top of page

End-to-end encryption for one-to-one Microsoft Teams calls

With this public preview release, Microsoft is rolling out E2EE for unscheduled one-to-one calls. Only the real-time media flow, that is, video and voice data, for one-to-one Teams calls are end-to-end encrypted. Both parties must turn on this setting to enable end-to-end encryption. Encryption in Microsoft 365 protects chat, file sharing, presence, and other content in the call.

We need to have a better close look at what is done behind the scenes and how to configure it by IT administrators .

You need to know that If you don't enable end-to-end encryption, Teams still secures a call or meeting using encryption based on industry standards. Data exchanged during calls is always secure while in transit and at rest. also , During an end-to-end encrypted call, Teams secures the following features:

  • Audio

  • Video

  • Screen sharing

The following advanced features aren't available during an E2EE call:

  • Live captions and transcription

  • Call transfer

  • Call merge

  • Call park

  • Consult then transfer

  • Call companion and transfer to another device

  • Adding a participant

  • Recording

Also, if your organization uses compliance recording, end-to-end encryption isn't available.

Yes that's how it is for now !

Use the Teams admin center to configure end-to-end encryption

The global, organization-wide, default policy specifies that end-to-end encryption is disabled. Users in your organization will automatically get the global policy unless you create and assign a custom policy. To enable end-to-end encryption, create a new encryption policy or modify the global default policy. To enable end-to-end encryption using the Teams admin center, complete these steps.

Using a work or school account that has been assigned the Teams or global administrator role, sign in to the Teams admin center.

  1. Go to Other settings > Enhanced encryption policies.

  2. Either choose the default policy or choose Add to add a new policy and then name the new policy.

  3. To enable end-to-end encryption for your users, for End-to-end call encryption, choose users can turn it on, and then choose Save. To disable end-to-end encryption, choose Turn it off for everyone.

Once you’ve finished setting up the policy, assign the policy to users, groups, or your entire tenant the same way you manage other Teams policies.

Use Microsoft PowerShell to configure end-to-end encryption

You can manage end-to-end encryption policies using Microsoft PowerShell and the Teams admin center. Several end-to-end encryption cmdlets are included in the Teams PowerShell module and documented in the Microsoft Teams cmdlet reference. This article lists the cmdlets you can use and provides simple example configurations. These configurations use the default, global policy. Your organization might require more complex policy configuration. Complete information about these cmdlets is provided in the cmdlet reference.

End-to-end encryption PowerShell cmdlets:

Your work or school account needs the Teams or global administrator role to configure end-to-end encryption.

Questions ??

Does this capability only exist in Teams Desktop?

End-to-end encrypted calls can be made between two parties when the parties are using the latest version of the Teams desktop client for Windows or Mac, or they are on a Mobile device with latest update for iOS and Android.

Does turning on end-to-end encryption on one device also turn it on for all my devices? Yes, the setting will be synchronized across supported end points.

How do I enable end-to-end encryption from Mobile? By following these steps:

  1. In Teams Mobile, go to settings > calling.

  2. Under Encryption, turn on End-to-end encrypted calls.

How do I verify that I’m on an end-to-end encrypted call on Mobile? The mobile call also shows a lock + shield icon. Tap on the encryption indicator to reveal the 20-digit security code for the call. Just like the desktop app, both the caller and callee can verify that the code matches to ensure that both parties are on an end-to-end encrypted call.

52 views0 comments


bottom of page