Skip to main content
Microsoft logo


At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Our mission is grounded in both the world in which we live and the future we strive to create. Today, we live in a mobile-first, cloud-first world, and the transformation we are driving across our businesses is designed to enable Microsoft and our customers to thrive in this world.

We do business in 170 countries and are made up of 114,000 passionate employees dedicated to fulfilling our mission of helping you and your organization achieve more.

Detailed information about Entrust and Microsoft strategic partnership, including technical documentation and information on integrations can be found here in Entrust PKI, Entrust Identity, and Entrust BYOK.

Entrust is an official member of the Microsoft Intelligent Security Association.

Microsoft Intelligent Security Association

Solution Description

Bringing the Entrust portfolio of trusted identity solutions to Microsoft customers enables secure connections between people, systems, and devices to streamline IT deployment, mitigate risk, and reduce fraud. Together, we enable even higher levels of growth and innovation. Entrust is an official member of the Microsoft Intelligent Security Association.

Entrust nShield HSMs safeguard the certificate issuance, management, and validation processes for organizations looking to extend the security of Microsoft Active Directory Certificate Services (AD CS) PKI. Using nShield hardware security modules (HSMs), all key generation and certificate signing operations are executed within the tamper-resistant confines of the module. Private keys are securely stored and never accessible outside the HSM. Microsoft published guidance on securing PKI:

  • “Protecting CA Keys and Critical Artifacts” states that using an HSM is one of the strongest controls one can implement to provide strong protection of CA and other high-value keys.

Entrust nShield HSMs create tight controls around the management and the keys used to protect sensitive data at rest and in use across Azure-based on-premises and client applications. Microsoft Azure Key Vault safeguards the critical cryptographic keys used in the cloud to keep data secured. Used with Microsoft Azure Information Protection (AIP), the data exchanged within collaborative work environments is protected by embedding enforceable security policies right on the data assets, regardless of the data type.

Entrust key management for Microsoft SQL Server extends and enhances security by providing protection and lifecycle management for database encryption keys. Entrust nShield HSMs utilize Microsoft’s Extensible Key Management (EKM) interface to support transparent data encryption (TDE) and cell-level encryption modes for protection and consolidation of database application keys. This provides high assurance key archival for long-term data access and facilitates periodic rotation of encryption keys as required by regulations such as PCI DSS.

In addition to the resources below, several detailed integration guides are available for Entrust-Microsoft solutions. Please visit our Document Library for a full listing.


1 Microsoft Way



United States

Entrust Ready Technology Partner Program



  • Cloud, DevOps
  • Identity & Access Mgmt
  • PKI, Key & Certificate Management, IoT

Contact Information

Entrust & Microsoft

Microsoft has led the innovation that has enabled the IT system of today – powerful, dynamic, and accessible from a range of devices and locations. And as mobile and cloud reshape the traditional security perimeter, identity has become critical in securing digital connections throughout the enterprise to guard against increasingly sophisticated threats and attacks.

Image of Microsoft Intelligent Security Association

Strategic partnership with Microsoft

Bringing our portfolio of trusted identity solutions to Microsoft customers enables secure connections between people, systems, and devices to streamline IT deployment, mitigate risk, and reduce fraud. Together, we enable even higher levels of growth and innovation. Entrust is an official member of the Microsoft Intelligent Security Association.

Entrust and Microsoft Strategic Partnership

Secure your Systems

Modern enterprises have seen an increase in mobile devices and cloud environments. Better flexibility and accessibility, yes, but both also introduce more risk. Together, Entrust and Microsoft have developed a suite of integrations that enforce trusted identity within transactions and between devices and systems.

Woman looking at paper

Mobile Device Management

With Microsoft Intune, organizations can easily manage all of their mobile devices and applications, seamlessly enabling enterprise mobility. The integration of Entrust PKI and Intune enables these organizations to issue certificates via Entrust to provide seamless device authentication to applications and on-premises resources.

Modern device provisioning

Windows Autopilot automates the heavy lifting usually required to provision new devices. With the integration of Entrust PKI, you can enable secure access to corporate resources such as WiFi, VPN, and core applications during provisioning with the issuance of device certificates by Entrust through Microsoft Intune. The costs and time required to set up devices is greatly reduced, and your devices gain additional security based on trusted identity.

Nurse looking at a document
Entrust and Microsoft Strategic Partnership

Secure your Users

The evolution of mobile and cloud have introduced a broad range of applications and endpoints - and magnified challenges in user identity management and authentication. Entrust and Microsoft have a suite of integrations for directory services, user authentication, and access control that allow you to easily leverage the best-in-class capabilities of both vendors.

Person using a tablet

User management with Active Directory

The integration of Windows Server Active Directory (AD) and Azure Active Directory environments with Entrust Identity-as-a-service streamlines user identity management, enabling you to leverage existing user and attribute information for quick and effortless deployment. 

Microsoft application authentication

Whether you’re seeking to add effortless, strong authentication to Windows login or streamline access to Microsoft cloud applications such as Office 365, Entrust Identity-as-a-service provides the most modern mobile and adaptive authentication to secure your business while creating a frictionless user experience. Integrations also extend to legacy applications with rich protocol support, including CAPI, ISAPI, ADFS, Radius, SAML, and OpenID connect.

Microsoft Word screen
Phone with fingerprint protection

Azure Active Directory conditional access

Microsoft now offers customers access management capabilities with Azure Active Directory Conditional Access. Entrust Identity-as-a-Service brings an additional layer of authentication to Azure Active Directory to meet the flexibility and varied needs of your users, from grid cards and hardware tokens to mobile push and the most secure certificate-based approaches with our mobile smart credential. Your applications, data, and organization will be protected with an authentication that’s easy to deploy and use.

PIV-Compliant Government mobility

Through participation in the Entrust Ready Technology Partner Program, Microsoft Intune integrated our certificate-based, mobile smart credential technology to provide secure, frictionless physical and logical access control to mobile users. This Derived PIV credential solution establishes secure remote access to U.S. Federal Government networks and applications via certificate-based authentication. Visit Microsoft’s blog to learn more.

Person on phone
Entrust and Microsoft Strategic Partnership

Secure your Solutions

Managed Microsoft PKI Service

Maintain your Microsoft PKI solution while eliminating the need for in-house resources and the highly specialized skillset required to properly manage digital identity and certificates. Your own dedicated Microsoft PKI is delivered as a managed service and hosted in Azure.

Microsoft logo

Simplify the Security of Your Microsoft Services

As you do more business in the cloud, your security should be there too. Entrust PKI as a Service is a state-of-the-art PKI solution built in the cloud, for the cloud. With its advanced functionality enabling automation and scalability, PKIaaS makes it simpler for organizations to meet their growing needs securely – and simplifies PKI by providing pre-built secure solutions that are ready to consume at a click of a button.

Talk to an expert

Our experts will contact you to discuss how our partnerships and solutions can meet your needs.