How to encrypt a client-to-client signalR message on Azure SignalR Services

I have an Azure HTTP-triggered function that facilitates negotiation with Azure SignalR Services (serverless). Here it is the code to negotiate:

var hubConnection = new HubConnectionBuilder()
                .WithUrl("http://localhost:7071", options =>
                {
                    options.Headers.Add("x-ms-signalr-userid", SystemUserId!);
                    options.Headers.Add("x-functions-key", ConnectionParameters!.SecretKey!);
                })
                .WithAutomaticReconnect([TimeSpan.Zero, TimeSpan.Zero, TimeSpan.FromMilliseconds(5)])
                .Build();

Messages are sent and received via Upstream between the established connections (client apps). I realized that the sent messages are in clear text and hence they can be read clearly on the server side.

This is how the Upstream function looks like as a pseudo code:

    [Function("SendMessage")]
[SignalROutput(HubName = "MyHub")]
    public SignalRMessageAction SendMessageToUser([SignalRTrigger("MyHub", "Category", "msgSent", "username", "message")] SignalRInvocationContext invocationContext, string username, string message)
    {
        return new SignalRMessageAction() { .... }
    }

How can we implement a mechanism to encrypt messages end to end to enhance the privacy? Ideally something like WhatsApp is doing?

I would also like to elevate the question a bit, how sending and receiving messages in a group can be secured/encrypted to make them readable to the group's users only?