How to Use end-to-end encryption for Teams calls
Desktop
When a one-on-one call is required to be confidential, Teams provides end-to-end encryption for the use of private, one-on-one calls. The E2EE uses encryption at the origin of the call to keep it from being decrypted between the origin and the destination so that there is no way for any information to be decrypted between these two points.
Overview
It is intended to provide a secure environment for all communication between teams through the use of the industry-standard protocols TLS and SRTP, which is a secure, real-time transport protocol that is used by default to encrypt all communication. See Security and Microsoft Teams for more information on the security framework used by Teams.
Depending on whether your IT administrator has enabled end-to-end encryption (E2EE) for your team, you can implement a few tricks that will further enhance your team’s ability to maintain the confidentiality of one-on-one conversations. In order for the technology to work, it must be turned on by both people on the call.
Current capabilities
A Teams call is secured by these features during an E2EE call:
- It’s audio
- It’s a video
- Sharing of a screen
Microsoft 365 contains a lot of features that you can use in conjunction with the calls, including the ability to chat during the call.
E2EE calls are not going to provide advanced features, such as the ones listed below, because:
- The recording process
- Captions and transcriptions in real time
- Transferring a call
- Merge of calls
- Park your calls in the call park
- The consultation is followed by the transfer
- Transferring a call to a different device with the help of your call companion
- An additional participant can be added by clicking the button below
If the organization you work for is a compliance recording organization, it may be possible that E2EE will not function for your organization (a process that enables businesses to meet regulatory requirements by recording their business calls). Check out Introduction to Teams policy-based recording for calls and meetings if you would like to learn more about the way Teams supports compliance recording.
Make a call using E2EE
Turn on E2EE
There are a few things that both parties must do before the call:
- You will be able to choose Settings from the drop-down menu when you select More options next to your profile picture in Teams when you select More options next to your profile picture.
- Click on Privacy on the left side of the screen, then choose End-to-end encrypted calls from the list of options, and then choose the toggle next to it.
Verify that E2EE is working
Upon connecting the call, you need to take the following steps:
- The top left corner of the call window will have a shield with a lock on it. In this case, it means that E2EE has been enabled for both parties.
- Note: If the shield looks something like this , then one of the parties has not turned on E2EE while the call is still encrypt by Microsoft 365 even if E2EE is not on for both parties at the same time.
- The security code will be displayed on the shield with the lock. Compare the security code with what the other person sees and identify which one is correct.
- E2EE is functioning properly if both the callers see or hear the same code on the same line.
Mobile
In order for one-on-one calls to be able to be enabled and used on your mobile device for end-to-end encryption, please follow the steps listed below in order to be able to accomplish that.
Turn on E2EE
There are a number of things that both people should do before getting on the phone:
- You need to click on the image of your profile in the upper left corner of the screen in order to access the settings menu of Teams. Once the Settings menu is visible, you can make any changes you want.
- Go to the Calling section of the menu, scroll down to the End-to-End Encrypted section, click the toggle that tells you whether the feature is turned on, and it will become active.
Verify that E2EE is working
The following steps need to be taken once the call has been connected.
- On the left hand side of the call window, you can find a shield with a lock next to it. Both parties have E2EE enabled, which indicates that both of them have E2EE enabled.
- Note: There is no lock on the shield, which indicates that at least one party does not have E2EE turned on, but you are still protected by Microsoft 365’s encryption even if E2EE is not turned on.
- If you tap the shield with a lock, you will be able to view the security code for the shield, and if you compare it with the security code that is revealed to the other person, you will be able to make sure you are correct.
- A successful operation of E2EE can be determined by seeing the same code on both ends of the call.
Frequently Asked Questions
Can I use E2EE for group meetings and calls?
As of yet, no. In the beginning, E2EE will only be available for one-on-one team calls with other teams in the organization. In the future, we will work on bringing E2EE capabilities to online meetings following the gathering of customer feedback to understand how it will meet their compliance obligations and needs.