Saturday, February 4, 2023

Microsoft Teams End-to-End Encryption for VOIP 1:1 & Teams Meeting

Microsoft Announced about Teams Premium feature at the end of last year and starting Feb'2023, it's now in General Availability. It might be the fastest I've seen any prominent new Teams feature go from the initial announcement to an actual implementation!

Teams use mutual TLS (MTLS), and Server to Server (S2S), OAuth for server communications within Microsoft 365. And also uses TLS from clients to the service. All traffic on the network is encrypted. MS Teams audio, video, and application sharing use Secure Real-Time Transport Protocol (SRTP) to encrypt the media stream with TLS 1.2 and AES-256 for UDP or TCP channels.

What is E2EE (End-to-end Encryption)?


End-to-end encryption or E2EE is the encryption of information at its origin and decryption at its intended destination without the ability for intermediate nodes or parties to decrypt. E2EE adds an extra layer of security to your Teams VOIP 1:1 or meetings.

How to turn on the E2EE feature?

  • Login into the Teams Admin Center and navigate to Enhanced encryption policies.

  • By default, there are 3 policies, You can either create a new policy OR modify the Global/User Controlled Policy and set the "Not enabled, but users can enable" option and click Save.


  • Once you’ve finished creating the policy, assign the policy to users.
How to use the E2EE feature in VOIP 1:1/Teams Meetings?

Even though the E2EE policy is assigned to users, it's not enabled by default. 

How to Enable E2EE for VOIP 1:1 Teams Calls -

E2EE feature only supports real-time media flow, that is audio, video, and content sharing. Both users have to turn on the End-to-end encryption settings on their client.

End-to-end encryption, or E2EE, happens when content is encrypted before it's sent and decrypted only by the intended recipient. With end-to-end encryption, only the two endpoint systems are involved in encrypting and decrypting the call data. No 3rd party compliance recording has access to the encrypted conversation, including Microsoft.


The following advanced features aren't available during an E2EE call:

  • Live captions and transcription

  • Call transfer

  • Call merge

  • Call park

  • Consult then transfer

  • Call companion and transfer to another device

  • Adding a participant

  • Recording

  • Access to Apps

How to Enable E2EE for Teams Meetings -

E2EE feature only supports real-time media flow, that is audio, video, and content sharing. 

It's an end-user-level setting, the user has to turn it on for each meeting under the "Meeting Options".







How to Confirm the meeting is in E2EE?

When the meeting is encrypted with E2EE, you will receive a notification when you join the call. Also, you will see the lock icon in the top left corner. When you click, you will see the encrypted code, which will be the same across all participants.


The following features aren't available during an end-to-end encrypted meeting:

  • Live captions and transcription

  • Recording

  • Together mode, companion mode, large gallery view.

  • Breakout rooms.

  • Compliance Recording.


What features are not E2EE supported?

Apps, Avatars, Filters, Chat, Q&A, and Reactions, Live caption and transcription, Recording, Together mode, Companion mode, Large gallery, and Breakout rooms are not end-to-end encrypted.

Is there any meeting size limitation?

Yes, the meeting size is limited to 50 users,  If the 51st person tries to join an E2EE meeting, they will be blocked from joining.

No comments:

Post a Comment