Forum Discussion
Clarification on Microsoft Teams Encryption: E2EE vs. Default Encryption
I’m seeking some clarity on the differences between the end-to-end encryption (E2EE) offered with the Teams Premium license and the default encryption for data at rest and in transit within Microsoft Teams.
From what I understand, Teams data is already encrypted both in transit and at rest by default. However, I’m unsure how the E2EE provided under the Teams Premium license differs from this standard encryption. Could someone explain in simple terms the specific differences between these two encryption methods?
I’m particularly interested in understanding how I can effectively communicate these differences to my clients, who may not be very technical but need to grasp the security advantages of the Premium license.
HelloMarnik !
Below is a snippet from Microsoft Learn about E2EE
"End-to-end encryption is the encryption of information at its origin and decryption at its intended destination without the ability for intermediate nodes to decrypt. When meetings in Teams are end-to-end encrypted, nobody except for the participants in the meeting can hear or see the communication. No other party, including Microsoft, has access to the decrypted conversation."
By default Teams encrypts communication via TLS, this means that in transit and at rest the data is encrypted, but the data passes is stored and accessible by Microsoft, log systems and so forth.
For example, when you have a 1:1 call and choose to record the call, Microsoft services will have to "Hear" and "see" the call in order for it to record it and store it. What this means is that the data is encrypted between Client-Server-Client.With E2EE, the communication is encrypted Client-Client, this means that no intermediate party can hear or see the data, not even Microsoft. Since Microsoft cant access the data, features below wont work in E2EE calls, since Microsofts services cant "Hear" or "See" the content.
- Screen Recording
- Transcript
- Copilot
- Dial in
- Together mode
- Request control
- Live captions
- Invite more participants
Summary:
E2EE calls is more secure than the regular teams encryption since Microsoft or other parties other than the participants of the meeting can "See" or "Hear" the call/meeting. This also means that some well known features in teams wont be usable in these calls since Microsoft doesnt have access to it.
However, your data will always be encrypted in some way despite what method you choose to use
With that in mind, E2EE calls should probably not be the default. I have a hard time thinking that a "Daily standup" or "Virtual Coffe breaks" should be E2EE encrypted.
Use cases for E2EE calls:
E2EE calls would be most usefull in meetings or calls that are highly confidential, for example board meetings that cant be recorded, meetings with client that fall under an NDA or similar.
Hope this helps you, if not let me know and I'll be happy to further assist 🙂
Cheers
Oliwer Sundgren
1 Reply
HelloMarnik !
Below is a snippet from Microsoft Learn about E2EE
"End-to-end encryption is the encryption of information at its origin and decryption at its intended destination without the ability for intermediate nodes to decrypt. When meetings in Teams are end-to-end encrypted, nobody except for the participants in the meeting can hear or see the communication. No other party, including Microsoft, has access to the decrypted conversation."
By default Teams encrypts communication via TLS, this means that in transit and at rest the data is encrypted, but the data passes is stored and accessible by Microsoft, log systems and so forth.
For example, when you have a 1:1 call and choose to record the call, Microsoft services will have to "Hear" and "see" the call in order for it to record it and store it. What this means is that the data is encrypted between Client-Server-Client.With E2EE, the communication is encrypted Client-Client, this means that no intermediate party can hear or see the data, not even Microsoft. Since Microsoft cant access the data, features below wont work in E2EE calls, since Microsofts services cant "Hear" or "See" the content.
- Screen Recording
- Transcript
- Copilot
- Dial in
- Together mode
- Request control
- Live captions
- Invite more participants
Summary:
E2EE calls is more secure than the regular teams encryption since Microsoft or other parties other than the participants of the meeting can "See" or "Hear" the call/meeting. This also means that some well known features in teams wont be usable in these calls since Microsoft doesnt have access to it.
However, your data will always be encrypted in some way despite what method you choose to use
With that in mind, E2EE calls should probably not be the default. I have a hard time thinking that a "Daily standup" or "Virtual Coffe breaks" should be E2EE encrypted.
Use cases for E2EE calls:
E2EE calls would be most usefull in meetings or calls that are highly confidential, for example board meetings that cant be recorded, meetings with client that fall under an NDA or similar.
Hope this helps you, if not let me know and I'll be happy to further assist 🙂
Cheers
Oliwer Sundgren