locked
"We can't yet share protected files with some of your recipients." RRS feed

  • Question

  • This message box was delivered to me when selecting several email recipients on a test message where I attached a Word (.docx) file, selected recipients, and then selected "Message > Share Protected (under the Protected section)".  For instance, I entered my Exchange Online, and corporate Exchange addresses without invoking the message, but when I tried to add my POP3 Verizon address, from which all messages are forwarded to my Exchange Online address, I was prompted to remove it with the message "We can't yet share protected files with some of your recipients.", with the options to click of "Remove the recipient" or "Cancel".

    I have had the same problem with multiple gmail, aol, yahoo and similar accounts.

    The problem is that many of my contacts to whom I want to send RMS protected files have such addresses.  ALSO, for legacy reasons, I use my Verizon POP3 address for my routine contact address and Cc myself to that address, but the new email message REJECTS MY VERIZON ADDRESS

    SIMPLY STATED, what makes a recipient ineligible to receive shared files protected with RMS, and how do I determine which addresses are acceptable?

    FINALLY, how do I convert the INELIGIBLE addresses -- such as my Verizon address, Kenneth.Grush@verizon.net -- to ACCEPTABLE addresses?

    I am hoping that the answer is not that I have to require everyone to sign up for RMS for individuals!  How would this work for me?  I have an Exchange Online and Azure user ID PLUS a POP3 address.  Azure RMS and RMS Sharing App are both installed, and I also have Office 365 and Exchange Onlne with the same User ID.  I thought this would deny me the permission to install RMS for Individuals.

    PLEASE ADVISE!

    Wednesday, December 10, 2014 2:48 AM

All replies

  • Right now it's hard blocked for most "consumer" addresses, but if you have another domain that forwards to your Verizon account it will work just fine. You just need to authenticate as the non-Verizon (Hotmail, gmail, etc) account that you have registered (it could be your O365 account or RMS for individuals, but even RMS for individuals has this limitation).

    Anyone you send a protected email to will need to have Azure RMS or sign up RMS for individuals to be authenticated.

    Tuesday, January 13, 2015 10:35 PM
  • Why is this (still) blocked? It prevents fans of your solution to show many others how powerful the solution is :-(.
    Thursday, August 27, 2015 6:53 PM
  • MrT2 is correct when he says:

    Why is this (still) blocked? It prevents fans of your solution to show many others how powerful the solution is :-(.

    It makes no sense to exclude POP3 (non-Microsoft, that is) email addresses.  That is why Microsoft is losing ground to other players here.  Does Apple block encryption to POP3 addresses?  I doubt so, because they allowed me to use mine as my I.D.  Also, I pay for BOTH a Microsoft Exchange address AND a Verizon POP3 address, of which the latter is the original, linked to all of my professional and social history.  This is where regulatory boards, accountants, professional colleagues, family, etc. know where to find me, and this is the address to which they would send RMS protected material.  And many of these parties also have "consumer" addresses.  All material from the Verizon account is forwarded to my Microsoft Exchange Online account.  And all messages sent from the Exchange account only (to ensure synchronization).  What this means is that any files sent to my historical (Verizon) account by another "Enterprise" account is unprotected, even though it passes through my Exchange server.  And any files I send from exchange to "consumer" accounts are also unprotected.  This is unacceptable!

     

    Many colleagues refuse to enroll in a Microsoft account, and this is one of the reasons.  Microsoft is trying to force people to sign up for accounts and/or buy their products.  In light of all the security threats surfacing, with loss of sensitive material, and the activities of the NSA, Microsoft made a lot of "noise" about encrypting "all Outlook mail and attachments".  But encrypting the entire message, which I do for "consumer" addresses, DOES NOT prevent diversion of the sensitive date after the message is opened or if it is inadvertently (or otherwise) forwarded to others.  Microsoft could emerge as a champion of data security, but instead it is viewed as self-serving and excluding whole segments of the online population.

    When you have something that works very well, but then try to force people to do extra work and expense to benefit from it, they have no proof or example of the value of the RMS technology, and so are unwilling to trust you.  If, on the other hand, you allow them to receive RMS protected files, they immediately see the benefit by observing the restrictions placed on the file(s).  Who knows, but I would bet that a sizeable number of non-Microsoft clients would try your Cloud, Exchange, and Azure products just to be able to duplicate the RMS protection for their own sensitive files, once they have witnessed its elegance and strength!

    PLEASE PASS THIS SUGGESTION ALONG TO THE NEW CEO, SATYA NARAYANA NADELLA, AND THE OTHER OVERLORDS OVER THERE!  Microsoft needs to be perceived as the champion of digital security.  THAT WILL EARN YOU MARKET SHARE IN TODAY'S "WIRETAP" ERA!

    Thursday, August 27, 2015 8:02 PM
  • MrT2 is correct when he says:

    Why is this (still) blocked? It prevents fans of your solution to show many others how powerful the solution is :-(.

    It makes no sense to exclude POP3 (non-Microsoft, that is) email addresses.  That is why Microsoft is losing ground to other players here.  Does Apple block encryption to POP3 addresses?  I doubt so, because they allowed me to use mine as my I.D.  Also, I pay for BOTH a Microsoft Exchange address AND a Verizon POP3 address, of which the latter is the original, linked to all of my professional and social history.  This is where regulatory boards, accountants, professional colleagues, family, etc. know where to find me, and this is the address to which they would send RMS protected material.  And many of these parties also have "consumer" addresses.  All material from the Verizon account is forwarded to my Microsoft Exchange Online account.  And all messages sent from the Exchange account only (to ensure synchronization).  What this means is that any files sent to my historical (Verizon) account by another "Enterprise" account is unprotected, even though it passes through my Exchange server.  And any files I send from exchange to "consumer" accounts are also unprotected.  This is unacceptable!

     

    Many colleagues refuse to enroll in a Microsoft account, and this is one of the reasons.  Microsoft is trying to force people to sign up for accounts and/or buy their products.  In light of all the security threats surfacing, with loss of sensitive material, and the activities of the NSA, Microsoft made a lot of "noise" about encrypting "all Outlook mail and attachments".  But encrypting the entire message, which I do for "consumer" addresses, DOES NOT prevent diversion of the sensitive date after the message is opened or if it is inadvertently (or otherwise) forwarded to others.  Microsoft could emerge as a champion of data security, but instead it is viewed as self-serving and excluding whole segments of the online population.

    When you have something that works very well, but then try to force people to do extra work and expense to benefit from it, they have no proof or example of the value of the RMS technology, and so are unwilling to trust you.  If, on the other hand, you allow them to receive RMS protected files, they immediately see the benefit by observing the restrictions placed on the file(s).  Who knows, but I would bet that a sizeable number of non-Microsoft clients would try your Cloud, Exchange, and Azure products just to be able to duplicate the RMS protection for their own sensitive files, once they have witnessed its elegance and strength!

    PLEASE PASS THIS SUGGESTION ALONG TO THE NEW CEO, SATYA NARAYANA NADELLA, AND THE OTHER OVERLORDS OVER THERE!  Microsoft needs to be perceived as the champion of digital security.  THAT WILL EARN YOU MARKET SHARE IN TODAY'S "WIRETAP" ERA!

    Thursday, August 27, 2015 8:03 PM
  • Hi.

    First off, allow me to say we understand your frustration as this is indeed a limitation in the current implementation of Azure RMS. While for many organizations we speak to the scenario where a user needs to share protected content with users of consumer identities (i.e. Gmail, Yahoo mail, Facebook, Microsoft account, etc.) is not important or even desirable, we know that for other business this is critical functionality and as such we want to enable this functionality as soon as possible.

    The reasons why this is not available yet are multiple. One of them you will appreciate is that a different model for administering these domains is required, as you would not want the administrators of the Verizon email system, or of Gmail or Microsoft account for that matter, to hold SuperUser, reporting or key management powers over the content you protect with these identities as they would with business domains as currently implemented. Other capabilities such as the ability to federate directly with these providers and handle expiration and reuse of such identities are required for the solution to be safely extended to these domains.

    Rest assured we are working as diligently as possible to enable the scenarios you describe, and we should have news about this work soon.

    Your feedback is highly appreciated.

    Regards,


    Enrique Saggese - Sr. Program Manager - Information Protection - Microsoft Corporation


    Friday, August 28, 2015 8:26 AM
  • Thank you for the explanation!!! Keep up the good work! Love what Microsoft is doing the last couple of years (even while not being a Microsoft fanboy ;-)).
    Friday, August 28, 2015 10:31 AM
  • How will we get updated on when we can use this with "consumer domains?" Is there a list to subscribe to, or a page to watch?
    Wednesday, November 4, 2015 9:59 PM
  • For all Azure RMS announcements: Microsoft Rights Management (RMS) Team Blog

    I think it's safe to assume Dan wouldn't keep this to himself, either: Dan Plastina @TheRMSGuy

     
    Saturday, November 14, 2015 11:50 PM