Related: MS365: Sending encrypted to remote tenants occasionally fails with "user not in tenant"
As in the previous message, we are sending outgoing encrypted messages via MS365 and some remote tenants are unable to view messages.
Before the forced move to Purview in July 2023, when accessing encrypted emails you had the option to request an OTP instead of logging in with your tenant to access things.
We have the option of OTPEnabled: True on our OME configuration (according to PowerShell Get-OMEConfiguration but since the migration to Purview, we can't force everyone to use OTP or even see the "Get OTP code via email" option.
Has anyone figured out a way to force OTP code via email instead of MS365 login in order to get access to a given encrypted message? If we can force everyone to need OTP codes instead of using MS365-integrated login that'd be great, but I'm not sure where to enforce that, does anyone know how to do that in Purview encryption since legacy OME settings are no longer present?
Best Answer
So, I was on a call with Microsoft on the related-linked issue in my question yesterday, and blatantly asked them about whether forcing OTP for everyone was possible. According to Microsoft support, it turns out that there is no way to force OTP for everyone anymore, and that was primarily a legacy Outlook Message Encryption option that is not available in Purview (but available if you use on-prem Exchange still and not MS365 Exchange Online or Hybrid Exchange).
In the Purview world, if someone has an Entra ID (MS365) or a Microsoft account, they must use that to authenticate. For all other receivers, they get OTP prompts in a default Purview setup that Microsoft is now forcing everyone into.
Another -1 to Microsoft for making things that much more complicated and difficult for people.