How to enable end-to-end encryption in Teams meetings

End-to-end encryption – a new feature that helps you protect Teams meeting data is available in the Teams Premium trial license. Using this feature you add an extra protection layer to your meetings and minimize potential attacks. It supports the most important meeting features, and you can enable/disable it using Teams policies.

Let’s go and check how it works and how to use it.

Introduction

End-to-end encryption (E2EE) is an additional protection that you can enable for a specific Teams meeting. If it’s enabled all supported data are encrypted on source clients and decrypted at destination clients. Data transferred between the clients is encrypted and no one has access to the information.

Important – E2EE is an additional encryption technique. By default, all data in Teams are encrypted using industry protocols. You should think about the feature as an additional way to protect meetings. When someone is trying to intercept transferred meeting data the feature will help you identify that.

Limitations

E2EE does NOT protect all existing features in Teams meetings. It’s very important to understand what can be protected and what is not available at such meeting. You don’t want to enable protection and lost the most important feature!

Secured features with E2EE:

  • Audio
  • Video
  • Screen Sharing

Features not encrypted with E2EE:

  • Apps
  • Avatars
  • Reactions
  • Chat
  • Q&A

Features not available during the meeting with E2EE enabled:

  • Live captions
  • Transcriptions
  • Recording (both manual and automatic)
  • Together mode, companion mode, large gallery
  • Breakout rooms

Before you start encrypting a meeting, go through the list and ensure that you won’t need any of those features.

Supported Teams clients

End-to-end encryption is only available in the latest Teams clients (Windows and Mac clients, mobile clients, and Teams Room based on Windows). The web client is not supported and you won’t be able to join the encrypted meeting.

Enable End-to-end encryption

Before you can start you must acquire a Teams Premium license (right now it’s available as a 30-day trial). You can find the detailed instruction in my previous post – https://modernworkplace.site/introduction-to-teams-meeting-templates/. E2EE must be enabled at the tenant level so you must have Teams Admin privileges.

1. Navigate to Teams Admin Center (https://admin.teams.microsoft.com/) and open the Enhanced encryption policies section

2. Open the Global (Org-wide default) policy and check End-to-end meeting encryption settings.

3. Enable encryption by selecting Not enabled, but users can enable and save your changes. That’s it – end-to-end encryption is enabled, and you can start using it.  Keep in mind that Teams policies require some time to propagate (a few hours).

How to encrypt a meeting

By default, E2EE is disabled for meetings but every organizer can go to a meeting settings and enable it. You must enable it before the meeting starts! If you forget about it you won’t be able to do this during the running meeting.

1. Create a meeting in Teams or Outlook

2. Go to the meeting settings and enable Enable end-to-end Encryption. When you do these following settings will be disabled automatically:

  • Record automatically
  • Provide CART Captions
  • Enable language interpretation
  • Who can record

3. Save and you can now join the meeting.

Encrypted meeting experience

1. When you join a meeting with end-to-end encryption enabled you will get a notification

2. There is also the icon indicating that the meeting is protected

3. When you click on the icon you get detailed information about protection and encryption code. The code is a 20-digit number, and it must be the same for all meeting participants. If someone has a different code it means that there is something wrong (hacked, error) with the encryption and all should leave the meeting ASAP.

4. If you open the chat window you will get a notification that the chat is not encrypted by the E2EE.

5. The encrypted meeting disables also all not supported features such as recording.

6. If you try to join the meeting from a web browser you will get an error message

Summary

End-to-end encryption for Teams meetings adds an additional layer to protect your information. If you need to secure audio, video, or shared content you can enable the feature for a specific meeting. With E2EE enabled you will lose some features so evaluate the pros and cons before you enable it. Missing a web browser is not a big loss in my opinion – desktop/mobile clients are supported so you have plenty of options to work with.

Celebrate Microsoft Teams Week 😀

About the Author

Microsoft 365 consultant and architect. I create applications and solutions that improve and facilitate work using Power Platform, SharePoint, and Teams.

My adventure in IT began in 2005. Since then I have been creating and implementing business applications based on SharePoint and Office 365 platforms. I am a big fan of task and process automation (Power Automate) and Modern Workplace platforms (Microsoft Teams).

Privately a husband, father of 2 sons. Fan of science fiction and cyberpunk, futurist. I co-organize the SharePoint Saturday Warsaw conference, speaker at Microsoft social events.

Reference

Siewnicki, M., 2023, How to enable end-to-end encryption in Teams meetings, Available at: https://modernworkplace.site/how-to-enable-end-to-end-encryption-in-teams-meetings/ [Accessed on 15 March 2023]

Share this on...

Rate this Post:

Share: