Forum Discussion

ashmelburnian's avatar
ashmelburnian
Brass Contributor
Jun 01, 2020

External users cannot open encrypted email

Hi all, I searched the communities but couldn't find the answers I need in regards to Office 365 Message Encryption.

 

We have a customer that wants to send encrypted emails from Outlook.

 

When a non-Microsoft recipient (e.g. Gmail user) receives these emails they cannot open them. They get the following:

 

 

It's my understanding that external recipients should be able to view encrypted email as per this article.

 

Can someone please help?

 

The sending user has a Microsoft 365 Business Premium license, and Azure Information Protection is active under the 365 tenant.

 

Thanks


Ash

  • ashmelburnian 

     

    Hi, I received your test message and whilst I was unable to access it via the Gmail web interface, I was able to open it via Outlook using the AIP viewer.  This is going to be the only way that the Gmail users will be able to do this.

     

    As ChristianBergstrom pointed out, the options you are using for encryption are the built-in OME / and older default AIP templates.  I would recommend taking a look at updating your labels and policies.  Could be a good time to start looking to migrate to Sensitivity Labels from the Security and Compliance Center, as Microsoft are planning to "sunset" the older AIP method in 2021 as per https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179

     

    But, for the meantime, if you want Gmail accounts to access the encrypted emails, then Outlook and the. AIP viewer is going to be the way.

  • ashmelburnian 

     

    Hi, my experience with this is that non Microsoft users such as Gmail will have to enable their accounts as Microsoft accounts.  Are the Gmail users not being prompted to do this?

    • ashmelburnian's avatar
      ashmelburnian
      Brass Contributor
      Thanks for your quick reply.

      I sent a test email to a Gmail account (not connected to a Microsoft account) which showed the message in my post above. No prompt to "Click here to read your message".

      I still get the same message after connecting a Microsoft account. 😞
  • piekedahla's avatar
    piekedahla
    Copper Contributor

    We had been using the previous version of OME; however, encryption via the mail flow rule that was set up stopped working for one user some time ago. Other accounts, and new ones, were not affected. Suddenly on December 16 the previous version of OME stopped working for all. We switched to the new version, Azure Information Protection. It works for internal staff members who are using the Outlook client. It does not work for external recipients, as described by telecaster below. We have read extensively on what to do, reviewed the steps provided below, and have run numerous PowerShell scripts that are published in Microsoft's extensive library. All our efforts have not brought us closer to collaborating securely with outside users, which we were able to do with the previous version of OME before December 16. And out internal users cannot decrypt their secure messages when signed in to Outlook Web Access e-mail. Does anyone have suggestions? Where do we go from here?

  • piekedahla's avatar
    piekedahla
    Copper Contributor

    ashmelburnian 

     

    We had to move to Azure and start using the new encryption method.  When we made the change, encrypted messages sent to Gmail, Hotmail, Outlook, and other e-mail services could be decrypted.  Azure enabled the authentication needed to make the decryption process seamless.  Now, all is well.  Our external partners and collaborators can open and respond to secured messages sent to their corporate and personal accounts.

  • _K_O_'s avatar
    _K_O_
    Copper Contributor

    ashmelburnian I am with you.  Microsoft and Google need to work together on this.

     

    I use Gmail.  When an outlook user sends me an email I get this.

    If I click the message.html attachment I get a new Chrome window with this message.

    If I download the message.html and doubleclick/run the file it does nothing different that if I click the file from within Gmail (i.e. it opens a new chrome window/tab) like this.

    Now I have to sign in with my Microsoft account to see the message.

     

    My issues is the I'm already signed in to my Microsoft account with "stay signed in checked" so when I get an encrypted message in Gmail just display the freaking message.  I'm already signed in to my Microsoft account so stop making me jump through hoops to see the message.  Sometimes I get a couple dozen encrypted messages a day and I have to go through the ridiculous process for every single message.

     

Resources