My agency recently started using Office 365 Mail Encryption to encrypt our emails. It was suggested that we use different levels because some of the people we interact with outside the agency sometimes need more or less restrictions on the email itself.
Sometimes we send records to clients who then want to forward the email to their doctor (for example). So I thought I could customize a label in Azure to create a level of security to allow for that. No matter what I do, anything sent to an email address not
within our agency, it's blocked. It asks for you to sign in, or use the one time passcode. When either option is used it just states that they don't have permission to see the content. If I select Do Not Forward any external address can view the content just
fine, however it restricts every option other than view.
If I put the specific address in the permissions of the label it seems to work just fine, but we can't do that for every address (we have thousands of clients and partners in the community that we exchange information with). There are also many different domains so it doesn't seem reasonable to enter each domain under permissions on the label. What am I overlooking?