Forum Discussion
External people can't open files with Sensitivity Label encryption.
The current setup for Entra ID B2B cross-tenant access — covering both inbound and outbound configurations — aligns with best practices. However, instead of using “Allow all,” I suggest specifying key applications such as Microsoft Teams, SharePoint, and Office 365. Most importantly, ensure your client can open encrypted documents by permitting the Microsoft Rights Management Service (RMS) under the inbound access settings.
Thanks Samuel Agyei . When you say the current setup aligns with best practice, do you mean that having to add users as Guests or setup B2B Direct Connect with individual tenants is the way to do it? I've seen mention of permitting RMS under the inbound access settings, does that mean having that as a default for B2B Direct Connect or do you have to set up each external tenant separately and allow it for each one? And can you point me at instructions for how to do this please as I've searched and failed!
What I meant was to set up B2B collaboration with individual tenants and enable the Microsoft Rights Management Service (RMS) app. You don’t need to manually add users as guests — that quickly becomes an administrative burden.
The default cross-tenant access settings apply to all external organisations that don’t have customised, organisation-specific settings. If you’ve configured organisation-specific settings, you’ll need to allow inbound access for each of those organisations explicitly. You need to do this under B2B collaboration
https://learn.microsoft.com/en-us/entra/external-id/cross-tenant-access-settings-b2b-collaboration