Customer Key for Microsoft Teams: Better protection of your customer data
As already announced at the last Ignite, the Microsoft 365 Customer Key is now generally available as a new function. Some companies have already used the function for Microsoft Teams. You can find out all the advantages in today's overview.
Customer Key for Microsoft Teams
The background to this is that, in addition to encryption at volume level, Microsoft Teams also uses so-called service encryption, which has two variants. On the one hand, there is a key managed by Microsoft and on the other hand a customer key. Since this customer key is now generally available, you can use it for Microsoft Teams.
Important point: Customer data at rest in the Microsoft 365 service with BitLocker and DKM always remain encrypted!
How the Customer Key works
You can generate your own cryptographic keys using an on-premises hardware service module or Azure Key Vault used by Office 365. Once the keys are stored, they can be used as the root of one of the key bundles that encrypt your mailbox data and mailbox files.
Advantages
With the Customer, you can generate your own cryptographic keys using a local hardware service module or Azure Key Vault, which are used by Office 365. You can also use them as the root of one of the key bundles to encrypt your mailbox data and mailbox files. The key bundle provides additional protection via BitLocker.
At the same time, it allows administrators to be separated when accessing stored or processed application data. The customer key option also allows key management per customer. This makes it easier to adhere to certain compliance guidelines regarding encryption. The customer key can also serve as a technical control with which you can control access to your data by Microsoft employees.
Encryption of dormant data
Once keys are provisioned, Microsoft 365 uses them to encrypt data at rest. Data encryption policies for Microsoft Teams give you more control because once a DEP is created and assigned, the following data is encrypted for all tenant users:
-
Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)
-
Teams media messages (images, code snippets, video messages, audio messages, wiki images)
-
Teams calls and meeting recordings stored in the Teams store
-
Teams chat notifications, Teams chat suggestions from Cortana, Teams status messages
-
User and signal information for Exchange Online
-
Exchange Online mailboxes not yet encrypted with mailbox-level DEPs
-
Microsoft Information Protection exact data match (EDM) data - (data file schemas, rule packages and the salts used to hash sensitive data).
Read also this detailed and further article on the Customer Key.
You can be sure of our support with the introduction of Customer Key
A secure IT infrastructure for our customers is important to us. Our numerous security projects and our Microsoft Security Competence in Gold clearly prove this. You too can benefit from our know-how in the security sector. We support you in the introduction and successful use of Customer Key in your company. You can also find out how your company is doing in terms of data protection and data security with our Cloud Security Assessment.