Microsoft Teams Secure Calls (with end-to-end encryption)

For situations that require heightened confidentiality, Teams offers end-to-end encryption (E2EE) for one-on-one calls. With E2EE, call information is encrypted at its origin and decrypted at its intended destination so that no information can be decrypted between those points.  By default, Teams encrypts all communication using industry-standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP).  SU users can further increase the confidentiality of one on one calls by changing the following settings in Teams.  

To Enable:

In Teams, select More options next to your profile picture and then select Settings.

Select Privacy on the left and then select the toggle next to End-to-end encrypted calls to turn it on.

For Verification:

To verify E2EE is working look for the icon in the top left corner of the call window.  This indicates E2EE is turned on and functioning for both parties.  Click on the Shield/Lock icon to view the security code and compare it with the code of the other caller.  If both people on the call see the same code, E2EE is working properly.  

If the shield looks like this , E2EE is not turned on for at least one party.  This represents standard Microsoft 365 encryption.  

FAQ: 

If I don't use E2EE for a one-on-one call, does that mean the call is not secure?

No. Teams data is encrypted in transit and at rest in Microsoft data centers using industry standard technologies such as TLS and SRTP. This includes calling, messages, files, meetings, and other content. See Encryption for Teams for details.

Can I use E2EE for group meetings and calls?

Not yet. Initially E2EE will be available only for one-on-one Teams calls. After gathering customer feedback to understand how the feature addresses their compliance needs and obligations, we will work to bring E2EE capabilities to online meetings.