Written by Christopher Oleson, Modern Workplace Solutions Architect at Maureen Data Systems (MDS)

Recently, there was an announcement from Microsoft on the availability of end-to-end encryption within Teams. Previously, calls made on Microsoft Teams had already been encrypted through the Microsoft Teams 365 encryption technology. However, different from this previous technology, end-to-end encryption works in a more advanced way by eliminating intermediate or third-party decryption possibilities. Below is an overview of the Microsoft team end to end encryption.  

What does End-to-end mean? 

According to Microsoft, “end to end encryption or E2EE is the encryption of information at its origin and decryption at its intended destination without the ability of intermediate nodes or parties to decrypt.”

What this functionality aims to show is that once both parties enable the E2EE on one-on-one call, the conversation between the two parties becomes completely private, encrypted the conversation, chat and other communications on that call. This is such that even Microsoft and other integrated solutions within Teams will not be privy or have access to those encrypted communications. 

In the announcement, a clarification was made that “only the real-time media flow, that is, video, and voice data, for one-to-one teams are end-to-end encrypted.” Meaning the team can’t function using the Microsoft 365 encryption in place of the “end-to-end encryption”. The announcement stated that 365 employs encryption for “chat, data sharing, presence, and other components in that call.”



While on a call, Teams users can verify the end-to-end encryption is enabled through a lock plus shield icon, which appears on the top left-hand side of the screen. Callers can also verify the end-to-end encryption through the 20-digit number displayed on both users’ screens. The two numbers must be the same. If otherwise, it means the call is being intercepted. 

Organizations using Teams desktop client for Windows or Mac or a mobile device with the latest android or iOS version will all have access to end-to-end encryption functionality. 

Disabled by Default

For Teams users, the end-to-end encryption is disabled by default. Organizations wanting to use the feature need to enable it for their tenant.

How IT Administrators can make End-to-end encryption available for their organization

According to Microsoft, IT experts have few options to make end-to-end encryption available to their organization. Here are some of the possibilities.

 IT admins can set the E2EE policy for users, groups or tenant via PowerShell. Please see the following guide for PowerShell commands: https://docs.microsoft.com/en-us/powershell/module/teams/new-csteamsenhancedencryptionpolicy?view=teams-ps 

Soon the ability to set the settings will also be available in Teams Admin Center UI. Once that is rolled out following steps can be used to setup E2EE via Teams Admin Center UI.

  • Sign into the Teams admin center and navigate to other settings > Enhanced encryption policies.
  • Name the new policy, then for End-to-end call encryption, choose users can turn it on, and then choose Save.
  • Once you’ve finished creating the policy, assign the policy to users, groups, or your entire tenant the same way you manage other Teams policies.

Something of Note:

It should be noted that some features on Microsoft Teams won’t be available once the end to encryption is turned on. Here are things that won’t be available. 

  • Call Park
  • Call transfer and companion to another device.
  • Call Merge
  • Recording
  • Add participant to make the one to one call a group call
  • Live caption and transcription

End-to-End Encryption is only at the preview stage, and it only works for person-to-person calls. Group audio and video calls are yet to be announced by Microsoft.

The material and information provided in Maureen Data Systems (“MDS”) Content are for general information only and should not, in any respect, be relied on as professional advice. The MDS Content shall be construed as author-based content and commentary. Accordingly, no warranties or other guarantees are offered as to the quality of the opinions, commentary or anything else appearing in such MDS Content. MDS expressly reserves the right to delete stories at its and their sole discretion.

Contact us to learn more about Teams End-to-End Encryption!

Ready to Get Started with mDS?

Fill-out the quick form & a MDS technical expert will contact you soon!

+1 (888) 123-4567