In the discussion around data protection, rulings like Schrems2 and encryption was desired by many customers. Now it is possible to store an own key for Microsoft Teams, as it was announced in September 2020 at Ignite.
Microsoft Teams with customer key
Microsoft Teams helps keep data secure by encrypting it at rest in Microsoft data centers, starting with volume-level encryption enabled by BitLocker, while Service Encryption ensures content at rest is encrypted at the application level. Customer Key builds on service encryption to provide an additional application-level encryption layer for data-at-rest and, as an organization, enables control over encryption keys.
Customer Key helps meet compliance obligations by giving you control over the encryption keys that Microsoft 365 uses to encrypt and decrypt data, improving your ability to meet the requirements of compliance requirements that define key agreements with the cloud service provider.
- Exchange Online
- SharePoint Online
Now in Public Preview
- Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)
- Teams media messages (images, code snippets, videos, wiki images)
- Teams call and meeting recordings stored in Teams storage
- Teams chat notifications
- Teams chat suggestions by Cortana
- Teams status messages
- User and signal information for Exchange Online
How it works
This encryption and also the one for Microsoft Teams is a tenant-level file encryption policy and works for the data-at-rest at the layer (Bitlocker).
How do I set this up?
You need at first:
- Azure PowerShell
- Work or school account
- Admin role: Compliance
- 2 Azure subscription (e.g. pay-as-you-go).
- License doesn’t matter for now, support: E1-E5, A1-A5, Business or not