Outlook Encrypted Email Issues
I have deployed M365DLP controls to block password protected atachments that cannot be scanned and am telling users to use Outlook Encryption instead to protect outgoing email attachments. However, a number of external companies have reported not being able to open the encrypted messages and the screenshots provided show that they are trying to authenticate as a guest user in my Entra ID instance (rather than using their own IdP, SSO or an OTP). What would cause that and how do I resolve?
Unified Company Calendar for Mixed Microsoft 365 and Non-365 Users – 2025
Seeking a Shared Calendar Solution for Mixed Microsoft 365 and Non-365 Users I’m working on a solution to create a shared company calendar that everyone in our organization can view, while keeping editing permissions limited to a few selected individuals. The challenge: Some of our team members do not use Microsoft 365, and I’d like them to still be able to subscribe to or view the calendar and receive updates. Ideally, this should work without requiring full Microsoft accounts. I initially considered using an ICS-based calendar, but it seems Microsoft 365 Group calendars don’t support sharing via ICS links. I also explored creating a Group calendar as suggested in other threads, but ran into issues making it accessible to external users or those without 365 accounts. For context, I’m a Global Admin, so I have full access to configure settings in the Microsoft 365 Admin Center and Exchange if needed. We’re a small business, and our main goal is to have a centralized calendar for vacation schedules and company-wide events. It should be simple to access and maintain, with a focus on collaboration and accessibility across the board. What I’m looking for: A calendar that’s viewable by all, including non-M365 users Editable only by a few delegated team members Compatible with Microsoft 365, but not dependent on it for basic access Any tools, workarounds, or best practices that have worked for others in similar hybrid environments
Microsoft forms and external upload files possible?
Good afternoon, We as a company want to create forms that our customers can fill in with the data we need. Like plans and technical drawings. I hoped that it would be possible to create these forms, but when i try to add the upload file question I need to change the settings to only internal. Is there no possibility to create forms that have the request of uploading files from external parties we send the link to? Kind regards, CarinaExternal people can't open files with Sensitivity Label encryption.
Question: What are the best practices for ensuring external users can open files encrypted with Sensitivity Labels? Hi all. I've been investigating proper setup of sensitivity labels in Purview, and the impact on user experience. The prerequisites are simple enough, creating and configuring the labels reasonably straightforward, and publishing them is a breeze. But using them appears to be a different matter! Everything is fine for labels that don't apply encryption (control access) or when used internally. However, the problems come when labels do apply encryption and information is sent externally. The result is that we apply a label to a document, attach that document to an email, and send it externally - and the recipient says they can't open it and they get an error that their email address is not in our directory. This is because due to the encryption, the external user needs to authenticate back to our tenant, and if they're not in our tenant they obviously can't do this so the files won't open. So, back to the question above. What's the easiest / most secure / best way to add any user we might share encrypted content with to our tenant. As I see it we have the following options: Users have to request Admins add the user as a Guest in our tenant before they send the content. Let's face it, they'll not do this and/or get frustrated. Users share encrypted content directly from SharePoint / OneDrive, rather than attaching it to emails (as that would automatically add the external person as a Guest in the tenant). This will be fine in some circumstances, but won't always be appropriate (when you want to send them a point-in-time version of a doc). With good SharePoint setup, site Owners would also have to approve the share before it gets sent which could delay things. Admins add all possible domains that encrypted content might be shared with to Entra B2B Direct Connect (so the external recipient doesn't have to be our tenant). This may not be practical as you often don't know who you'll need to share with and we work with hundreds of organisations. The bigger gotcha is that the external organisation would also have to configure Entra B2B Direct Connect. Admins default Entra B2B Direct Connect to 'Allow All'. This opens up a significant attack surface and also still requires any external organisation to configure Entra B2B Direct Connect as well. I really want to make this work, but it need to be as simple as possible for the end users sharing sensitive or confidential content. And all of the above options seem to have significant down-sides. I'm really hoping someone who uses Sensitivity Labels on a day-to-day basis can provide some help or advice to share their experiences. Thanks, Oz.
Sharing a Planner Plan 1 plan with a guest user
Hi there, Looking for advice on what settings may be required to ensure that a guest user from another tenant can access a Planner Plan 1 plan which has been shared via a user in my tenant. Any assistance would be greatly appreciated! Guest user error message: "You do not have access to this plan. Ask any member to add you to the plan." Microsoft Planner Plan 1 user cannot share plan with guest user from another tenant Both users have Planner Plan 1 license assigned, the guest user has it assigned to their guest account on my tenant The Plan is shared in a Microsoft Team, of which both users are members The guest user has been added to the Plan The guest user has also tried opening the Plan directly via the Plan URL which was shared by the creator The guest user gets error message: You do not have access to this plan. Ask any member to add you to the plan." Other non-guest users from my tenant are able to access the Plan without any issues The guest user has selected their guest account from my tenant within their Teams app from their own laptop, and upon signing into the guest account, no Planner tab is listed for the user, and there is no ability to add it
Microsoft 365 Windows 11 external user or guest user sign in
Consider the following situation: CompanyA has a Microsoft 365 tenant with licensed users. CompanyA has a business relationship with CompanyB which also has a Microsoft 365 tenant. All of CompanyB's Windows 11 Pro computers are Entra ID joined and Intune enrolled. All of CompanyB's users have Microsoft 365 Business Premium licenses. An employee of CompanyA is stationed at CompanyB's office and needs to use one of CompanyB's computers as his primary computer. How would a technician have to configure things so that CompanyA user can sign into CompanyB's Windows 11 Pro computer and work like normal? I've done some reading online but most of the articles focus on access to cloud resources, whether that be Microsoft Teams or Entra Enterprise Apps or similar resources. I haven't found an article touching on Windows 11 sign in. Matthew
Issues with Sensitivity Labels and "Specific email addresses or domains" - Not working
Hello! We have enabled Sensitivity Labels in our tenant. The access control settings for the label states that a specific domain gets the permission "Co-Author". When we enable the Sensitivity label on a document and sent it towards the approved domain, it results in an error message when authenticating to open the document: "Selected user account does not exist in tenant 'Veni AS' and cannot access the application in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account." After doing some research I did some changes to the external domain within the Cross-tenant settings. The external domain now has the following settings: Inbound access: Allow access on external users and groups, within B2B Collaboration Allow access on external users and groups, within B2B direct connect Trust multifactor authentication from Microsoft Entra tenants, within Trust settings. Outbound access: Allow access on users and groups, within B2B Collaboration Allow access on users and groups, within B2B direct connect External Identities: Block access for external users and groups. (Inherited from default) After doing this change, I no longer get the same error message as above when authenticating to open the labeled document. Now I get the following error message: "You are not signed in to office with an account that has permission to open this document. You may sign in a new account into Office that has permission or request permission from the content owner" I have this working from another tenant to the same external domain and I have cross-checked the settings. Any idea on how to proceed, or if it is any obvious change I need to make in order to get this to work? All feedback appreciated! :-)"File Upload" Option not available for external users.
"File upload" option is only available when set Microsoft Forms “Only people in my organization can respond” or “Specific people in my organization can respond” is the selected setting. When we set, "Anyone can Respond" the option "Upload File" greyed out
