Forum Discussion
Authenticated user very easy to steal
When you say "authenticatedusers permission", are you referring to the option "Add any authenticated user" option in the Azure portal? If yes, did you read up about this option, more information here and includes:
This setting doesn't restrict who can access the content that the label protects, while still encrypting the content and providing you with options to restrict how the content can be used (permissions), and accessed (expiry and offline access).
...
Some typical scenarios for the any authenticated users setting:
- You don't mind who views the content, but you want to restrict how it is used. For example, you do not want the content to be edited, copied, or printed.
- You don't need to restrict who accesses the content, but you want to be able to track who opens it and potentially, revoke it.
- You have a requirement that the content must be encrypted at rest and in transit, but it doesn't require access controls.
So if you want to restrict the email to specific Gmail users, you must use a different configuration. For example, specify the Gmail accounts in the label configuration (the admin controls the user access) or use the User-defined option of Do Not Forward (the user controls the user access). For different configurations that are possible, you might find it useful to look over the examples at the end of the documentation I quoted.
MicrosoftWhen you say "authenticatedusers permission", are you referring to the option "Add any authenticated user" option in the Azure portal? If yes, did you read up about this option, more information here and includes:
This setting doesn't restrict who can access the content that the label protects, while still encrypting the content and providing you with options to restrict how the content can be used (permissions), and accessed (expiry and offline access).
...
Some typical scenarios for the any authenticated users setting:
- You don't mind who views the content, but you want to restrict how it is used. For example, you do not want the content to be edited, copied, or printed.
- You don't need to restrict who accesses the content, but you want to be able to track who opens it and potentially, revoke it.
- You have a requirement that the content must be encrypted at rest and in transit, but it doesn't require access controls.
So if you want to restrict the email to specific Gmail users, you must use a different configuration. For example, specify the Gmail accounts in the label configuration (the admin controls the user access) or use the User-defined option of Do Not Forward (the user controls the user access). For different configurations that are possible, you might find it useful to look over the examples at the end of the documentation I quoted.
Helo,
And thank you! Yes you have understood me correct.
This explains what i didnt get.
But is there a way to ensure only the external emailaccount you send to can open the dokument?
will do not forward button solv that?
regards
Tor Marius
- Carol Bailey
Yes, you can use the Do Not Forward option - which means that end users rather than admins control who can open the email. You can implement the Do Not Forward option in many ways, which does include the Do Not Forward button as an Azure Information Protection policy setting. But you can also implement it with a label that is displayed only in Outlook, with the user-defined permissions configuration (see the first example in the link I provided). When you use this configuration rather than the Do Not Forward button, it has the benefit that the email is classified as well as protected.
Helo, again :)
i am trying to send a mail with an attacment and only want the email to be cryptated, not the attachement.
how can i proceed to do that?
when i use the do not forward button, the receiver can not download and edit the document.
that happens even if i have set a label with no restrictions on the dokument.
appreciate anny help.
