G Suite Sync with Microsoft Outlook and RMS

Leave a comment

Today I had the opportunity to try out sending RMS protected messages to external recipients who use native Exchange-Outlook and G Suite Sync with Outlook.

I send a message to the external recipients from Outlook.

The external recipient with Outlook (I’ll call her Carmen) already has AIP client installed and RMS enabled in her tenant. The message opens with no issues.

The external recipient with G Suite Sync and Outlook (I’ll call him Ben) receives the message with the following text in the reading pane.

This message with restricted permission cannot be viewed in the reading pane until you verify your credentials. Open the item to read its contents and verify your credentials.

After double clicking on the message, the message below is displayed. Note that the sender is MOD Administrator from the sender tenant.


After the Ben verifies his credentials, the email message is displayed.

So far so good.

Carmen replies all from Outlook; all is normal.

Ben replies all from his Outlook client; the original sender (MOD Administrator) and Carmen see this:


However, when Ben replies all from Gmail via the Web browser, he sees the following message:

“You’ll automatically get an email copy of this message.” along with the label and the owner of the messages.

The original sender (MOD Administrator) and Carmen can view the message with no issues.

Ben, however, sees that the message comes from Office365@messaging.microsoft.com, not from his email address.


After the Ben verifies his credentials, the email message is displayed.

In summary – if you are using G Suite Sync with Outlook and responding to an encrypted message, be aware that your recipients may not be able to view your responses.

Thanks for reading!


Encrypt E-mail with Attachments

Leave a comment

As I continue to test different settings in Azure Information Protection, I want to share one that I find interesting.

I configured AIP for e-mail message with attachments to automatically apply a label that matches the highest classification of those attachments.

I created an e-mail where a default label ‘Official Use’ is automatically applied to my e-mail message. I then attached a document classified as ‘Restricted’, the classification of my e-mail message automatic changed to ‘Restricted \ All Employees’. This is the expected behavior.

I then sent the e-mail with the attachment to a trusted partner (in this case myself with a different domain) which I have configured ‘Viewer’ rights to view and reply the e-mail and the attachment.

Below is the e-mail message I sent to the trusted partner.


However, when the trusted partner (again, myself with a different domain) received the e-mail and tried to click on the ‘Read the message’ link (image below shows e-mail message received by the trusted partner), the trusted partner received “You do not have permission to view this message.”


After much testing, in order to allow my trusted partner to read the message, I had to change permissions from ‘Viewer’ to ‘Reviewer’ in Azure Information Protection.

As I continue to work with Azure Information Protection, I find myself learning new things every day.

Thanks for reading!