Single sign-on & Azure Information Protection (AIP)

Sergiu Craciun 21 Reputation points


I just wanted to check if Azure RMS can allow guest users who don't have a Microsoft or Azure AD account to consume/open AIP protected files.
According to my research, when a user attempts to open an AIP protected file the application will launch the login window and initiate a connection to
For an optimal sign-in experience, would it be possible to change the login window for our Azure tenant so that instead of RMS client initiating a connection to it will initiate a connection to our external IdP login page?

Thank you,

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
527 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,529 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 30,676 Reputation points Microsoft Employee

    @Sergiu Craciun

    Thank you for reaching out to us. Regarding your question related to External/Guest users collaboration with Azure Information Protection.

    Unfortunately it is not possible to change the behavior of RMS client when Guest users accessing the protected documents. The user is first authenticated by using federation with a social identity provider or by using a one-time passcode. Then the email address specified in the protected email is used to authorize the user.


    Let me know if you have any questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful