NHS England have enabled an end-to-end encryption (E2EE) feature for one-to-one Teams calls to allow you to hold encrypted calls. This allows control at a ‘user level.’ This means that you can enable/disable the E2EE feature as required. When an E2EE call is initiated, the communication between both parties in the call is encrypted from end-to-end. No other party, including NHS England or Microsoft, has access to the decrypted conversation.
Both users in the one-to-one call must have E2EE enabled to use the encryption feature.
To turn on end-to-end encryption, please follow these steps:
- At the top right of the Teams window, select the profile picture (or the ellipses (three dots) next to the profile picture).
- Choose Manage Account
- Then choose Settings > Privacy.
- Turn on end-to-end encrypted calls by toggling the switch.
Please be aware once E2EE is enabled the following features will not work:
- Recording
- Live caption and transcription
- Call transfer (blind, safe, and consult), Call Park, Call Merge
- Call Companion and transfer to another device
- Add participant to make the one-to-one call a group call
If you require any of the above features, you will need to disable E2EE
If you have not enabled E2EE or only one user has it enabled it, Teams still secures a call or meeting using encryption based on industry standards. Data exchanged during calls is always secure while in transit and at rest. For more information, see Media encryption for Teams.
How to check if call is encrypted?
Once both users have joined the one-to-one call, you will see a ‘Shield with Padlock’ icon in the call window for both users. Hover over the icon to view the confirmation the call is encrypted and get the 20-digit security code. To confirm the call is encrypted verify the same code appears for the other user in the call.
If you have not enabled E2EE or only one user has it enabled it, Teams still secures a call or meeting using encryption based on industry standards. Data exchanged during calls is always secure while in transit and at rest. For more information, see Media encryption for Teams.
If you have E2EE enabled, and the other user has not then you will only see ‘Shield’ icon in the call window.
E2EE Capability
End-to-end encrypted calls can be made between two parties when the parties are using the latest version of the Teams desktop client for Windows or Mac, or they are on a Mobile device with latest update for iOS and Android.
Enable E2EE on mobile devices by following these steps (steps may be different depending on device and platform):
- In Teams Mobile, go to settings > calling
- Under Encryption, turn on End-to-end encrypted calls
You will see same icons to indicate whether the call encrypted or not on your mobile Teams app.
As indicated above, some features will not work during E2EE call. if you need these features to be enabled in a call, use the following steps:
- At the top right of the Teams window, select the profile picture (or the ellipses (three dots) next to the profile picture).
- Choose Manage Account
- Then choose Settings > Privacy.
- Turn off end-to-end encrypted calls by toggling the switch.
