Description
By default, Teams encrypts all communication using industry-standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP). If your IT admin has enabled end-to-end encryption (E2EE) for your team, you can use it to further increase the confidentiality of your one-on-one calls. Please note that both people on the call must turn on E2EE for the technology to work.
Current capabilities
During an E2EE call, Teams secures the following features:
- Audio
- Video
- Screen sharing
You will also be able to chat in these calls, but Microsoft 365 secures your chat sessions.
Advanced features, including the following, will not be available during an E2EE call in this release:
- Recording
- Live captions and transcription
- Call transfer
- Call merge
- Call park
- Consult then transfer
- Call companion and transfer to another device
- Adding a participant
If your organization uses compliance recording (enterprise call recording that helps businesses meet specific regulatory requirements), E2EE won’t be available. For more info on how Teams supports compliance recording, see Introduction to Teams policy-based recording for callings & meetings.
Flighting status
Started flighting. Rollout estimated to be complete by Tuesday October 26th 2021.
How to enable
Please note that at his moment it is only possible to allow end-to-end encryption (E2EE) using PowerShell and E2EE is only available for Teams Desktop clients. In the future it will be possible to configure the E2EE policy from Teams Admin Center. To configure the policy, follow these steps:
Use PowerShell to connect to MicrosoftTeams module, the module version must be at least 2.5.2
After changing the username, run the following command:
Grant-CsTeamsEnhancedEncryptionPolicy -identity "john@contoso.com" -policyname Tag:UserControlled
Optionally you can enable the E2EE toggle for the entire tenant by running the following command:
Set-CsTeamsEnhancedEncryptionPolicy -Identity Global -CallingEndtoEndEncryptionEnabledType DisabledUserOverride
After the policy is applied, you will be able to see the E2EE toggle under the Privacy section in Microsoft Teams desktop client settings (see picture bellow).
Verify that E2EE is working:
When the call is connected, do the following:
Look for a shield with a lock Shield with a lock in the top left corner of the call window. This indicates that E2EE is turned on for both parties.
Note: If the shield looks like this Shield without a lock, E2EE is not turned on for at least one of the parties but your call is still encrypted by Microsoft 365.
Point to the shield with a lock to view the security code and compare it with the code that the other person sees.
If both people on the call see the same code, E2EE is working properly.
To disable the feature for a particular user, run this command:
Grant-CsTeamsEnhancedEncryptionPolicy -identity "john@contoso.com" -policyname Tag:Disabled
If you want to disable E2E encryption for the whole tenant, use this command:
Set-CsTeamsEnhancedEncryptionPolicy -Identity global -CallingEndtoEndEncryptionEnabledType Disabled
Note 1: If you need information about enabling the public preview itself, see “Enable the public preview for Teams” below.
Note 2: See https://support.microsoft.com/en-us/office/use-end-to-end-encryption-for-teams-calls-1274b4d2-b5c5-4... for feature details.
Note 3: See https://docs.microsoft.com/en-us/powershell/module/teams/new-csteamsenhancedencryptionpolicy?view=te... for New-CsTeamsEnhancedEncryptionPolicy cmdlet details.
Microsoft 365 workloads and dependencies
|
Product, workload, or area |
Dependency (Yes/No) |
If yes, version requirements and other dependencies |
|
Exchange |
No |
|
|
Sharepoint, files |
No |
|
|
Skype for Business |
No |
|
|
Outlook add-in |
No |
|
|
Azure AD |
No |
|
|
OneDrive |
No |
|
|
Office |
No |
|
|
PowerShell |
Yes |
PowerShell MicrosoftTeams module version must be at least 2.5.2 |
Supported clients and platforms
|
Windows 10 |
macOS |
iOS |
Android |
Linux |
Chrome |
Firefox |
Safari |
Edge |
Internet Explorer |
|
Yes |
Yes |
|
|
|
|
|
|
|
|
How does this feature impact the existing experience?
Unless enabled by IT admins, there is no impact.
Known issues
None.
Known limitations
None.
Enable your Teams client for the public preview
- First, IT admins need to set an update policy that turns on Show preview features. Learn how at Public preview in Microsoft Teams - Microsoft Teams | Microsoft Docs.
- Users then choose to join the public preview individually. See Get early access to new Teams features - Office Support (microsoft.com) for instructions.
Summary of public preview features
For a history of features in the Office and Teams public previews, see Release Notes Current Channel (Preview) - Office release notes | Microsoft Docs.
Send us your feedback
Got feedback on features in the public preview or other areas of Teams? Let us know straight from Teams via Help > Give feedback. This is on the bottom left of the your client.
Thank you,
Preview Team, @Miroslav-Dvorak
Quality & Customer Obsession, Microsoft Teams
