Prevent user with delegation access to open an e,mail Protected with AIP



I have the blew question:


An email protected and encrypted by AIP cannot be read by someone who has delegation on the mailbox from the Outlook client . also this person can read the encrypted email if he opened it from OWA.

-As per this link I think it is normal that the one who has delegation or full access can open  an email protected with AIP.

-So My question is there a solution with (AIP or not) to prevent someone with delegation to open a protected email (like the case of outlook)?


3 Replies

@Karim Hossam Hey! I replied with a lot of info (thought it was a shared mailbox). I just now realized it's a delegate's access such as the assistant permission to an executive. You did not attach any link so maybe that's why I missed it. Anyway for your scenario they are "thinking about it".

Bumping this one again, did anything become of this?

We have the same issue if an executive uses sensitivity labels to encrypt an email, the delegate (in this case, the executives assistant) cannot see the email message via Microsoft Outlook 365 desktop client.

But if they open the executive's mailbox via OWA they can view the email and open any attachments.

Why is the email not able to be opened from Outlook but can be from OWA?
Also wanting this, seems to be a big gap where Information Protection Labels for emails aren't secured by checking the logged on user, but instead checking the mailbox accessing it and granting it that way.