How to configuration SMB3 and encryption

We have not enforced SMB3 and encryption, but have now started a SOX review and need data copied between servers to be encrypted. Below is some of my notes to get this setup.

To enable SMB encryption for an single file share

 Set-SmbShare –Name -EncryptData $true

To enable SMB encryption on the entire server

 Set-SmbServerConfiguration –EncryptData $true

To create a new SMB file share with encryption enabled

 New-SmbShare –Name -Path –EncryptData $true

On the server you can see what version of SMB each connection is using

 get-smbsession | ft *

From a workstation you can see the SMB version and if its encrypted

 get-smbconnection | ft *

I haven’t been able to view the connections from the server side to see if they are encrypted

reference sites

Overview of file sharing using the SMB 3 protocol in Windows Server | Microsoft Learn

SMB security enhancements | Microsoft Docs

How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub (woshub.com)

How to enable SMB encryption on Windows Server

Inpowershell, security

Creating a document management system with SharePoint

Internal certificates for desktop phones

Intune certificate connector

Microsoft ATP documentation

How to move a certification authority to another server

Least privileged roles by task in Azure Active Directory