Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
Keep calm and we will be with you shortly!

Olov Norman 02 Sep 2020
2 min

Double Key Encryption by Microsoft

In today's reality the importance of remote work on a daily basis relies heavily on the sharing of information. This is a challenge to organizations who whats to maintain productivity while keeping data privacy and regulatory compliance.

Organizations in highly regulated industries such as government, healthcare and financial services faces additional challenges. Some of their data (e.g., trade secrets, patents, and financial algorithms) needs the highest level of protection and controls. Failure to protect this mission-critical data not only damage a company’s reputation, but can lead to a loss of customer trust and cost a lot of money. It is more important than ever to maintain control of your highly sensitive data and prevent third-party access to it.


We all know that Microsoft 365 provides services like built-in data protection by encrypting customer data, both at rest and in transit. For added protection, this service can also encrypt customer data at the application layer and provide flexible key management solutions. Customers can further protect their data based on content using Microsoft Information Protection’s  classification and labeling capabilities.

And now adding more to the service of data protection solutions, we are pleased to announce that Microsoft is releasing the the public preview of Double Key Encryption for Microsoft 365. Double Key Encryption helps organizations protect their mission-critical data - a small volume of their overall data.

Double Key Encryption enables you to protect your highly sensitive data while keeping full control of your encryption key. It uses two keys to protect your data—one key in your control, and a second key is stored securely in Microsoft Azure. Viewing data protected with Double Key Encryption requires access to both keys. Since Microsoft can access only one of these keys, your protected data remains inaccessible to Microsoft, ensuring that you have full control over its privacy and security.  

With Double Key Encryption, you can:

  • Maintain full control of your key
  • Enjoy a consistent labeling experience
  • Simplified deployment compared to  hold your own key

Enjoy a consistent labeling experience

Storing your highly sensitive data in an on-premises infrastructure typically results not only in high costs, but an inconsistent user experience across different systems. Double Key Encryption uses the Azure Information Protection unified labeling client to provide a consistent labeling experience across your data estate.

Admins and users with required permissions can create labels with Double Key Encryption in the Microsoft 365 compliance center, just like they can for any other sensitivity label type. Once the label is created, admins can assign policies to the labels in the Microsoft 365 compliance center. Users can protect their data by selecting the Double Key Encrypted label in the Sensitivity ribbon in Microsoft Office, providing a consistent experience.

So how does is really work?

We are proud to invite you to a webinar on September 11 where we will go into the details of this service and all of its functions and features.  Speaker of the webinar is Anders Olsson from Onevinn one of our many experienced consultant that has been working with Microsoft information Protection for a very long time now. 

Watch the webinar:

Best regards / Olov Norman

Sign up for webinar: Double Key Encryption by Microsoft