OME Error on opening encrypted emails

berketjune2012 371 Reputation points
2021-09-20T19:31:46.817+00:00

Hello

When sending an encrypted email to another user who is using outlook.

the user clicks "Read Message" to read the contents they are presented with the following error:

133719-image.png

Email and tenant removed for privacy.

Now if I add the user as a guest user in my tenant, this seems to fix the problem.

However I shouldn't have to add every possible recipient as a guest?

Anyone have any ideas?

Thanks

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,372 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Joyce Shen - MSFT 16,651 Reputation points
    2021-09-21T03:02:13.243+00:00

    Hi @berketjune2012

    According to your information above, external users are unable to read the message through outlook client. Could you please check if they could access the email using OWA? If yes, this seems to be an expected behavior and I saw some similar issues as well:

    CAA20004 AADSTS90072: USER ACCOUNT FROM IDENTITY PROVIDER DOES NOT EXIST IN TENANT
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    And: Encrypted e-mail error AADSTS90072

    Using AIP with Exchange Online provides the additional benefit of sending protected emails to any internal or external users. These emails should be encrypted at rest and in transit, and be read only by the original recipients.

    And when sending encrypted emails to external users with AIP, it requires Office 365 Message Encryption capabilities. If the recipients cannot open the protected email in their native email client, let's say Outlook desktop client, they can use a one-time passcode to read the sensitive information in a browser. Therefore, users will still be able be view encrypted messages in OWA.

    We may check the steps mentioned in this thread as well, To exclude AIP from your existing Require-MFA Conditional Access policy:


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments