Microsoft のロゴ


At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Our mission is grounded in both the world in which we live and the future we strive to create. Today, we live in a mobile-first, cloud-first world, and the transformation we are driving across our businesses is designed to enable Microsoft and our customers to thrive in this world.

We do business in 170 countries and are made up of 114,000 passionate employees dedicated to fulfilling our mission of helping you and your organization achieve more.

Detailed information about Entrust and Microsoft strategic partnership, including technical documentation and information on integrations can be found here in Entrust PKI, Entrust Identity, and Entrust BYOK.

Entrust is an official member of the Microsoft Intelligent Security Association.

Microsoft Intelligent Security Association

Solution Description

Bringing the Entrust portfolio of trusted identity solutions to Microsoft customers enables secure connections between people, systems, and devices to streamline IT deployment, mitigate risk, and reduce fraud. Together, we enable even higher levels of growth and innovation. Entrust is an official member of the Microsoft Intelligent Security Association.

Entrust nShield HSMs safeguard the certificate issuance, management, and validation processes for organizations looking to extend the security of Microsoft Active Directory Certificate Services (AD CS) PKI. Using nShield hardware security modules (HSMs), all key generation and certificate signing operations are executed within the tamper-resistant confines of the module. Private keys are securely stored and never accessible outside the HSM. Microsoft published guidance on securing PKI:

  • “Protecting CA Keys and Critical Artifacts” states that using an HSM is one of the strongest controls one can implement to provide strong protection of CA and other high-value keys.

Entrust nShield HSMs create tight controls around the management and the keys used to protect sensitive data at rest and in use across Azure-based on-premises and client applications. Microsoft Azure Key Vault safeguards the critical cryptographic keys used in the cloud to keep data secured. Used with Microsoft Azure Information Protection (AIP), the data exchanged within collaborative work environments is protected by embedding enforceable security policies right on the data assets, regardless of the data type.

Entrust key management for Microsoft SQL Server extends and enhances security by providing protection and lifecycle management for database encryption keys. Entrust nShield HSMs utilize Microsoft’s Extensible Key Management (EKM) interface to support transparent data encryption (TDE) and cell-level encryption modes for protection and consolidation of database application keys. This provides high assurance key archival for long-term data access and facilitates periodic rotation of encryption keys as required by regulations such as PCI DSS.

In addition to the resources below, several detailed integration guides are available for Entrust-Microsoft solutions. Please visit our Document Library for a full listing.


1 Microsoft Way




Entrust Readyテクノロジー パートナー プログラム



  • Cloud, DevOps
  • Identity & Access Mgmt
  • PKI, Key & Certificate Management, IoT



Microsoft SQL Server nShield HSM


directional sign icon
July 11, 2024
Hold Your Own Key (HYOK) for High Assurance Key Management


open folder icon
Entrust Database Encryption Solution for Microsoft SQL Server


open folder icon

Entrust & Microsoft

Microsoftは、パワフルでダイナミック、そしてさまざまなデバイスや場所からアクセス可能な、今日のITシステムを実現するイノベーションをリードしてきました。 モバイルとクラウドが従来のセキュリティ境界を再構築するにつれ、IDは、ますます巧妙になる脅威や攻撃から守るために、企業全体のデジタル接続を保護する上で非常に重要になっています。

Image of Microsoft Intelligent Security Association


当社の信頼できるIDソリューションのポートフォリオをMicrosoftのお客様に提供することで、人、システム、デバイス間の安全な接続が可能になり、IT導入の合理化、リスクの軽減、不正行為の削減が実現します。 私たちは共に、より高いレベルの成長とイノベーションを実現します。 EntrustはMicrosoftインテリジェントセキュリティアソシエーションの公式メンバーです。



現代の企業では、モバイルデバイスやクラウド環境が増加しています。 柔軟性とアクセシビリティが向上したのは確かですが、その一方でリスクも大きくなっています。 EntrustとMicrosoftは、トランザクション内およびデバイスやシステム間で信頼されたIDを実施する統合スイートを開発しました。

Woman looking at paper


With Microsoft Intune, organizations can easily manage all of their mobile devices and applications, seamlessly enabling enterprise mobility. The integration of Entrust PKI and Intune enables these organizations to issue certificates via Entrust to provide seamless device authentication to applications and on-premises resources.


Windows Autopilot automates the heavy lifting usually required to provision new devices. With the integration of Entrust PKI, you can enable secure access to corporate resources such as WiFi, VPN, and core applications during provisioning with the issuance of device certificates by Entrust through Microsoft Intune. The costs and time required to set up devices is greatly reduced, and your devices gain additional security based on trusted identity.

Nurse looking at a document


モバイルとクラウドの進化は、広範なアプリケーションとエンドポイントを導入し、ユーザーID管理と認証における課題を拡大しました。 EntrustとMicrosoftは、ディレクトリサービス、ユーザ認証、アクセス制御のための統合スイートを提供しており、両ベンダーのクラス最高の機能を簡単に活用することができます。

Person using a tablet

Active Directoryによるユーザ管理

The integration of Windows Server Active Directory (AD) and Azure Active Directory environments with Entrust Identity-as-a-service streamlines user identity management, enabling you to leverage existing user and attribute information for quick and effortless deployment. 


Whether you’re seeking to add effortless, strong authentication to Windows login or streamline access to Microsoft cloud applications such as Office 365, Entrust Identity-as-a-service provides the most modern mobile and adaptive authentication to secure your business while creating a frictionless user experience. Integrations also extend to legacy applications with rich protocol support, including CAPI, ISAPI, ADFS, Radius, SAML, and OpenID connect.

Microsoft Word screen
Phone with fingerprint protection

Azure Active Directoryの条件付きアクセス

Microsoft now offers customers access management capabilities with Azure Active Directory Conditional Access. Entrust Identity-as-a-Service brings an additional layer of authentication to Azure Active Directory to meet the flexibility and varied needs of your users, from grid cards and hardware tokens to mobile push and the most secure certificate-based approaches with our mobile smart credential. Your applications, data, and organization will be protected with an authentication that’s easy to deploy and use.


Through participation in the Entrust Ready Technology Partner Program, Microsoft Intune integrated our certificate-based, mobile smart credential technology to provide secure, frictionless physical and logical access control to mobile users. This Derived PIV credential solution establishes secure remote access to U.S. Federal Government networks and applications via certificate-based authentication. Visit Microsoft’s blog to learn more.

Person on phone


マネージドMicrosoft PKIサービス

Maintain your Microsoft PKI solution while eliminating the need for in-house resources and the highly specialized skillset required to properly manage digital identity and certificates. Your own dedicated Microsoft PKI is delivered as a managed service and hosted in Azure.

Microsoft のロゴ


クラウドでのビジネスが増えれば増えるほど、セキュリティもクラウドに移行する必要があります。 Entrust PKI as a Serviceは、クラウドで構築された、クラウドのための最先端PKIソリューションです。 自動化と拡張をサポートする高度な機能を備えたPKIaaSを利用すると、比較的簡単な手順で、増大し続けるニーズに安全に対応できます。またPKIaaSでは、ボタンクリックで即座に利用できる事前構築済みの安全なソリューションが提供されるため、PKIがシンプルになります。


Our experts will contact you to discuss how our partnerships and solutions can meet your needs.