On Day 14 of Cybersecurity awareness month, ensure to enable End-to-end Encryption for confidential Teams calls. Stay tuned for more blogs in the Office 365 Cybersecurity blog series.
In recent times, Microsoft Teams has emerged as the ultimate workspace for real-time collaboration and communication. Since most of the business communication is carried out by MS teams, security has become a concern. By default, Teams calls over VOIP are encrypted using Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP). However, these protocols allow admins to configure automatic recording and transcription of calls.
But there are times when heightened confidentiality is required. There comes the End-to-end encryption for Microsoft Teams where it secures 1:1 calls and helps meet privacy requirements for the organizations.
“We need to think about encryption not as this sort of arcane, black art. It’s a basic protection!”
– Edward Snowden
What is End-to-end Encryption?
End-to-end encryption (E2EE) is one of the most practical and reliable methods for protecting digital information. E2EE does not change the way communication is executed or transmitted. It simply acts as a shield of protection where decryption takes place at the said destination, not in the intermediaries.
What Does End-to-End Encryption in Teams Calls Do?
The end-to-end encryption process encrypts content before it’s sent and only the intended recipient can decrypt it. It is not possible for anyone else to access the decrypted conversation, including Microsoft. Encryption is applied to basic call features like audio, video, screen share, and chat.
While the end-to-end encryption is turned on, users won’t be able to avail the following settings.
- Call Recording
- Live caption and transcription
- Call Transfer
- Call Park
- Call Merge
- Call companion and transfer to another device
- Consult then transfer
- Add participant to make one-to-one call a group call
Note- If users require these features in a one-to-one Teams call, then they need to turn off the end-to-end encryption manually.
Prerequisites to Turn on End-to-end Encryption:
- Users on both sides should have the latest versions of the Teams desktop client for Windows or Mac.
- Users must have the latest version of the Teams app on their iOS and Android phones to enable the setting on their phones.
- Users can have Teams Rooms on Windows device with the latest update.
- End-to-end encryption won’t be available for Teams on the web.
How to Enable End-to-end encryption for Microsoft Teams?
End-to-end encryption policy for Microsoft Teams calls can be enabled through both the admin center and Microsoft PowerShell.
Actions That Admins Need to Take
Using Admin Center:
The foremost step involves admins turning on the End-to-end encryption policy in the Teams admin center. Do note that it will take some time for the changes made in Teams policies to take effect.
- Open the Microsoft 365 Teams admin center.
- Select Enhanced encryption policy.
- Add a new policy and name it.
- By default, the end-to-end encryption policy will be disabled. Change it to Not enabled, but users can enable, and click Save.
- Select the policy and assign users for whom you want to enable the end-to-end encryption policy.
Using PowerShell:
After connecting to the Teams module,
Case 1 – If you want to enable end-to-end encryption for the whole tenant, you can run the below cmdlet.
1 |
Set-CsTeamsEnhancedEncryptionPolicy -Identity Global -CallingEndtoEndEncryptionEnabledType DisabledUserOverride |
The ‘DisabledUserOverride’ parameter means that E2EE is disabled by default, but users can override this default configuration to enable E2EE in their Teams settings.
Case 2 – If you want to enable end-to-end encryption for a specific user, run the below cmdlet. You can provide the required user’s email address in the ‘Identity’ parameter.
1 |
Grant-CsTeamsEnhancedEncryptionPolicy -Identity "Magnus@vioroly.onmicrosoft.com" -PolicyName "E2EUserPolicy" |
Actions That Users Need to Take
After the encryption policy is configured by the admin, the users will be able to see the end-to-end encryption option in their Teams settings. Users can enable this setting by using the steps mentioned below.
- Open the Microsoft Teams desktop app.
- Select More options next to the profile picture.
- Choose ‘Settings’ and go to ‘Privacy’.
- Turn on the ‘End-to-end encrypted calls’ setting.
How Can You Confirm if You Are on End-to-End Encrypted Teams Call?
Once the setting is enabled, every Teams call is encrypted by Microsoft 365 encryption technologies. Users can see an encryption indicator (shield with a lock) in the upper left corner of the Teams call window. If a Teams call is encrypted, users at both ends can see the same security numbers.
Even though users with routine check-in calls are likely not to be hampered by encrypted communication, it will play a significant role when you want to discuss corporate secrets and other sensitive information over MS Teams! Stay vigilant & up to date on the Microsoft Teams security best practices with our essential settings list.
Manage Microsoft Teams Calls and Meeting Activities with AdminDroid
In addition to one-on-one Teams calls, it is also important to monitor user activities during Microsoft Teams calls and meetings for secured collaboration. With a large volume of data, relying solely on native auditing tools to identify critical events is no longer sufficient. Here comes the AdminDroid Teams reporting tool, where you can manage daily Teams call and meeting activities with ease. 🔍✅ Gain valuable insights into Teams meeting engagement, daily Teams call count, and more in one centralized platform.
Find the AdminDroid Teams Activity Reports below:
- Daily calls/meetings summary – Get a list of daily summary of Teams calls and meetings in the organization and get to know how frequent they are.
- Daily team meeting activities – Admins can monitor daily Teams activities happening in the organization and analyze how your team members are leveraging Teams for their meetings.
- Daily team meeting duration – The report offers an insightful summary of the meeting duration attended by each user in your organization on a daily basis.
- Overall team meeting activities – This report provides a list of users with their various Teams meetings count, like ad-hoc meetings, one-time meetings, and recurring meetings.
- Overall team meeting duration – This report allows you to compare meeting duration trends over time to identify behavior patterns in your Teams meetings and optimize accordingly.
In addition to its role as a Microsoft Teams management tool, AdminDroid also provides 1800+ pre-built reports for various M365 services, including Azure AD, Security, Exchange Online, SharePoint Online, MS Teams, etc. This comprehensive reporting enables admins to manage and monitor the entire Microsoft 365 environment effectively!
Gain valuable insights and analyze the organization’s performance with ease by scheduling and exporting the required reports. Whether a small business or a large enterprise, AdminDroid provides the features an admin needs to manage and optimize your Microsoft Teams environment effectively!