cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Outlook Encrypted Email Issues

GrahamP67
Copper Contributor

‎Oct 10 2023 03:25 AM

‎Oct 10 2023 03:25 AM

Outlook Encrypted Email Issues

I have deployed M365DLP controls to block password protected atachments that cannot be scanned and am telling users to use Outlook Encryption instead to protect outgoing email attachments. 

However, a number of external companies have reported not being able to open the encrypted messages and the screenshots provided show that they are trying to authenticate as a guest user in my Entra ID instance (rather than using their own IdP, SSO or an OTP).

 

What would cause that and how do I resolve?

 

GrahamP67_0-1696933390197.png

 

288 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by GrahamP67 (Copper Contributor)
MathieuVandenHautte

‎Oct 10 2023 06:24 AM - edited ‎Oct 10 2023 06:39 AM

‎Oct 10 2023 06:24 AM - edited ‎Oct 10 2023 06:39 AM

Solution

Re: Outlook Encrypted Email Issues

Hi GrahamP67,

First all the error code AADSTS90072:
"...The external account that the user signs in with doesn't exist on the tenant that they signed into; so the user can't satisfy the MFA requirements for the tenant... The account must be added as an external user in the tenant first"
https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-error-codes

Emails can only be opened in the Outlook Desktop App when the recipients are added as Azure guests to your tenant. This is by design. Please note that the behavior possibly is different in the Outlook Mobile App or in Outlook on the web.

 

You might also need to exclude "Microsoft Azure Information Protection" cloud app from CA policies that enforce multifactor authentication on your tenant.

0 Likes
Reply
GrahamP67

‎Oct 10 2023 06:29 AM

‎Oct 10 2023 06:29 AM

Re: Outlook Encrypted Email Issues

Thanks, this is helpful.
I dont want them to have guest accounts, so I guess I need to work out what is driving the MFA requirement - will that be on my side?
0 Likes
Reply
MathieuVandenHautte

‎Oct 10 2023 06:40 AM - edited ‎Oct 10 2023 06:40 AM

‎Oct 10 2023 06:40 AM - edited ‎Oct 10 2023 06:40 AM

Re: Outlook Encrypted Email Issues

Hi GrahamP67,

Since you are sending the emails, it has to be done at your end.

1 Like
Reply