Microsoft has this week announced Double Key Encryption, a new security tool baked into the Microsoft 365 service. According to the company, the feature is available in public preview and allows users to protect information while having complete management of their encryption key.
“It uses two keys to protect your data – one key in your control, and a second key is stored securely in Microsoft Azure.
“Viewing data protected with Double Key Encryption requires access to both keys. Since Microsoft can access only one of these keys, your protected data remains inaccessible to Microsoft, ensuring that you have full control over its privacy and security,” Microsoft says.
While Double Key Encryption is arriving across Microsoft 365, it was designed for highly regulated sectors. For example, Microsoft points to the financial and healthcare industries. Some companies want to store highly sensitive data in the cloud and need robust security to meet their own demands and regulatory requirements.
Customers can choose the location where they host the service to request a key, such as on-premises or in the cloud. The idea behind the tool is for users to have flexibility and full control. Organizations can add access controls they want and choose where to store encrypted data.
Furthermore, Double Key Encryption taps into Microsoft's Azure Information Protection unified labeling tools. This allows users to generate multiple DKE labels and use different encryption keys to protect important data.
When a label is active, users can access it when opening any document. This means the file will be automatically encrypted when being used in a Microsoft 365 account.
Microsoft says the new Double Key Encryption is now available in public preview. Anyone with a Microsoft 365 E5 and Office 365 E5 subscription can access the tool.