Purview Sensitivity label: User defined permissions doesn't allow access to consumers that are not guest in my tenant

Question

Hello team,

Purview Sensitivity label: User defined permissions doesn't allow access to consumers that are not guest in my tenant.

Issue:

User defined permissions not allowed access to remote users that are not present as guest in my Entra ID directory.

 

Scenario:

2. User apply sensitivity label user-defined permissions to grant access to remote users are not present in the entra ID that is applying the protection.

 

3. The consumer try to open the file with the account granted the permissions, however, it can't access to the content. Entra ID is requesting to create the account as guest in the tenant that apply the protection.

 

Problem:

This is a big issue because for any file protected by user-defined permissions, the remote user needs to be added as a guest.

 

The same behavior apply for OfficeApps and PDFs.

 

Question

is there any way to allow users granted with user-defined permissions access the protected data without need to create the guest account?

Answer 1

Hi @Sergio Londono ,

As of my last knowledge update, there isn’t a direct way to bypass the guest account requirement for external users with user-defined permissions in Microsoft Purview Sensitivity Labels. However, you can explore Azure AD Business-to-Business (B2B) collaboration. B2B collaboration enables external users to access resources without being guests in your tenant. Keep in mind that this approach might not align perfectly with user-defined permissions.

Thanks

Answer 2

Hello team,

I found other Microsoft documentation specific to this issue:

Apply encryption using sensitivity labels | Microsoft Learn