Skip to main content

Entrust nShield HSMs Now Support Microsoft Double Key Encryption




News Room Media Inquiry

News Room Media Inquiry

Woman looking at computer

New integration ensures customers are in control of their most sensitive data in Microsoft 365

MINNEAPOLIS (March 31, 2021)Entrust, a leading provider of trusted identities, payments, and data protection solutions announces the integration of its nShield® hardware security modules (HSMs) with Microsoft Double Key Encryption. nShield HSMs support the new Microsoft service with robust cryptography, enabling organizations to extend control and security over their most sensitive data in Microsoft 365.

Double Key Encryption (DKE) for Microsoft 365 protects a company’s highly sensitive data using two component keys – one key that is in the customer’s control and a Microsoft key stored securely in Microsoft Azure. With this new integration, the customer’s key is generated and protected using a robust FIPS 140-2 Level 3 and Common Criteria EAL4+ certified nShield HSM and used to encrypt the organization’s sensitive data. The data is then encrypted again with a key provided by Microsoft.

“CISOs, security architects and auditors are focused on maintaining compliance and protecting sensitive data across their organizations, so establishing a strong root of trust that anchors the security of that data within Microsoft 365 is critical for continued cloud adoption. Without proper controls and robust cryptography, customers may be hesitant to store their most sensitive data in the cloud,” said David Low, Vice President of Professional Services at Entrust. “Enabling customers to have full control over their cloud data with a secondary key – much like you do at your bank with a safe deposit box – is vital to establish that confidence and protecting the customer key then becomes critical. nShield HSMs provide that strong root of trust and ensure that the customer key is always protected and under the control of the customer.”

Whether deployed on premises or as-a-service, Entrust nShield HSMs are among the highest-performing, most secure and easy-to-integrate HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and application security for enterprise, financial, and government organizations. The purpose-built hardware devices are designed to generate, safeguard and manage cryptographic keys on behalf of applications. The unique nShield Security World key management architecture enforces important separation of duties with dual-controls that segregate security functions from administrative responsibilities. The addition of certified Entrust nShield HSMs to Microsoft Double Key Encryption service accelerates cloud adoption and facilitates auditing and regulatory compliance.

“For customers operating in highly regulated industries, Double Key Encryption provides an extra layer of protection for their most mission-critical data,” said Benjy Levin, Program Manager, Microsoft Security at Microsoft Corp. “Double Key Encryption for Microsoft 365 enhances the depth of protection for highly sensitive data to meet specialized requirements, while helping these customers to move to the cloud with greater confidence. The integration of Entrust nShield HSMs with Double Key Encryption delivers the additional security capabilities and trust required for continued cloud adoption.”

As a Microsoft Gold Partner, Entrust nShield HSMs have helped companies maintain strong controls over their encryption keys for Microsoft applications for more than two decades including SQL Server, Active Directory Certificate Services as well as having pioneered with Microsoft Bring Your Own Key (BYOK) to Azure Key Vault and Microsoft 365.

Additional Information:

Blog: Double Key Encryption
Webinar: Take control of encryption in Azure Cloud with Double Key Encryption
Landing page: Double Key Encryption Integration
Partner page: Microsoft

About Entrust Corporation

Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e-government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us. For more information, visit