For situations that require heightened confidentiality, Teams offers end-to-end encryption (E2EE) for one-on-one calls. With E2EE, call information is encrypted at its origin and decrypted at its intended destination so that no information can be decrypted between those points.
Overview
By default, Teams encrypts all communication using industry-standard technologies such as Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP). For more info on the Teams security framework, see Security and Microsoft Teams.
If your IT admin has enabled end-to-end encryption (E2EE) for your team, you can use it to further increase the confidentiality of your one-on-one calls. Both people on the call must turn on E2EE for the technology to work.
Current capabilities
During an E2EE call, Teams secures the following features:
-
Audio
-
Video
-
Screen sharing
You will also be able to chat in these calls, but Microsoft 365 secures your chat sessions.
Advanced features, including the following, will not be available during an E2EE call:
-
Recording
-
Live captions and transcription
-
Call transfer
-
Call merge
-
Call Park
-
Consult then transfer
-
Call companion and transfer to another device
-
Adding a participant
If your organization uses compliance recording (enterprise call recording that helps businesses meet specific regulatory requirements), E2EE won’t be available. For more info on how Teams supports compliance recording, see Introduction to Teams policy-based recording for callings & meetings.
Make a call using E2EE
Turn on E2EE
Before the call, both people must do the following:
-
In Teams, select Settings and more next to your profile picture and then select Settings.
-
Select Privacy on the left and then select the toggle next to End-to-end encrypted calls to turn it on.
Verify that E2EE is working
When the call is connected, do the following:
-
Look for a shield with a lock in the top left corner of the call window. This indicates that E2EE is turned on for both parties.
Note: If the shield looks like this , E2EE is not turned on for at least one of the parties but your call is still encrypted by Microsoft 365.
-
Point to the shield with a lock to view the security code and compare it with the code that the other person sees.
-
If both people on the call see the same code, E2EE is working properly.
FAQ
If I don't use E2EE for a one-on-one call, does that mean the call is not secure?
No. Teams data is encrypted in transit and at rest in Microsoft data centers using industry standard technologies such as TLS and SRTP. This includes calling, messages, files, meetings, and other content. See Encryption for Teams for details.
Can I use E2EE for group meetings and calls?
Yes, E2EE is a Microsoft Teams Premium feature. For more information, please visit the Microsoft Teams Premium licensing documentation.
For IT admins
Use end-to-end encryption for one-to-one Microsoft Teams calls
To enable and use end-to-end encryption (E2EE) on one-on-one calls from your mobile device, follow the steps below.
Turn on E2EE
Before the call, both people must do the following:
-
In Teams, tap your profile picture in the upper left corner of the screen and then tap Settings.
-
Tap Calling then scroll down to End-to-end encrypted calls and tap the toggle to turn it on.
Verify that E2EE is working
When the call is connected, do the following.
-
Look for a shield with a lock in the top left corner of the call window. This indicates that E2EE is turned on for both parties.
-
Note: If the shield doesn't have a lock , E2EE is not turned on for at least one of the parties but your call is still encrypted by Microsoft 365.
-
Tap the shield with a lock to view the security code and compare it with the code that the other person sees.
-
If both people on the call see the same code, E2EE is working properly.