Forum Discussion
External users cannot open encrypted email
Hi, I received your test message and whilst I was unable to access it via the Gmail web interface, I was able to open it via Outlook using the AIP viewer. This is going to be the only way that the Gmail users will be able to do this.
As ChristianBergstrom pointed out, the options you are using for encryption are the built-in OME / and older default AIP templates. I would recommend taking a look at updating your labels and policies. Could be a good time to start looking to migrate to Sensitivity Labels from the Security and Compliance Center, as Microsoft are planning to "sunset" the older AIP method in 2021 as per https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179
But, for the meantime, if you want Gmail accounts to access the encrypted emails, then Outlook and the. AIP viewer is going to be the way.
Will send you a DM with my Gmail address. If you are happy to send me a test message it would be good to see the experience?
Hi, I received your test message and whilst I was unable to access it via the Gmail web interface, I was able to open it via Outlook using the AIP viewer. This is going to be the only way that the Gmail users will be able to do this.
As ChristianBergstrom pointed out, the options you are using for encryption are the built-in OME / and older default AIP templates. I would recommend taking a look at updating your labels and policies. Could be a good time to start looking to migrate to Sensitivity Labels from the Security and Compliance Center, as Microsoft are planning to "sunset" the older AIP method in 2021 as per https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179
But, for the meantime, if you want Gmail accounts to access the encrypted emails, then Outlook and the. AIP viewer is going to be the way.
- Thanks for all the help. It looks like we'll need to look at a third party solution for the customer's requirement to send encrypted emails to non-Microsoft clients.
ashmelburnian Hey! There's really no need to look for third-party solutions when you have them built-in with your subscriptions. Not only in Office Message Encryption but you mentioned AIP as well. If you don't want to update your AIP settings or migrate to the unified labeling experience you could at least configure OME (for the end-users to choose as an option or as mail flow rule) as it should solve the particular external encryption issue.
"All Microsoft 365 end-users that use Outlook clients to read mail receive native, first-class reading experiences for encrypted and rights-protected mail even if they're not in the same organization as the sender. Supported Outlook clients include Outlook desktop, Outlook Mac, Outlook mobile on iOS and Android, and Outlook on the web (formerly known as Outlook Web App)."
Recipients of encrypted messages who receive encrypted or rights-protected mail sent to their Outlook.com, Gmail, and Yahoo accounts receive a wrapper mail that directs them to the OME Portal where they can easily authenticate using a Microsoft account, Gmail, or Yahoo credentials.
End-users that read encrypted or rights-protected mail on clients other than Outlook also use the OME portal to view encrypted and rights-protected messages that they receive."
OME FAQ
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide
Completely agree with this!
If you go third party I think you will ultimately end up with further frustrations. It's all there for you with Microsoft. It's just a matter of finding the right settings that work for you.
