Forum Discussion
Sensitivity Labels & External Sharing
PavIT5 I use these 2 solutions:
-Microsoft 365 Message Encryption (OME)
Microsoft 365 Message Encryption (OME) can be a simpler solution to send encrypted emails externally, including attachments. This method ensures that external recipients can access the protected content securely through a web portal, avoiding compatibility issues with on-premises software.
External recipients access the email through a secure link, open the message in their browser, and view the attachments directly. This reduces the possibility of format conversion issues during download.-Using a secure portal for external sharing
Use a secure portal or cloud sharing platform to send encrypted emails with attachments. This allows the recipient to access the files without having to deal with compatibility issues during download.
Instead of attaching the file directly to the email, you upload it to a secure cloud service (such as OneDrive, SharePoint, or another service), and the recipient accesses the file through a link. You can apply encryption and sensitivity labels to the document in the cloud, but the recipient views it through a web interface, avoiding download conversion issues.
Recipients can view and download the file without encountering format conversion issues.
You can control access rights, monitor downloads, and even revoke access if necessary.
PavIT5 Some file types, such as Office documents (Word, Excel, PowerPoint), when encrypted with sensitivity labels, may require a compatible application to open properly. If external recipients do not have the appropriate software or do not have the correct permissions configured, the conversion to .xml issue may occur.
If recipients use a different email client (for example, not Outlook), they may not handle encrypted files correctly.
Check your sensitivity label settings to see if there are options to allow easier access for external users, especially for files other than PDF.
PavIT5 I use these 2 solutions:
-Microsoft 365 Message Encryption (OME)
Microsoft 365 Message Encryption (OME) can be a simpler solution to send encrypted emails externally, including attachments. This method ensures that external recipients can access the protected content securely through a web portal, avoiding compatibility issues with on-premises software.
External recipients access the email through a secure link, open the message in their browser, and view the attachments directly. This reduces the possibility of format conversion issues during download.-Using a secure portal for external sharing
Use a secure portal or cloud sharing platform to send encrypted emails with attachments. This allows the recipient to access the files without having to deal with compatibility issues during download.
Instead of attaching the file directly to the email, you upload it to a secure cloud service (such as OneDrive, SharePoint, or another service), and the recipient accesses the file through a link. You can apply encryption and sensitivity labels to the document in the cloud, but the recipient views it through a web interface, avoiding download conversion issues.
Recipients can view and download the file without encountering format conversion issues.
You can control access rights, monitor downloads, and even revoke access if necessary.- Thanks very much for confirming this. This is very helpful. One more question though. Does it mean that I'd need to create a separate SharePoint site for external sharing in case I have a policy preventing downloads from SharePoint (and OneDrive) on unmanaged devices? Or is there a better way?
PavIT5 Hi, in this case you do not need to create a separate SharePoint site for external sharing. Instead, you can leverage conditional access policies to block downloads to unmanaged devices for internal users, but allow external users more flexible access. If you have the necessary licenses, you can use Microsoft Defender for Cloud Apps (MCAS) session controls to monitor and control real-time actions on files, such as downloads, for external users. In addition, for even more effective management, you can combine these controls with sensitivity labels to apply appropriate sharing and access rules for different types of documents.
Translated with DeepL.com (free version)