Jul 02 2020 04:27 AM
Am I missing something here or how do you handle this?
I am implementing AIP for the first time. I have a "Specific Recipients" sub label under "Highly Confidential" that allows the user to define custom permissions for users.
From my testing it looks like a user cannot assign an external user “view only” permissions on a document (via their PC) as when they share a link to that file with that user via SharePoint/OneDrive – the user won’t be able to read it in Office on the web as it won’t support this type of “specific permission” defined method for this external user and the external user can’t download it either and read it locally as they only have view only permissions which restricts download. Resulting in the user not being able to access or read the file.
How do you give an external user "view only" permissions via a label that is set to allow "custom permission" (in a way that results in them being able to view the file either via office on the web or locally through their desktop office application)?
Jul 02 2020 10:15 AM
I have had labels work in the way you describe if I have understood you correctly. Would you be able to share screen shots of what you have tried please?
Jul 03 2020 01:40 AM
Hi Peter
See attached.
Test 1 - File with AIP View only permissions created on PC and sent to Gmail user. Gmail user downloads attachment but cannot open. Microsoft Word says user does not have permission.
Test 2 - File with AIP View and Edit (Receiver) permissions created on PC and sent to same Gmail user. Gmail user downloads attached and can open the file successfully.
Jul 03 2020 12:10 PM
OK, so on replicating your test 1, I cannot open the view only file in word online. I'm prompted to download, and when doing so I can successfully open the doc in full word.
Jul 03 2020 01:09 PM
Thanks - I'm not sure what is going on but when I try to replicate it again with a new document I can't even though I have the original document which still doesn't open but has the same permissions as the new document and the exact same recipient email address - very very strange.
Jul 03 2020 01:11 PM
Jul 06 2020 06:40 PM
Hi, have you looked into Allow or block invitations to B2B users from specific organizations?
https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-list