You must enable video devices at both the site and user levels for end-to-end encryption to work.

Webex for Government supports end-to-end encrypted meetings in Webex App and Webex Meetings.

Compare Webex End-to-End Encryption and Zero-Trust End-to-End Encryption

The Webex Suite offers two types of end-to-end encryption (E2EE):

  • Webex End-to-End Encryption — Security for messaging and user-generated content.

  • Zero-Trust End-to-End Encryption — Security for meetings (the main content of this article).

Both types provide an extra layer of encryption that safeguards data from interception attacks, but they differ in the levels of confidentiality that they offer.

Webex End-to-End Encryption

Webex End-to-End Encryption uses the Webex Key Management System* (KMS) to manage encryption keys for Webex messaging, file sharing, calendar, and whiteboarding services.

  • Data is encrypted in transit and at rest.

  • Webex App encrypts all user-generated content, such as messages, files, and whiteboards, before transmitting it over TLS.

  • This encrypted content is stored on encrypted content servers in the Webex cloud.

This additional layer of security protects user data in transit from TLS interception attacks, and stored user data from potential bad actors in the Webex cloud.

The Webex cloud can use encryption keys, but only to decrypt data as required for core services such as:

  • Message indexing for search functions
  • Data loss prevention
  • File transcoding
  • eDiscovery
  • Data archival

For more information, see Zero-Trust Security for Webex.

* By default, our cloud-based KMS generates and distributes encryption keys. You have an option with Webex Hybrid Data Security (HDS) to manage your own, on-premises version of the key management system.

Zero-Trust End-to-End Encryption

MLS logo

Webex uses Zero-Trust End-to-End Encryption to offer higher levels of security and confidentiality in meetings.

Zero-Trust End-to-End Encryption uses the Messaging Layer Security (MLS) protocol to exchange information so that participants in a Webex Meeting can create a common meeting encryption key.

The meeting encryption key is only accessible to the participants in the meeting. The Webex service can't access the meeting key—hence "Zero-Trust."

Scope of Zero-Trust security for Webex Meetings

Zero-Trust security for Webex supports the following in end-to-end encrypted meetings:

  • Standards-based, formally verified cryptography.

  • Webex Room Devices (Room Series, Desk Series, and Webex Board).

  • End-to-end encryption (E2EE) in Personal Room meetings.

  • A security icon which lets all meeting participants know at a glance that their meeting is secure, and when end-to-end encryption is enabled for the meeting.

  • Verbal verification of meeting attendees using a new Security Verification Code.

  • Up to 1000 participants.

  • Participants joining from a device must be one of the first 205 participants.

  • Local recording.

  • Save meeting chat and notes locally.

  • In Webex App, you can join the meeting using your computer audio only (PSTN-based Call me/Call is not supported).

Zero-Trust security does not support the following in meetings:

  • Older Webex devices, such as the SX, DX, and MX Series.

  • Features provided by Cisco cloud services that require access to decrypted media, including:

    • Network-Based Recording (NBR)

    • Transcoding media

    • In-meeting Webex Assistant

      • Automated closed captioning

      • Transcription

    • Saving session data, transcripts, and meeting notes to the cloud (local recording and saving is supported)

    • Public Switched Telephone Network (PSTN)

    • SIP interoperability

    • Embedded apps

This section is for customers with Full-Featured Meetings.

To join an E2EE meeting from your Webex Board, Room, or Desk device, tap Join Webex and enter the meeting number that is listed in the Webex Meetings invite. Then, tap Join to join the meeting.

In the meeting, you can check whether the meeting is end-to-end encrypted by looking at the shield icon in the header.

  • – The meeting is end-to-end encrypted.

  • – The connection between your Webex desktop app and the Webex server is secure, but the meeting is not end-to-end encrypted.

A security code is provided to allow participants to verify that their connection is secure.

Tap the icon to see the security code and other security information for the meeting. The security code changes each time a participant enters the meeting.

All the meeting participants should see the same security code. If one person sees a different security code, their connection is not secure.

In the participants list, you can see information about the authentication status of each participant: verified or unverified.

  • – Participant's identity has been verified externally by a Webex Partner Certificate Authority (CA). This requires configuring an external certificate on your personal device.

  • – Participant's identity has been verified internally by Webex CA.

  • – Participant's identity is unverified.

More detailed information about the certificate provider is available by tapping a participant’s name and selecting Show Certificate.

Known limitations

Transcoding, Automatic Closed Captioning, Transcription, PSTN, and other cloud-based services that require the cloud to access the media are not available at this time, as they are not supported by the Zero-Trust Security model for End-to-End Encryption v2 (E2EEv2).

A participant joining from a Webex device must be one of the first 205 participants of any kind in the meeting, or their connection will require transcoding. As this is not supported, they will not be admitted to the meeting.

The maximum number of participants in an E2EEv2 meeting is 1000.

SIP video or telephone devices cannot join E2EEv2 meetings, as E2EEv2 is not available in the SIP protocol.