Tom Talks Microsoft Teams and Microsoft 365 news and opinions

Customer managed encryption keys for Microsoft Teams Public Preview

In September 2020 we learnt that Customer managed encryption keys coming for Microsoft Teams, now it is available in Public Preview.

Customer Key in Office 365 is offered in Office 365 E5, Microsoft 365 E5, Microsoft 365 E5 Compliance, and Microsoft 365 E5 Information Protection & Governance SKUs.

Customer Key requires two keys for each data encryption policy (DEP). To create two keys, you must create two Azure subscriptions. You need a paid, invoiced Azure Subscription using either an Enterprise Agreement or a Cloud Service Provider (CSP). Azure Subscriptions purchased using Pay As You Go plans or using a credit card aren’t supported for Customer Key. You need to create a premium Azure Key Vault in each subscription.

Using keys the customer provides, you can encrypt the following data:

  • Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)
  • Teams media messages (images, code snippets, video messages, audio messages, wiki images)
  • Teams call and meeting recordings stored in Teams storage
  • Teams chat notifications
  • Teams chat suggestions by Cortana
  • Teams status messages
  • User and signal information for Exchange Online
  • Exchange Online mailboxes that aren’t already encrypted Customer Key DEPs at the application level
  • MIP exact data match (EDM) data – (data file schemas, rule packages, and the salts used to hash the sensitive data)

Note, Public preview doesn’t support encrypting past data, it will start encrypting from the time the data encryption policy (DEP) and assigned to the tenant.

A known issue in preview: When you enable Customer Key at the tenant level, you can’t create a new team in Microsoft Teams.

More information:

Microsoft blog: Customer Key support for Microsoft Teams now in Public Preview!

Documentation: Overview of Customer Key for Microsoft 365 at the tenant level (public preview)

About the author

Tom Arbuthnot

A Microsoft MVP and Microsoft Certified Master, Tom Arbuthnot is Principal Solutions Architect at Microsoft Collaboration specialists Modality Systems.

Tom stays up to date with industry developments and shares news and his opinions on his blog, Microsoft Teams Podcast and email list. He is a regular speaker at events around the world.

Add comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tom Talks Microsoft Teams and Microsoft 365 news and opinions