External people can't open files with Sensitivity Label encryption.
Question: What are the best practices for ensuring external users can open files encrypted with Sensitivity Labels? Hi all. I've been investigating proper setup of sensitivity labels in Purview, and the impact on user experience. The prerequisites are simple enough, creating and configuring the labels reasonably straightforward, and publishing them is a breeze. But using them appears to be a different matter! Everything is fine for labels that don't apply encryption (control access) or when used internally. However, the problems come when labels do apply encryption and information is sent externally. The result is that we apply a label to a document, attach that document to an email, and send it externally - and the recipient says they can't open it and they get an error that their email address is not in our directory. This is because due to the encryption, the external user needs to authenticate back to our tenant, and if they're not in our tenant they obviously can't do this so the files won't open. So, back to the question above. What's the easiest / most secure / best way to add any user we might share encrypted content with to our tenant. As I see it we have the following options: Users have to request Admins add the user as a Guest in our tenant before they send the content. Let's face it, they'll not do this and/or get frustrated. Users share encrypted content directly from SharePoint / OneDrive, rather than attaching it to emails (as that would automatically add the external person as a Guest in the tenant). This will be fine in some circumstances, but won't always be appropriate (when you want to send them a point-in-time version of a doc). With good SharePoint setup, site Owners would also have to approve the share before it gets sent which could delay things. Admins add all possible domains that encrypted content might be shared with to Entra B2B Direct Connect (so the external recipient doesn't have to be our tenant). This may not be practical as you often don't know who you'll need to share with and we work with hundreds of organisations. The bigger gotcha is that the external organisation would also have to configure Entra B2B Direct Connect. Admins default Entra B2B Direct Connect to 'Allow All'. This opens up a significant attack surface and also still requires any external organisation to configure Entra B2B Direct Connect as well. I really want to make this work, but it need to be as simple as possible for the end users sharing sensitive or confidential content. And all of the above options seem to have significant down-sides. I'm really hoping someone who uses Sensitivity Labels on a day-to-day basis can provide some help or advice to share their experiences. Thanks, Oz.
Has Your Organization Set Up a Viva Engage Community for Microsoft 365 Collaboration?
Hi everyone! As a trainer, I often get great questions during my Microsoft 365 sessions. While I share answers live, only the attendees benefit—leaving many others without that valuable info. I’ve already set up a Microsoft Learning Pathways SharePoint site as a resource, but I’m exploring ways to extend knowledge-sharing beyond the classroom.Has anyone created or participated in a Viva Engage community to share tips, answer questions, and collaborate around daily Microsoft 365 tools? I’d love to hear about your experiences, best practices, or ideas on how to maximize impact and reach across your organizations. Thanks in advance for sharing! Let’s empower everyone to get more from Microsoft 365.😃
What's the biggest challenge your small business is facing with technology right now?
Hi everyone, We're curious to hear from you all about any technology challenges your business is currently facing. Whether it's managing remote work, cybersecurity concerns, or finding the right tools to streamline operations, let's share our experiences and solutions. Your insights could help others in the community who might be facing similar issues. Looking forward to hearing your thoughts!
Approvals in a SharePoint document library
I have enabled approvals in a SharePoint document library: https://support.microsoft.com/en-us/office/approvals-in-lists-document-libraries-2bd0954d-5797-4be3-b78a-846f26338e17?utm_source=chatgpt.com However, the approval status resets itself to 'Not submitted' (after the approval request had been approved or rejected) in a few minutes. What is wrong? How can I fix this? (there are no changes in the version history) I has worked for weeks, the problem started last week. And - if anyone here is an expert on this in-buildt function, do you know if there are any known issues with folders and 'enabled approvals'? I have experienced that it does not work within document sets.OneDrive vs SharePoint
In the world of Microsoft 365, both OneDrive and SharePoint serve as robust platforms for file storage and collaboration. Yet, understanding which one fits your specific needs can be challenging. This blog explores their key differences, practical use cases, and offers guidance to help you make the right choice. What Is OneDrive? OneDrive for Business functions as a user-specific cloud repository within the Microsoft 365 framework, optimized for individual file storage, synchronization, and personal document management. What Is SharePoint? SharePoint Online operates as a collaborative content management and intranet platform within Microsoft 365, engineered for structured data handling, enterprise-level document sharing, and workflow automation across teams and departments.
OneDrive, SharePoint Offline access through File explorer
The connection through a short cut to file explorer is bugged and MS does no seem any keen to resolve this. I took a business support ticket only to be told that the issue is with development and they do not have any indication that it will be addressed any time soon. Any associated applcation with Office 365, seems will not be attempted to be bug fixed. This is very unfortunate for those who took for granted that MS will support.
Guest accounts and groupchats
Hello everyone, I recently received a support request regarding adding a person with a guest account to a group chat. Unfortunately, Teams refused to add that account. Copilot explained that this is due to the restrictions guest accounts have when it comes to communicating within the tenant they are invited to. Apparently—and this is what I’d love for you to verify—guests are only able to communicate within channels (e.g., threads in a channel) and in 1:1 chats. After we deleted the guest account, we were able to add that person to the group chat. Are the following informations correct? Guest user in tenant: Added as a guest in your tenant’s Azure Active Directory Access: Teams channels, files, meetings Restriction: No regular group chats outside of Teams channels External user (federation): Remains in their own tenant, connected to yours through federation Access: Chats and calls like regular Teams users Advantage: Can be added to regular group chats Thank you for your help. Best Hisham
