Outlook Encrypted Email Issues

Copper Contributor

I have deployed M365DLP controls to block password protected atachments that cannot be scanned and am telling users to use Outlook Encryption instead to protect outgoing email attachments. 

However, a number of external companies have reported not being able to open the encrypted messages and the screenshots provided show that they are trying to authenticate as a guest user in my Entra ID instance (rather than using their own IdP, SSO or an OTP).


What would cause that and how do I resolve?




3 Replies
best response confirmed by GrahamP67 (Copper Contributor)

Hi GrahamP67,

First all the error code AADSTS90072:
"...The external account that the user signs in with doesn't exist on the tenant that they signed into; so the user can't satisfy the MFA requirements for the tenant... The account must be added as an external user in the tenant first"

Emails can only be opened in the Outlook Desktop App when the recipients are added as Azure guests to your tenant. This is by design. Please note that the behavior possibly is different in the Outlook Mobile App or in Outlook on the web.


You might also need to exclude "Microsoft Azure Information Protection" cloud app from CA policies that enforce multifactor authentication on your tenant.

Thanks, this is helpful.
I dont want them to have guest accounts, so I guess I need to work out what is driving the MFA requirement - will that be on my side?

Hi GrahamP67,

Since you are sending the emails, it has to be done at your end.