We have not enforced SMB3 and encryption, but have now started a SOX review and need data copied between servers to be encrypted. Below is some of my notes to get this setup.
To enable SMB encryption for an single file share
Set-SmbShare –Name -EncryptData $true
To enable SMB encryption on the entire server
Set-SmbServerConfiguration –EncryptData $true
To create a new SMB file share with encryption enabled
New-SmbShare –Name -Path –EncryptData $true
On the server you can see what version of SMB each connection is using
get-smbsession | ft *
From a workstation you can see the SMB version and if its encrypted
get-smbconnection | ft *
I haven’t been able to view the connections from the server side to see if they are encrypted
reference sites
Overview of file sharing using the SMB 3 protocol in Windows Server | Microsoft Learn
SMB security enhancements | Microsoft Docs
How to Check, Enable or Disable SMB Protocol Versions on Windows? | Windows OS Hub (woshub.com)
