Customer Key support for Microsoft Teams

Securing a company is getting more complex as technology advances, and constant learning and staying updated in this subject are crucial. Security is more than just a product, and knowing this will allow us to understand all the options we have. In today’s digital landscape, safeguarding sensitive information is paramount, and encryption plays a pivotal role in achieving this goal. Microsoft 365 recognizes the significance of data security and employs advanced measures such as baseline, volume-level encryption facilitated by BitLocker and Distributed Key Manager (DKM). This robust encryption framework ensures that your data remains protected, reinforcing the integrity of your organization’s most valuable asset. As an additional layer of security, Microsoft also offers the Microsoft customer key, allowing you to further enhance the protection of your data with personalized key management.

What’s the Microsoft 365 Customer Key? 

Microsoft 365 delivers this encryption through a built-on service, the Customer Key, which allows organizations to add a layer of encryption of their own.

Authorized users can provide and have complete control over the encryption keys. These are used to encrypt customers’ data in Microsoft datacenters. Once an organization creates a key, Microsoft 365 uses it to encrypt data at rest (this is described in the Online Services Terms).

Also, the customer has the option of creating data encryption policies (DEP), with the objective of encrypting certain data in Microsoft 365, for all tenant users. Although multiple DEPs can be created per tenant, there can only be one assigned at a time.  

Optimize resources and focus on your business goals with our Microsoft Managed IT Services

Managed IT Services, guidance & support
business man in an online meeting Microsoft Teams

Optimize resources and focus on your business goals with our Microsoft Managed IT Services

Managed IT Services, guidance & support

Customer Key for Microsoft Teams 

Although the Customer Key data policies support Exchange Online and SharePoint Online, it didn’t support Microsoft Teams. Recently they had an update to add broader control and support for this app.

Once the DEP is assigned the following Microsoft Teams data will be encrypted for all tenant users. 

  • 1:1 chat, group chats, meeting chats and channel conversations messages 
  • Media messages (images, code snippets, video messages, audio messages, wiki images) 
  • Call and meeting recordings in Teams storage 
  • Teams chat notifications, chat suggestions by Cortana, status messages 
  • User and signal information for Exchange Online 
  • Exchange Online mailboxes that aren’t already encrypted using mailbox level DEPs 
  • Microsoft Information Protection exact data match (EDM) data – (data file schemas, rule packages, and the salts used to hash the sensitive data) 

After creating and assigning a DEP, the encryption begins automatically. However, there could be a few exceptions, depending on the size of the tenant. 

Read more about the Microsoft 365 Customer Key here.

If you want to simplify and modernize security, compliance, and identity in your organization, partner with Team Venti. Book a meeting today. 

Lucy Camero

Lucy Camero

Team Venti Brand Manager

Sign up to learn more

Get news, updates, and insights about Microsoft solutions, technologies, and best practices.

Share This Story, Choose Your Platform!

Related posts

Ready to deploy Intune?

Get started with Microsoft Intune quickly and easily with Team Venti's QuickStart program

Recent Posts



The BlueSky Contact Center for Microsoft Teams

Modernize your operations and standardize all company communications on a single platform