Forum Discussion
End to end encryption with Microsoft Teams?
- Nov 18, 2019
Jleebiker The mobile client supports App Protection Policies from InTune that would ensure that it's content is encrypted and users are authenticated on the end point device.
E2EE means something different. It means that the messages are encrypted on the senders device and can only be decrypted on the recipients device. All of the infrastructure in the middle is irrelevant as it can not decrypt the content at all. This is not how Teams works, while every stage of the journey is encrypted the service in the middle can decrypt content if it needs, for example to store data within the retention records or if you add a new person to the conversation. E2EE is only really relevant in apps which don't have any central services.
Jleebiker All Teams data is encrypted "in transit and at rest" see https://docs.microsoft.com/en-us/microsoftteams/security-compliance-overview.
I'm not really sure what E2EE would mean in a Teams context, it's typically for consumer type apps where the data is only decrypted on the end client devices. Teams can't be this, the data resides in Office 365 and is subject to retention and ediscovery.
- StevenC365Nov 18, 2019MVP
Jleebiker The mobile client supports App Protection Policies from InTune that would ensure that it's content is encrypted and users are authenticated on the end point device.
E2EE means something different. It means that the messages are encrypted on the senders device and can only be decrypted on the recipients device. All of the infrastructure in the middle is irrelevant as it can not decrypt the content at all. This is not how Teams works, while every stage of the journey is encrypted the service in the middle can decrypt content if it needs, for example to store data within the retention records or if you add a new person to the conversation. E2EE is only really relevant in apps which don't have any central services.
- alexwallFeb 12, 2020Copper Contributor
Are there any plans for a service like EKM (Enterprise Key Management)? Enterprise-side keys allow businesses to be 100% assured of confidentiality and can enable direct control and data portability. Otherwise, customers may have to limit their usage of the platform.
- StevenC365Feb 13, 2020MVP
alexwall Already exists ...
https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-key-overview
- JleebikerNov 18, 2019Iron ContributorThanks! Is InTune something we need to turn on manually and create a policy to manually add people to?
- StevenC365Nov 19, 2019MVP
Jleebiker More on App Protection Policies here -> https://docs.microsoft.com/en-us/intune/apps/app-protection-policy