Microsoft Teams End-to-End Encryption

By jonas Author

Updated - December 31, 2021

Microsoft Teams End-to-End Encryption


In the beginning of the year, Microsoft announced E2EE, or end-to-end encryption for Teams. It has finally arrived last week encrypting all one-to-one calls on Teams. How do you enable it and how do users on the call know if their calls are securely encrypted end-to-end? Let's learn.

Which Teams Users Can Enable E2EE?

For all users, end-to-end encryption can only be enabled by the IT admins. IT admins must enable it before team members can use it. Talk to your admin about enabling it.

What Is Encrypted With E2EE on Team Calls

Teams encrypts all one-to-one communications using the Session Description Protocol (SDP) [RFC 4566].

Once end-to-end encryption is enabled on both sides, all one-to-one calls will be encrypted. No one, not even Microsoft, will be able to access decrypted call details.

Teams also offers media sharing and messaging. During the duration of the call, along with voice and video data packets, all files shared during the call will also be encrypted. In addition to text messages, Microsoft 365 encryption is also used to encrypt text messages.

Team One-to-One Calls - Enabling/Disabling E2EE

Activating the option at the admin level is the first step. You will need to log in with your admin account credentials in the Teams Admin Center. It is here where you can manage all Team accounts.

Click on Other settings > Enhanced encryption policies once you are logged in.


A new encryption policy must be created and named. Name it so that it's easy to identify later. Finally, click on Save to save the changes made.

In Teams, even when encryption is enabled by the admin, members of the organization still need to enable it. This means that you must explain to them the pros and cons of enabling/disabling this new feature.

A user can enable encrypted one-to-one calls by clicking on the three-dot menu icon and selecting Settings.


Turn on the toggle for End-to-end encryption on the left side of the Privacy tab.


E2EE settings are synchronized across devices when a call is initiated. Teams will sync the setting and enable E2EE automatically on a user's device if he/she has not enabled it yet and you use E2EE on your device.

Check if E2EE is enabled and working

When you initiate or receive a call after enabling E2EE, how can you tell whether the other person has enabled it too?

In the upper left corner of the screen, Microsoft Teams displays a shield with a lock icon if E2EE is enabled.


To verify that a call is encrypted, hover the mouse over the icon. Have the other person do the same. An encryption code will appear. The other end of the call must also display the security code. There is no encryption or compromise of the call if both parties do not see the same security code. Re-enter the settings and try again.

Note: Even if end-to-end encryption for one-to-one calls is not enabled by the admin or the user, Microsoft still uses industry-standard practices to encrypt all data exchanged during the call while in transit and at rest.

How to Enable Teams E2EE on Mobile Apps

The admin settings are not available on Teams mobile apps. You will need to open Teams Admin Center in a browser. You may try using a mobile browser though.

To enable it as a user, go to Settings > Calling. Under “Encryption”, enable toggle for End-to-end encrypted calls.

Again, you can verify whether the call is encrypted or not by comparing the security code on both ends of the call. During the call, tap on the shield with a lock icon to reveal the security code.

FAQs

1. Is E2EE for Teams calls enabled by default

No. IT admins will have to enable them manually to enjoy private and secure calls, chats, and file transfers.

2. Are there any drawbacks of using E2EE for one-on-one Teams calls

Yes. Certain services won’t work when team members are on E2EE calls. They are recording, live captions and transcriptions, call transfer, call merge, call park, Cal Companion, and the ability to add more members to turn one-to-one calls into a group call. In order to use these features during the call, the users will have to disable E2EE.

3. Is E2EE available on Teams mobile clients

Yes. It is available for both desktop clients ⏤ Windows and macOS and mobile clients ⏤ Android and iOS.

4. Are group calls encrypted in Teams

Yes, group calls are encrypted too, however, they are encrypted using Microsoft 365 encryption instead which we discussed once above. This is true for both voice and video calls.

Wrap Up: Enable/Disable E2EE in One-to-One Calls in Teams

Microsoft Teams has come a long way since its inception. It was always designed to be more than mere video conferencing call solutions like Teams and Zooms with a focus on the larger Office ecosystem. With encryption, Teams has only gotten better and more secure.

Are you using Teams on a desktop? Here are some cool Teams shortcuts and tricks that will help you get more out of in less time.

You May Also Like!