Officedocs-skypeforbusiness: What about encryption of chat messages in transit and at rest?

Created on 2 Dec 2019  ·  15Comments  ·  Source: MicrosoftDocs/OfficeDocs-SkypeForBusiness

Teams also enforces team-wide and organization-wide [...] encryption of data in transit and at rest.

  1. How are chat messages encrypted at transit from the beginning to the end?
  2. How are chat messages encrypted at rest, again the whole process from the beginning to the end?

I talk about stuff like TLS, AES, etc. and at which steps it takes place, like shown in figure 1.

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

picture GiantCrocodile
👍2

All 15 comments

@GiantCrocodile Thank you for submitting feedback and contributing to the docs. We are currently investigating this.

scanum picture scanum on 5 Dec 2019

It would be helpful if there was a clear statement regarding encryption at-rest and in-transit on this page, even if the underlying storage is maintained by different O365 product offerings (OneOne, Sharepoint etc.); it would also be beneficial to reference SOC reports (if these are available).

I am specifically interested to know what underlying product is used to manage keys to support encryption at rest AND whether this product supports Bring Your Own Key (BYOK) capabilities.

nickheppleston picture nickheppleston on 10 Dec 2019
👍1

@GiantCrocodile Thank you for reaching out, I'm investigating further to answer your questions.

Reeced40 picture Reeced40 on 13 Dec 2019

@GiantCrocodile please have a look at this link - https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_teams/questions-from-security-team-according-to-ms-teams/ba204bc5-bc13-446d-8c8a-36095e6430b3. It might help answer some of your questions. The team advised me that this doc set is being updated and re-written so should feature all the updates soon. Please let me know if you need further assistance.

Reeced40 picture Reeced40 on 17 Dec 2019

@Reeced40 I'm sorry but the information in the link seems very outdated and was incomplete when it was up to date. Especially the statement

  1. Encryption of messages during sending.
    It’s not feasible to configure additional encryption for sending messages in Microsoft Teams, we have specific mechanism to protect these messages. However, the mechanism is confidential due to privacy concern.

is no answer we can respect nor is it valid when we talk about the technical side of encryption and privacy topics.

Please keep us updated in this issue so we know when new information is added. The security of this product is important to any customer who uses Microsoft products and we rely on this information to use the product, especially to evaluate the security and safety and for legal compliance reasons.

Thank you and your team!

GiantCrocodile picture GiantCrocodile on 17 Dec 2019

@Reeced40

scanum picture scanum on 30 Dec 2019

@Reeced40 Any update on this? Thanks!

scanum picture scanum on 13 Jan 2020
👍1

@scanum Thanks Manuela. Still investigating. @GiantCrocodile I'm tagging the author in this one. Perhaps @LolaJacobsen could help clarify. Here is another article I found in the meantime https://docs.microsoft.com/skypeforbusiness/plan-your-deployment/security/encryption

Reeced40 picture Reeced40 on 15 Jan 2020

Does that article apply to Microsoft Teams too, @Reeced40? It's for on premise Skype for Business Server 2019.

GiantCrocodile picture GiantCrocodile on 29 Jan 2020

@LolaJacobsen Could you please assist.

Reeced40 picture Reeced40 on 5 Feb 2020

@LolaJacobsen Could you please assist.

scanum picture scanum on 12 Mar 2020

@MicrosoftHeidi - what do you know about this?

LolaJacobsen picture LolaJacobsen on 20 Mar 2020
👍1

@MSFTTracyP can you take a look at this? Is this now covered/surpassed by the Teams Security Guide? Thanks!

MicrosoftHeidi picture MicrosoftHeidi on 9 Apr 2020

@GiantCrocodile First, thanks for your question! It just so happens that some of the questions in this thread are already tackled in the Teams Security Guide, here: https://docs.microsoft.com/en-us/microsoftteams/teams-security-guide. There is a dedicated Encryption section that goes into Teams methodology. While its somewhat difficult to put a pin in a changing and growing service, this guide does a very good job of explaining the technologies used. Please feel free to bookmark it with regards to further developments.

There are also more general articles that talk to encryption in Microsoft datacenters (https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-encryption-in-the-microsoft-cloud-overview?view=o365-worldwide), which I would invite you to read. This is because the datacenters are the back-end of the service, and there is a lot of context to be learned from awareness of these processes.

Regarding BYOK or Customer Key and Teams files, as I've seen in the thread, this is the reference that you need https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-key-overview?view=o365-worldwide. Please take a look, as it does talk about Teams files here.

Thanks and I hope it helps!

MSFTTracyP picture MSFTTracyP on 10 Apr 2020

@GiantCrocodile Thank you for submitting feedback. We understand that this issue has been resolved.
Please feel free to re-open this issue if there is a specific area of the docs that we can improve or make better. Thank you.

scanum picture scanum on 14 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

BSiefferman picture BSiefferman  ·  4Comments
erik365online picture erik365online  ·  6Comments
bsdmad picture bsdmad  ·  6Comments
jspcstl picture jspcstl  ·  6Comments
DevJonBirkett picture DevJonBirkett  ·  6Comments