cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

External user permission error

Peter van Rossum
Copper Contributor

‎Feb 09 2018 04:11 AM - last edited on ‎May 24 2021 02:02 PM by

‎Feb 09 2018 04:11 AM - last edited on ‎May 24 2021 02:02 PM by

External user permission error

Hi, in my environment I am not able to use gmail-addresses or hotmail-addresses for custom permissions. Is this a setting in Azure? Where do I change it so people are able to use these addresses?

Thanks.

4,487 Views
0 Likes
3 Replies
Reply
3 Replies
Pablo R. Ortiz

‎Feb 09 2018 04:45 AM

‎Feb 09 2018 04:45 AM

Re: External user permission error

You should add Consumer addresses (Gmail, Hotmail, etc) to Azure AD as Guest/external first, and then add those accounts to your custom templates:
https://docs.microsoft.com/en-us/information-protection/get-started/faqs-rms#can-i-add-external-user...
0 Likes
Reply
Vasil Michev

‎Feb 09 2018 10:55 AM

‎Feb 09 2018 10:55 AM

Re: External user permission error

What is your environment though, we are not fortune tellers here :) If you are using Office 365, you can enable the OME service to directly sent messages to Gmail, Yahoo, Outlook.com accounts:  https://support.office.com/en-us/article/office-365-message-encryption-ome-f87cb016-7876-4317-ae3c-9...

0 Likes
Reply
best response confirmed by VI_Migration (Silver Contributor)
Carol Bailey

‎Feb 11 2018 03:43 PM

‎Feb 11 2018 03:43 PM

Solution

Re: External user permission error

This seems to be the same question that I answered on the Docs site? (https://docs.microsoft.com/en-us/information-protection/rms-client/client-classify-protect#comments) You can't currently use these type of addresses with custom permissions because these email addresses are not supported by Azure Information Protection. There isn't a setting that you enable for this in Azure - there are backend changes needed to be completed on the engineering side before this will work.

 

As the other replies indicate, these types of addresses are supported when you use the new capabilities from Office 365 Message Encryption - so you can use them with email because Exchange Online is doing the authentication.  If you use these types of addresses with labels or protection templates, they will work with email (going through Exchange Online) but won't work if you protect a document outside email. For permissions to work with documents, the email address must be from a verified domain in Azure. You'll find more detailed information here: https://docs.microsoft.com/en-us/information-protection/plan-design/prepare#azure-information-protec...

 

It's understandably a very popular request to be able to use personal email addresses for documents as well as for emails.  As soon as the extra work is done, I'm sure it will be widely announced - and I'll update the docs to match!

2 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Carol Bailey

‎Feb 11 2018 03:43 PM

‎Feb 11 2018 03:43 PM

Solution

Re: External user permission error

This seems to be the same question that I answered on the Docs site? (https://docs.microsoft.com/en-us/information-protection/rms-client/client-classify-protect#comments) You can't currently use these type of addresses with custom permissions because these email addresses are not supported by Azure Information Protection. There isn't a setting that you enable for this in Azure - there are backend changes needed to be completed on the engineering side before this will work.

 

As the other replies indicate, these types of addresses are supported when you use the new capabilities from Office 365 Message Encryption - so you can use them with email because Exchange Online is doing the authentication.  If you use these types of addresses with labels or protection templates, they will work with email (going through Exchange Online) but won't work if you protect a document outside email. For permissions to work with documents, the email address must be from a verified domain in Azure. You'll find more detailed information here: https://docs.microsoft.com/en-us/information-protection/plan-design/prepare#azure-information-protec...

 

It's understandably a very popular request to be able to use personal email addresses for documents as well as for emails.  As soon as the extra work is done, I'm sure it will be widely announced - and I'll update the docs to match!

View solution in original post

2 Likes
Reply