Forum Discussion
End to end encryption with Microsoft Teams?
- Nov 18, 2019
Jleebiker The mobile client supports App Protection Policies from InTune that would ensure that it's content is encrypted and users are authenticated on the end point device.
E2EE means something different. It means that the messages are encrypted on the senders device and can only be decrypted on the recipients device. All of the infrastructure in the middle is irrelevant as it can not decrypt the content at all. This is not how Teams works, while every stage of the journey is encrypted the service in the middle can decrypt content if it needs, for example to store data within the retention records or if you add a new person to the conversation. E2EE is only really relevant in apps which don't have any central services.
You can still retain the data even if it is end to end encrypted, we are doing this today. You just need appropriate privilege to allow that integration between your archival platform and the application.
StevenC365 thanks for the insights on other banks using teams. I am curious if you can help me clarify few things as I am trying to learn more on teams security .
1) for data at rest , does Microsoft engineers has access to the encryption keys?
2) does Microsoft stores the data in shared database instance and have a common key?
3) how often does the key rotation happens?
Deepak_Mehta StevenC365 Hi customer key encryption at the tenant level which covers Teams chats and channel conversations is in public preview and due to be launched soon according to the roadmap feature id 68732
Here are the details of the public preview Customer Key for Microsoft 365 at the tenant level (public preview) - Microsoft 365 Compliance | Microsoft Docs