1. Business
  2. Tech in business
March 3, 2021updated 04 Mar 2021 10:35am

Microsoft Teams gets end-to-end crypto, no matter what the Five Eyes say

By Eric Johansson

Microsoft has joined the growing trend among communications vendors for end-to-end encryption (E2EE), announcing that its Teams collaboration tool will get the feature in the first half of 2021.

The Redmond-headquartered tech behemoth made the announcement as part of its Ignite virtual conference, underway this week.

“Teams will support end-to-end encryption for organisations to help customers meet their security and compliance requirements by providing an additional option for conducting sensitive online conversations,” Microsoft explained. “For example, a call from an IT admin giving an employee her password over Teams could be conducted with E2EE.”

The Teams E2EE rollout will happen in several stages. The first phase will deliver the added security for unscheduled one-to-one Teams calls. In this stage, customers will be able to pick which team members can use E2EE.

“Future updates will be made available to support customers’ evolving compliance needs, including expanding to scheduled calls and online meetings,” Microsoft said.

The news follows Google’s announcement at the end of November that its rich communication service (RCS) messaging option in Android is now available worldwide. This offers E2EE, but perhaps unsurprisingly that option will not be available to users in China, Cuba, Iran and Russia. It is unclear if similar regional restrictions will apply to the new Teams E2EE rollout. Microsoft did not reply to requests for comments on this matter before the publication of this article.

E2EE has long been a hot-button issue for communications services. Zoom found itself facing a massive backlash at the start of the pandemic after the video conferencing app said it would enable E2EE, but only for paying customers. It subsequently did a complete U-turn and has delivered E2EE for all users since October last year.

Slack, a major competitor for Microsoft Teams, famously does not offer E2EE, but it is a feature of popular messaging services such as Signal.

One reason that E2EE is such an issue is that such encryption, if properly implemented, is all but impossible to eavesdrop on. Even the security and intelligence agencies of the world’s major governments find the technology to be a massive obstacle.

In the UK, home secretary Priti Patel has called for companies like Facebook to provide law enforcement and national-security agencies with digital backdoors into E2EE conversations. This call was echoed by the other governments of the “Five Eyes” secret intelligence alliance – the US, Canada, Australia, New Zealand – and also by India and Japan.

Such demands have often met a hostile reaction from cybersecurity experts, who typically contend that such deliberately introduced backdoors would weaken the services’ digital defences, potentially opening the door for cyber criminals.

In November, Verdict reported that a leaked Council of the European Union memo had sparked speculation that the European Union was even considering a ban on E2EE. Such a move would seem unlikely to have much real effect. Many readers will recall the US government’s futile attempts to control the availability of the free crypto tool Pretty Good Privacy (PGP) in the early 1990s.

Meanwhile, Microsoft has announced a wave of other security features during the ongoing Ignite conference. These include support for pre-built identification documents that will enable automated extraction of data from worldwide passports and driver’s licenses, intended to improve secure client onboarding.

Another security feature will see customers able to deploy Azure Spring Cloud in a Managed Virtual Network. This would enable them to isolate apps from the internet or place them within their own corporate networks.

Similarly, administrators will soon be able to decide which third-party solutions will be available on their Private Azure Marketplace. If the admins find that a third party is breaching its security rules or any other policies, they can simply kick it out.

Windows Server users will also benefit from the Azure Automanage feature. This will empower them to patch their security without having to reboot.

Further security announcements include Azure users being able to automatically update every app where one encryption key is used whenever a new key is generated, an updated Microsoft Cloud Adoption framework, and an improved Azure firewall.


Read more: Zoom will now offer end-to-end encryption to all users