Microsoft announced E2EE or end-to-end encryption for Teams back at the start of the year. It has finally arrived last week encrypting all one-to-one calls on Teams. But how do you enable it and how would users on the call know if their calls are safely end-to-end encrypted? Let’s find out.
Who Can Enable E2EE on Teams Calls
Only the IT admins can enable end-to-end encryption for one-on-one calls for all users. Once the IT admin has enabled it, team members must enable it before they can use it. You will need to talk to your admin to confirm the rollout.
What Is Encrypted With E2EE on Calls in Teams
Microsoft uses Session Description Protocol (SDP) [RFC 4566] to encrypt all one-to-one calls on Teams.
Once the end-to-end encryption has been enabled on both sides, all one-to-one calls will get encrypted. That means nobody, not even Microsoft will have access to the decrypted call details.
But Teams also allows sharing media files and messaging. The good news is that during the call duration, along with voice and video data packets, all files shared during the call will also get encrypted. This includes text messages too but that is encrypted by Microsoft 365 encryption instead.
How to Enable/Disable E2EE on One-to-One Calls in Teams
The first step is to enable the option at the admin level. To do that, go to Teams Admin Center and sign in with your admin account credentials. This is where you can manage the Teams account for all users.
Once you are logged in, go to Other settings > Enhanced encryption policies.
You will need to create and name a new encryption policy. Choose a name that makes sense and can be easily identified later. Finally, select Users can turn it on option and then click on Save to save changes made.
As you may have noticed, even when the encryption for one-to-one calls in Teams has been enabled by the admin, it still needs to be enabled by the members of the organization. This requires you to educate them about this new feature and let them know the pros and cons of enabling/disabling it clearly.
For the user to enable encryption for one-to-one calls in Teams, he/she will need to click on the three-dot menu icon and select Settings.
Under the Privacy tab on the left, enable the toggle for End-to-end encryption calls.
When a call is initiated, the E2EE setting will be synchronized across devices. It means if you have enabled E2EE on your device and make a call to a user who has not enabled it yet, Teams will sync the setting and enable E2EE on his/her device automatically.
Verify If E2EE Is Enabled and Working
So after enabling E2EE, when you initiate or receive a call, how do you know if the other person has enabled it too?
Microsoft Teams will show a shield with a lock icon at the upper left corner of the screen if E2EE is enabled during the call.
Simply hover over the icon to confirm if the call is indeed encrypted. Ask the other user to do the same. You will also notice a security code. The same security code must also appear at the other end of the call. If both the parties are not seeing the same security code, the call is not encrypted or compromised. Check settings and initiate the call again.
Note: Even if end-to-end encryption for one-to-one calls is not enabled by the admin or the user, Microsoft still uses industry-standard practices to encrypt all data exchanged during the call while in transit and at rest.
How to Enable Teams E2EE on Mobile Apps
The admin settings are not available on Teams mobile apps. You will need to open Teams Admin Center in a browser. You may try using a mobile browser though.
To enable it as a user, go to Settings > Calling. Under “Encryption”, enable toggle for End-to-end encrypted calls.
Again, you can verify whether the call is encrypted or not by comparing the security code on both ends of the call. During the call, tap on the shield with a lock icon to reveal the security code.
1. Is E2EE for Teams calls enabled by default
No. IT admins will have to enable them manually to enjoy private and secure calls, chats, and file transfers.
2. Are there any drawbacks of using E2EE for one-on-one Teams calls
Yes. Certain services won’t work when team members are on E2EE calls. They are recording, live captions and transcriptions, call transfer, call merge, call park, Cal Companion, and the ability to add more members to turn one-to-one calls into a group call. In order to use these features during the call, the users will have to disable E2EE.
3. Is E2EE available on Teams mobile clients
Yes. It is available for both desktop clients ⏤ Windows and macOS and mobile clients ⏤ Android and iOS.
4. Are group calls encrypted in Teams
Yes, group calls are encrypted too, however, they are encrypted using Microsoft 365 encryption instead which we discussed once above. This is true for both voice and video calls.
Wrap Up: Enable/Disable E2EE in One-to-One Calls in Teams
Microsoft Teams has come a long way since its inception. It was always designed to be more than mere video conferencing call solutions like Teams and Zooms with a focus on the larger Office ecosystem. With encryption, Teams has only gotten better and more secure.
Are you using Teams on a desktop? Here are some cool Teams shortcuts and tricks that will help you get more out of in less time.