Forum Discussion
Office 365 Message Encryption: Error setting DecryptAttachmentFromPortal to $true
MicrosoftWe've just learned that DecryptAttachmentFromPortal is deprecated and instead, you should use the DecryptAttachmentForEncryptOnly parameter. The Azure Information Protection documentation has been updated with this information & I'm told the PowerShell reference documentation update is in progress.
Thank you very much for your reply, Carol Bailey. However, as far as I understand, the DecryptAttachmentForEncryptOnly parameter only makes it possible to decrypt attachments for users with an Azure AD account. What's the proper solution if I were to send an encrypted email to a GMail user? After downloading the attachments, he won't be able to open them since he can't authenticate, right? If that's the case, it would be a huge step back for many customers I am in contact with. Or maybe I am missing a point here and you can make me a merry christmas by clarifying this point. ;-)
- Carol Bailey
It's the other way around - when you use the DecryptAttachmentForEncryptOnly parameter, encryption is removed for the attachment for all recipients after they have authenticated, no matter what authentication method they used or how they view the email. This makes it a consistent end user experience. Whereas for the older parameter, encryption was removed only if they couldn't be authenticated by Azure AD and therefore had to use the portal.
The difference is when decryption occurs: For the DecryptAttachmentFromPortal parameter, as the name suggests, decryption happened only in the portal and at the point when somebody requested to download the attachment. For a recipient using Outlook or Outlook on the web (they have an Azure AD account), the attachment would remain encrypted. For the DecryptAttachmentForEncryptOnly, decryption happens as soon as the email is opened (which happens only when the recipient is successfully authenticated).
So for your recipients using the portal, they won't see any difference in behavior (the downloaded attachment isn't encrypted).
Hope you have time to try it out before your Christmas break!
Carol Bailey we have enabled Encrypt option in our tenant but our users not able to open encrypted email in outlook and whether we need to update to latest patch
