Forum Discussion
Best practice basics for Labels and DLPs to protect company data
Hello experts, I've been doing some research and testing recently on Information protection and DLP as I would like to deploy it in our organization soon. I am very new into this and found lots o...
Hi! ..thanks for your response!
so the situation for scenario when sensitivity label encrypts document is:
-when sharing externally with MS users, they can open it with no issue with their M365 desktop apps?
-when sharing externally with non-MS users (e,g, google workspace), I simply need to change label to a one that does not encrypt data, and send as unencrypted
is this how it works then? Do I understand it properly?
so the situation for scenario when sensitivity label encrypts document is:
-when sharing externally with MS users, they can open it with no issue with their M365 desktop apps?
-when sharing externally with non-MS users (e,g, google workspace), I simply need to change label to a one that does not encrypt data, and send as unencrypted
is this how it works then? Do I understand it properly?
I've just done some more testing with emailing office files that have encrypted Microsoft Word attachments. The Word document was assigned a sensitivity label with user-defined access.
In one test, I assigned an encrypted sensitivity label to the email. In the other test, I assigned a sensitivity label that does not apply encryption.
I sent the emails to an external Office 365 account and Gmail account that matched the sensitivity label permissions.
The external Office 365 recipient was able to view the email and attachments without any issues. Previously, I used to get an error when previewing attachments encrypted with user-defined permissions.
For the gmail recipient, the experience was different depending on whether the email itself was encrypted.
For the encrypted email, they were given a link to view the message on outlook.office365.com. This required them to authenticate with their Gmail account or get a one-time passcode to the same email address. They were also able to preview the Word document attachment on the same site.
For the unencrypted email, the gmail user was unable to preview the attachment.
An alternative option could be to send sharing links to the Google workspace users. That would allow them to view encrypted documents that they have been granted access to.
In one test, I assigned an encrypted sensitivity label to the email. In the other test, I assigned a sensitivity label that does not apply encryption.
I sent the emails to an external Office 365 account and Gmail account that matched the sensitivity label permissions.
The external Office 365 recipient was able to view the email and attachments without any issues. Previously, I used to get an error when previewing attachments encrypted with user-defined permissions.
For the gmail recipient, the experience was different depending on whether the email itself was encrypted.
For the encrypted email, they were given a link to view the message on outlook.office365.com. This required them to authenticate with their Gmail account or get a one-time passcode to the same email address. They were also able to preview the Word document attachment on the same site.
For the unencrypted email, the gmail user was unable to preview the attachment.
An alternative option could be to send sharing links to the Google workspace users. That would allow them to view encrypted documents that they have been granted access to.
- this was a great help!
I've tried to simulate the same and surprisingly, had the same results for gmail - when email is encrypted (can be even a different label than one used for attachment encryption), the attached encrypted document can be viewed in that temp outlook window. I did not even think to test it this way... 🙂
In this situation, I will put back "attachment to email" label inheritance as I have removed it due to issues with encrypted documents... However, looks like it will actually help 🙂
For Sharepoint - when sharing encrypted document externally with gmail account, I go through authentication, but then get error "Sorry something went wrong. An error has occurred on the server"
looks like sharepoint encrypted document sharing via link with external users (specified users) is the last bit that does not work... 😕
it is shared to "specific users", and encryption is allowing all authenticated users to access with Co-Author permissions.