![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Purview
A unified data governance solution that helps manage, protect, and discover data across your organization
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 18%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
Hi @Najin S
Thank you for contacting Microsoft QA.
It seems like you're facing an issue where external recipients are unable to open attachments from an encrypted email sent via a DLP policy when using Gmail or Yahoo. This can happen due to various encryption settings and permissions that need to be in place for these external services to access the protected content.
Here's how you can potentially resolve this issue:
Check User Permissions: Make sure that the external recipients have permissions to open the content. This could mean that they need to have an Azure Active Directory (AAD) or Microsoft Accounts associated with the encryption being used.
RMS (Rights Management Service) Configuration: Ensure that the encryption template used in your Data Loss Prevention (DLP) policy allows external sharing. You may need to configure the Azure Information Protection (AIP) settings that dictate how external users can access protected files. Here’s a resource for reference: Assigning usage rights and access controls to external users.
Test with Different Email Services: Sometimes, email clients handle protected content differently. Try using other email accounts beyond Gmail/Yahoo to see if the issue persists across different services.
Evaluate DLP Policy: Review the DLP policy settings to ensure that it aligns with your organization's requirements for external sharing. This could involve adjusting how the policies classify sensitive information.
External Recipients’ Responsibilities: Inform the external recipients that they may need to sign in with a Microsoft account (or create one if they don't have it) to view the protected content. This is often necessary with Azure RMS-encrypted files.
If these steps don’t work, it might be helpful to gather more information to pinpoint the root of the issue. Here are some follow-up questions you could ask the customer:
- What specific error message are the external recipients seeing when they attempt to open the attachments?
- Are the external recipients using the mobile app, web, or desktop version of Gmail/Yahoo?
- Have you tested sending the email to different external addresses, and does the issue persist across all email services?
- Can external recipients access other secured attachments successfully, or is it only with this specific DLP policy/template?
- Is there a need for external recipients to create a Microsoft account to access this content, and have you communicated this to them?
Hope this helps you get one step closer to resolving the issue! If you have any more questions or need further assistance, feel free to ask!