Proper Email Attachments in the world of cloud
The best practice for emailing a file to someone, especially a sensitive file, is to attach a link to the file from your OneDrive or SharePoint location. Alternatively, if you don’t have OneDrive or SharePoint, you should password protect the file at the very least and encrypt the attachment or use a third party secure document share.
However, if you utilize Microsoft 365’s OneDrive or SharePoint, the easiest way is to attach a link to the file and let Microsoft verify the recipient’s identity before granting them access to the file.
This also helps with file versioning because rather than sending a copy of a file that can then be altered and/or share anonymously with other individuals, your recipient will access a live version of the most up to date revision of your file. If anything gets updated in the file later, those changes are seen by the recipient on subsequent access to the file being shared.
In Microsoft Outlook, when you go to compose a new email, just click on the Attach File option but instead of clicking Browse This PC, go to Browse Web Locations and then Group Files. Upon hovering over Group Files a list will slide out of all the document shares you have access to on your 365 tenant. From one of those document shares you can navigate to and open a file. It will then ask if you want to attach as a copy or share link. Choose share link. You will also notice that you can alternatively choose your OneDrive or recent SharePoint document libraries in addition to Group Files at this step, but I am focusing on Group Files as that seems to be what I end up using all the time.
The attached link will appear just like an attached file in Outlook with one exception. Underneath the name of the file, it will say “Organization can view”. This means that anyone within your organization that receives the link and view/edit the file depending upon the permissions they have. You can modify the permissions and the scope of sharing by clicking the down arrow on the attached link and hover over “Change Permissions”. From there you can specify to allow editing or view only either with just recipients within your organization or with people outside of your organization.
Even if you don’t specify external recipients, an external recipient of the email can still attempt to access the file. When they do, they will need to request permission from you first. You will get an email approval request upon that happening and can then specify if they have view, edit or no access to the file. Microsoft handles all of the authentication and identification management on their end in the cloud.
This is the correct way to send documents via email when utilizing Microsoft Business Cloud solutions. When you attach a file the old school way, it is stored in plain text in the email by default and transmitted from one mail server to another via SMTP as a uuencoded file. Uuencoding is just a means to convert binary data into ASCII text for email transmission where it gets uudecoded on the other end and reconverted back into a binary file. Email doesn’t do binary and this has been the workaround ever since the creation of email. That’s a form of file sharing technology that’s been around since the 1970’s. Not very secure and certainly not the best choice for the transmission of sensitive data.
You can also alternatively do similar link sharing using Drop Box, Google Drive or various alternatives to Microsoft OneDrive/SharePoint. We focus on Microsoft Cloud though since that is part of our recommended technology stack.