If you are using Microsoft Teams and would like to enable full end-to-end encryption (E2EE) for conversations, this article will guide you through the process. There are quite a few limitations and restrictions for this process at the moment so you’ll have to be aware of that moving forward.
Microsoft Teams has seen a lot of changes and improvements come to the platform over the last twelve months, with more major changes on the way. One of the latest features to reach Microsoft Teams is end-to-end encryption (E2EE) which secures conversations from any security issues and possible intercepts. Although this feature is long overdue there are some limitations you need to be aware of before trying to enable it.
The first thing to be aware of is that this feature needs to be enabled by the IT admins within every organization. Average users can’t just enable and use it. Secondly, E2EE in Microsoft Teams is only available for one-on-one conversations (2 people convos). So how exactly does it work? Putting it simply all information that enters Teams is encrypted, sent, then decrypted on arrival. Preventing any intermediaries from eavesdropping on conversations. No other intermediate party, including Microsoft, will have access to this decrypted conversation on call.
Only the real-time media flow, i.e video and voice data on Team calls can be encrypted. Both parties should turn on this setting to enable end-to-end encryption. With encryption in Microsoft Teams, chats, file sharing, presence, and other files stay protected. With end to end encryption enabled, you’ll lose access to the following features.
- Call transfer (blind, safe, and consult)
- Call Park and Call Merge
- Live caption and transcription
- Call companion and transfer to another device
- Add participant to convert one-to-one call to a group call.
Enable end-to-end encryption for calls in Microsoft Teams Admin Center.
In order to use end-to-end encryption in Microsoft Teams, you’ll need to make the following changes in Teams Admin Center. (Not everyone will have access to this) If you don’t have access to this, you won’t be able to enable E2EE.
- Sign in to Microsoft Teams Admin Center
- Go to Other settings > Enhanced encryption policies.
- Name the new policy for end-to-end encryption.
- Now choose the users who will be able to use this feature.
- Once, the policy is created, you can assign it to users, groups, or the entire tenant.
Just make sure that users are aware that they still need to enable the feature in Microsoft Teams on their end. So keep reading below for the steps involved in that process.
How to enable end-to-end encryption in Microsoft Teams.
Once E2EE has been enabled in Microsoft Teams Admin Center, users can enable the feature on their end.
- Click yourProfile Picture or the ellipses next to your profile picture. It is located on the top right of the Teams window.
- ClickSettings > Privacy.
- The user can then turn on end-to-end encryption by toggling the switch.
Once the setting is enabled, users will see an encryption indicator in the upper left-hand corner of the Teams window.
How to enable end-to-end encryption in Microsoft Teams Mobile.
- Open Microsoft Teams on your mobile device.
- Select Settings > Calling.
- Then under Encryption, turn on end-to-end encryption calls.
Once it is on, the mobile call will show a lock + shield icon. The user can tap on the encryption indicator to know the 20-digit security code for the call.