Tom Talks Microsoft Teams and Microsoft 365 news and opinions

Customer managed encryption keys coming for Microsoft Teams


Microsoft Office 365 has supported Customer Key since 2017. Customer Key encrypts data at rest in Office 365 with keys the customer\organisation provides.

Your data is always encrypted at rest in the Microsoft 365 service with BitLocker and Distributed Key Manager (DKM). This is controlled and managed by Microsoft. Customer Key adds an additional layer of encryption is called service encryption.

Service encryption is not meant to prevent Microsoft personnel from accessing customer data. The primary purpose is to assist customers in meeting regulatory or compliance obligations for controlling root keys or obligations related to having the explicit control to delete data when exiting the service.

Using keys customers provide, Customer Key encrypts:

  • SharePoint Online, OneDrive for Business, and Microsoft Teams files (which are in SharePoint or OneDrive for Business)
  • Files uploaded to OneDrive for Business
  • Exchange Online mailbox content including e-mail body content, calendar entries, and the content within email attachments.
  • Text conversations from Skype for Business (chat history is in exchange mailbox)

Customers explicitly authorize Office 365 services to use their encryption keys to enable cloud services, such as eDiscovery, anti-malware, anti-spam, search indexing, etc.

Customer Key is part of  E5 and the Advanced Compliance SKU. Additionally, customers must also purchase the appropriate license for using Azure Key Vault

Coming preview Q4 2020, targeting GA Q1 2021, Microsoft will add Customer Key support for Microsoft Teams. This will encrypt Microsoft Teams data (private chat and team chat) with a customer-provided key.


Roadmap item 68732



Service encryption with Customer Key

Set up Customer Key

About the author

Tom Arbuthnot

A Microsoft MVP and Microsoft Certified Master, Tom Arbuthnot is Principal Solutions Architect at Microsoft Collaboration specialists Modality Systems.

Tom stays up to date with industry developments and shares news and his opinions on his blog, Microsoft Teams Podcast and email list. He is a regular speaker at events around the world.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tom Talks Microsoft Teams and Microsoft 365 news and opinions