What is end-to-end encryption (E2EE)?
End-to-end encryption or E2EE is the encryption of original information followed by its decryption at the said destination so that intermediaries cannot decrypt information midway and it is kept secure. With this recent update, both parties on a one-to-one call can turn on E2EE, and the communication between these parties in the call will be encrypted from end to end. No other intermediate party, including Microsoft, will have access to this decrypted conversation on call. Also, only the real-time media flow, i.e video and voice data on Team calls can be encrypted. Both parties should turn on this setting to enable end-to-end encryption. With encryption in Microsoft Teams, chats, file sharing, presence, and other files stay protected.
Enable end-to-end Encryption for one-to-one Calls in Microsoft Teams
To enable Microsoft Teams end-to-end encryption, follow the below steps (For IT admins): But, please note that end-to-end encryption is not available to users in the tenant. Once the policy is configured, the users need to turn on end-to-end encryption in their Teams settings before a call.
[Image source – Microsoft]
How can users enable end-to-end encryption in one-to-one Team calls?
Once the policy is configured by the IT admin, users can see a setting to turn on end-to-end encryption for their one-to-one calls. Follow the below steps:
How to know if you are on a Teams end-to-end encrypted call?
Once the setting is turned on, users can see an encryption indicator on the Teams call window in the upper left corner. Please note that Microsoft 365 encryption technologies encrypt every Teams call. But, if a call is end-to-end encrypted, the respective indicator will be seen in the Teams call window for both parties. This indicator is a shield with a lock. To confirm end-to-end encryption, both parties can also access a security code, which once verified by both confirms end-to-end encryption working correctly on Teams call. This end-to-end encryption update is available on the latest update of the Teams desktop client for Windows or Mac. It is also available on a mobile device with the latest update for iOS and Android.
How to turn on Teams end-to-end encryption from mobile?
Once it is on, the mobile call will show a lock + shield icon. The user can tap on the encryption indicator to know the 20-digit security code for the call. Similar to desktop/laptop, both parties can verify that the said code matches on an end-to-end encrypted call. When end-to-end encryption is not on, the Teams encryption is a regular shield without a lock. This shield shows that the call is protected by Microsoft 365 encryption and there is no end-to-end encryption.
Which features are not available with end-to-end encryption in Microsoft Teams?
The features are: You can also turn on these features by going to Settings and turning off end-to-end encryption.
Why do you need end-to-end encryption during calls and chats?
The End-to-end encryption or E2EE makes sure that your data such as voice or text is kept undisclosed until it reaches the recipient. Encryption is applied when you are talking as well as to messaging, email, file storage, or anything else. Encryption ensures that no one in the middle can see your private data.
