AADSTS50020: protected PDF issue for external users
I have been recently (don't know when it was started) observed getting error from protected PDF (sensitivity label with user defined permission) file while trying to open that pdf via AIP viewer mobile app (Android/iOS) AS external user (who has permission to open/view). No issue with Office file types protected. external (not internal, not guest) user (currently testing with gmail.com account, other O365 tenant user) getting error as attached from AIP view mobile app. We do have AIP excluded at conditional access policy which helped so far to avoid this problem for external users. Is there been any recent change in behavior around user defined protected PDF? Since user having problem is external, have no clue where to look for log and start investigation. Error code: AADSTS50020
Restrict sharing of Power BI Data to limited users
In the Power BI admin center, we have enabled the setting: "Restrict content with protected labels from being shared via link with everyone in your organization". As expected, this prevents users from generating "People in your organization" sharing links for content protected with sensitivity labels. We only have one sensitivity label with protection enabled. However, due to Power BI’s limitations with labels that include "Do Not Forward" or user-defined permissions, this label is not usable in Power BI. Our Power BI team wants to restrict sensitive data from being shared org-wide and instead limit access to specific individuals. One idea was to create another sensitivity label with encryption that works with Power BI and use that to enforce the restriction. However, such a label would also affect other Microsoft 365 apps like Word, Excel, and Outlook — which we want to avoid. I looked into using DLP, but MS documentation mentions below limitations, that makes me unsure if this will meet the requirement. 1. DLP either restricts access to the data owner or to the entire organization. 2. DLP rules apply to workspaces, not individual dashboards or reports. My question: Is there any way to restrict sharing of Power BI (or Fabric) content to specific users within the organization without changing our existing sensitivity label configurations or creating a new encryption-enabled label that could impact other apps?
