I would recommend taking a look at updating your labels and policies. Could be a good time to start looking to migrate to Sensitivity Labels from the Security and Compliance Center, as Microsoft are planning to "sunset" the older AIP method in 2021 as per https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179
But, for the meantime, if you want Gmail accounts to access the encrypted emails, then Outlook and the. AIP viewer is going to be the way.
piekedahla Hi, this is a rather delicate subject trying to explain in the community. So I'm just going to start by saying that as I understand it you've been using legacy OME (only mail flow rules possible) and then you have moved on to AIP. What you could have done is to upgrade to the new OME instead of going over using AIP. OME is built on Azure RMS as part of AIP, securing only the email/attachments while AIP are securing the documents wherever they may be in all products and services. If you do use AIP labels right now you need to migrate to the sensitivity labels before March 31st.
You mentioned you have read extensively but I wonder if you been reading the associated docs? I'm attaching a couple of links, if it still doesn't make sense I recommend you contact Microsoft for assistance.
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-version-comparison?view=o365-worldwide#migrate-from-legacy-ome-to-the-new-capabilities
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-migrate-labels
ChristianBergstrom, we already had reviewed all the articles you referenced. None of them help. We seem to be configured properly. Our mail flow rules work for internal users. Again, the previous version of OME worked for everyone until December 16. The new version never worked for outside recipients. We want them to be able to request a one-time passcode. They do not get the option. We also tried to enable those with Gmail and other major provider accounts the ability to to sign in. None of the steps we have taken have resolved the issue. We still cannot collaborate securely with our outside partners. The change in our ability to manage our encryption capabilities continues to be a mystery.
piekedahla Hello, well I have used and configured the new OME so that external users that are not using EXO for ex. but instead Gmail, Yahoo etc. use either a OTP or their Social ID sign-in, to enter the OME portal.
How does your IRM-config and OME-config and mail flow rules look like? You said you're using AIP now. That's quite different as OME only have the "Encrypt-Only" and "Do not Forward" as options. The other options you get from your client are based from AIP.
You can even force all external users to go to the OME portal https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-office-365-message-encryption?view=o365-worldwide#ensure-all-external-recipients-use-the-ome-portal-to-read-encrypted-mail
Out of curiosity does the rule look similar to this? (sorry about the quality)
I suggest you reach out to Microsoft for tech assistance. Something is obviously not configured properly.
Hi Folks just wondering if there is a simple fix to this yet? I am very much a non tech person just trying to help my wife send encrypted mail for her business via 365. All works fine as per the previous threads outlook to outlook but not with Gmail. All the advice in the previous threads looks too daunting for me to try! Hoping a simple fix has been found? Thanks Phil
