Back October 2021, the workplace and team collaboration giant announced it would put the much-coveted feature in public preview. Now, users of the platform can take advantage of end-to-end encryption (E2EE) via Microsoft Teams calls.
"With this release, only the real-time media flow, that is, video and voice data, for one-to-one Teams calls are end-to-end encrypted. Both parties must turn on this setting to enable end-to-end encryption."
Microsoft said, in a blog post announcing the news, that numerous enterprise customers in the United States and Europe across industries like aerospace, manufacturing, telecommunications, and professional services, are already rolling out the feature, designed for one-on-one Teams calls.
Also, according to Microsoft - the feature is not available by default, but rather, IT admins will need to enable end-to-end encryption. Following IT configuration and the enablement of the new feature for select users within an enterprise - they still have to enable end-to-end encryption from within their Microsoft Teams settings - with IT retaining the ability to disable the feature for 'Teams' calls as needed.
For some reason, when using E2EE for Teams one-to-one calls, Microsoft notes that certain features are not available to users, and if they wish to access: recording, live caption/transcription, call transfer (blind, safe, and consult), call parking/merging, cal companion/transfer to another device, or adding participants to make the one-to-one call a group call.
E2EE calls for Teams, now generally available with the latest version of the Microsoft Teams desktop client for Mac and PC users as well as mobile device users with Microsoft's latest update for iOS and Android. Microsoft further notes that turning on end-to-end encryption on one device also enables it on for all other devices, as the setting is synchronized.
Are Group Audio/Video Calls & Meetings Encrypted?
Well, yes, you see, Microsoft 365 encryption works to secure group audio/video calls. Microsoft states:
"As we release end-to-end encryption for Teams one-to-one calls, we will continue to learn from customers how the scenarios address their needs. We will work to bring end-to-end encryption capabilities to online meetings later."
End-to-end encryption is not currently available for PSTN calls. Chat, however, is secured by Microsoft 365 encryption. With Office 365, data are encrypted "at rest and in transit." Pair this with Microsoft's use of several vigorous encryption protocols, and you have a compelling case for robust security.
As of now, MS365's security protocols consist of Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).
Confirming Calls are Indeed Encrypted
Not to worry, if a call gets protected by end-to-end encryption within Microsoft Teams, you will notice an encryption indicator via the 'Teams call' window located in the upper lefthand corner. The Microsoft Teams end-to-end encryption indicator looks like a shield with a lock.
"Microsoft 365 encryption technologies encrypt every Teams call, and if a call is successfully end-to-end encrypted, both parties will see the end-to-end encryption indicator on the Teams call window."
By hovering over the end-to-end encryption indicator, you can display a confirmation that the call is indeed end-to-end encrypted, with Teams also showing a unique security code for the call. If you want to be sure end-to-end encryption is on - confirm that notion by verifying that the same security code displays for both parties in the call.
Enabling End-to-End Encryption on Mobile
If Microsoft's synchronization functionality fails to sync the feature, users can enable end-to-end encryption from their mobile devices.
From the Teams client, head to "Teams Mobile," then go to settings > calling. Next, under Encryption - turn on End-to-end encrypted calls. If you wish to verify end-to-end encryption on your mobile device, you can do so with relative ease.
From mobile devices - the call displays a lock and shield icon on-screen. Users can tap on the encryption indicator to show a 20-digit security code for added peace of mind. Much like the Microsoft Teams desktop app, both individuals can verify that the code matches - further ensuring both parties remain protected by end-to-end security encryption.
When users are not taking advantage of end-to-end encryption (i.e.), it is not active; the Teams encryption indicator appears as a regular shield icon without a lock. "The regular shield confirms that call gets protected by Microsoft 365 encryption and no end-to-end encryption security code will be shown," Microsoft wrote in a blog post.
No other party, not even Microsoft, has access to encrypted conversations.
The Importance of Encryption
As noted earlier, data at rest from within Microsoft 365; are protected by multi-layer security encryption - not end-to-end, however. No matter how you look at it, Microsoft's encryption protocols are still quite robust, and here is what gets protected from within Microsoft 365.
Any files uploaded to a SharePoint library, project, online data, documents uploaded via a Skype for Business meeting, email messages, attachments stored in folders in your mailbox, and files uploaded to OneDrive for Business; all enjoy some form of encryption.
Data in transit, also according to Microsoft, get encrypted, too. Data in transit include mail messages in the process of delivery and conversations that take place in an online meeting.
"In Office 365, data is in transit whenever a user's device is communicating with a Microsoft server; or when a Microsoft server is communicating with another server."
This is all well and good, but when it comes to the potential of intrusion, a large part of the burden lies on organizations to train employees regarding safe workplace collaboration tool best use practices. "Don't click on links sent from third-party/unknown senders." It could be harmful.
Bad actors will always find new and creative ways to obtain sensitive data, extort, or even hold company data for ransom. Most incidents of cyber attacks or hacks are unavoidable, with some education and the use of Microsoft's countless layers of advanced end-user protections.
Zoom acquired Keybase in May 2020 to help them beef up security measures after reports and videos of Zoombombing surfaced. The video conferencing giant Zoom even beat Microsoft to the punch, introducing end-to-end encryption for all users following the backlash it faced after announcing the feature would be for paying customers only back in 2020.