MENU
REQUEST URGENT HELP

Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
 
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
 
Keep calm and we will be with you shortly!

Double Key Encryption (DKE) for Microsoft Information Protection

This week Microsoft Ignite starts. One of the biggest news around Microsoft Information Protection is the new encryption technology. This is meant to be the new Hold Your Own Key (HYOK) option that will replace the alternative to use AD RMS. The new technology is called Double Key Encryption (DKE), simply because it uses two keys to protect your data—one key in your control, and the other one is your Azure RMS key. Viewing data protected with Double Key Encryption requires access to both keys. Compared to AD RMS (that is built on the local Active Directory) DKE are using Azure AD. In the same way as Azure RMS information can be protected to both internal as well as external users.

The content that is being encrypted with DKE is protected with your own key (where ever the content is stored). You have a lot of options for your own key, that is running on a web service that can be stored where ever you want. Access to this key is definied by you, which give you a lot of possibilities to meet different business requirements.
The concept is still that Microsoft doesn’t have access to this key and therefor none of the online services from Microsoft will work. No support of Office Online apps/Microsoft Teams or actions like co-authoring or eDiscovery/content search is available.

This technology is built into the Modern Office, also called Office ProPlus that will have support to encrypt and decrypt with DKE. In the first release this will only work on Office for Windows, but the plan is to release this to all kind of platforms (iOS, Mac, Android etc.) The goal is to support email encryption as well (with the requirement to use the modern Outlook app) but for now, DKE only supports Office Documents, Excel files and PowerPoints.

In the same way as HYOK with AD RMS this is only meant to be use for certain highly confidential information. Information that have this specific business encryption/access requirements.

image

I will not keep trying to explain this technology more in text Have a lock at this video where I explain the concept and everything you need to know about the encryption and decryption with DKE.
blog author image
Anders Olsson anders.olsson@onevinn.se

Latest Blogposts

Karin Bui 16 Apr 2024

Welcome to us Patrik Jonsson

1 min
Olov Norman 12 Feb 2024

Welcome to us Kim Nordqvist

2 min
Rikard Rönnkvist 22 Dec 2023

Merry Christmas to all hackers

4 min
/feature
Onevinn

Göteborg

Kvarnbergsgatan 2
411 05 Göteborg

Lund

Scheelevägen 17
223 70 Lund

Karlstad

Lagergrensgata 2
652 26 Karlstad

Örnsköldsvik

Magasinallen 2
890 30 Örnsköldsvik
Onevinn Map
MISA_RGB_MemberBadge_Main_Landscape_FullColor_Dark
Microsoft Solutions Partner
Yubico Preferd Partner
Microsoft Advanced Specializations
Security
Lookout Mobile EDR Defense Partner
Threat Protection
Modern Work
EBF Onboarder
Identity and Access Management
Infrastructure
Entrust Hardware Security Modules
Information Protection & Governance
Cloud Security