Forum Discussion
External people can't open files with Sensitivity Label encryption.
That's certainly how we want it to work, but does add another question. One of the documented benefits of forcing authentication is that you have an audit log of who has opened a document. But if the external recipients aren't authenticating back to your tenant, how / where would this audit log be available?
And the other question is obviously "what is stopping external people opening docs we send out?" ... and why does almost every other organisation seemingly have the same issue? Really can't face 17 hours on calls and a gazillion emails with Microsoft Support to not solve the issue.
I really don't know what to say. I cannot see your tenant settings so don't know what might be happening. Microsoft support can check things out, which is a good reason to get them involved.
As another test, I sent a protected email to a new contact in Microsoft. I have many guests from Microsoft in my tenant, but this wasn't one. He was able to open and read the email, and was perplexed because he couldn't reply to it due to access rights kicking in...