this post was submitted on 24 Jun 2023
6 points (87.5% liked)

Sysadmin

7664 readers
4 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago
MODERATORS
DarraignTheSane@lemmy.world
00Lemming@lemmy.world
L3s@lemmy.world
6
O365 Email Encryption (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by L3s@lemmy.world to c/sysadmin@lemmy.world
3 comments fedilink hide all child comments
 

My company is just starting to utilize O365 email encryption for sensitive information, which I know a lot of people are already using.

One thing we've run into is when sending a sensitive email to a third-party vendor, a lot of them utilize shared mailboxes/distribution groups, so the encryption is not allowing the members of the external mailbox/group to open the encrypted email as their account doesn't have permissions (the group email address does, instead of their individual account).

The only way I've come up with to solve this issue is setting the encrypted emails to not allow a "social" sign-on for decryption, and instead only offer "send a one-time passcode" as the authentication method, then the group/mailbox receives the code to view the email.

Curious how others have combatted this issue if they've crossed it, this feature has been around a while and I am unable to find much on Google about it specifically.

For the moment, users are just re-sending the encrypted email to the external recipient that replies "We can't open this email", which solves the problem but creates more work and takes longer for everyone.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] L3s@lemmy.world 1 points 1 year ago (1 children)

Makes sense, but wouldn't you have an issue with sharing to a group/shared mailbox?

Not a fan of "anyone with a link" personally, that's the only way I can think of that working smoothly

[โ€“] DarraignTheSane@lemmy.world 4 points 1 year ago

If they absolutely refuse to allow you to share or email an individual vs. a distro group then I'd do it that way, but not using an "anyone with the link" share depending on the sensitivity of the information. If it's something that isn't as sensitive sure, but otherwise they'll need to setup credentials with that distro group and use it to login to access the shared folder.