DuoKey logotype

Securing Microsoft 365

Reinforcing Data Security on Microsoft 365. Enhance your organisation data security and compliance with Double Key Encryption.

Scroll for more

Reinforcing Data Security with Double Encryption Key

Enhance Data Protection with Double Key Encryption for Microsoft 365

DuoKey for Office 365

While Microsoft 365 encrypts by default data stored in its cloud services both at rest and in transit, using some of the strongest and most secure encryption protocols, risks of unauthorised data access, compliance violations and data breaches remain.

To mitigate those risks, Microsoft provides an encryption implementation called Double Key Encryption (or DKE for short), which provides an enhanced level of encryption to secure sensitive documents and data store in microsoft office. Unlike traditional encryption methods that rely on a single encryption key, with Double Key Encryption (DKE) one key is held by Microsoft in Azure key vault, while the other key is exclusively managed externally by the client.

This implementation ensures that even if one encryption key is compromised, the data remains encrypted and inaccessible, while maintaining complete data sovereignty.

With Double Key Encryption, organisation can confidently move their most sensitive data to the Azure cloud and maintain compliance with stringent data privacy regulations, including HIPAA, GDPR, FINMA, etc.


There is a risk that rogue administrators working at cloud service providers access customer data or keys with the intent to misuse the data. With DuoKey you keep dual control of your encryption keys while protecting sensitive documents stored in the cloud.


The most significant threats to the exposure of sensitive or confidential data are employee mistakes. In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping and lawful data requests.


Check who opened your sensitive content using our DuoKey track map. We provide real-time activity logs on all sensitive content while it is decrypted using our DKE service. If you want to block access to a domain or a specific user, you can leverage on conditional access control rules.

In detail

Double Key Encryption for Microsoft 365

Unparalleled Protection for Your Microsoft 365 Data with Double Key Encryption (DKE)

While most of Microsoft’s Double Key Encryption solutions rely on the use of Hardware Security Module (HSM) to store customer keys, DuoKey provides an additional layer of protection by encrypting all document encryption keys (DEK) with a root master key (MK) using secure Multi-Party Computation (MPC). With MPC, the MK, which is under the exclusive control of the customer, remains securely protected and never exists in plain text, as it is divided and distributed across servers.

In this setup, the cloud provider has no access to the MK, ensuring the highest level of data confidentiality and control. This allows to:

  • Maintain data sovereignty
  • Comply with regulatory requirements
  • Control your encryption keys
  • Protect your sensitive data in the Azure Cloud

DuoKey DKE module seamlessly integrates with leading HSM vendors like Securosys, Atos HSM, Thales, and more.

What's Double Key Encryption (DKE)?

Double Key Encryption, or DKE, is a encryption implementation of Microsoft, which lets organisations maintain full control over their encryption keys. The implementation uses two keys to protect data; one is managed by Microsoft, while the other one is stored outside of Microsoft. Learn more in our medium article: What’s Double Key Encryption (DKE) and When You Need it?

Always client-side encryption is performed

No third-party can ever access your data

Dedicated tenant and vault for storing your keys

Monitor who uses your keys


We are trusted by our partners

We appreciate DuoKey's cutting-edge approach to cloud security. Their double key encryption and advanced key management solutions not only enhance data protection but also ensure compliance. Utilizing advanced Multi Party Computation (MPC) protocols developed over decades by our team of acclaimed researchers, DuoKey delivers a superior level of cryptographic security, making it a reliable choice for safeguarding cloud applications and sensitive data.

Ahmet Tuncay - Former CEO, Sepior ApS

Blockdaemon Inc

DuoKey has revolutionized data security in our healthcare organization. Their encryption solutions provide robust protection for our sensitive health data, ensuring compliance and peace of mind.

CISO at Large Health NGO

Large Health NGO

Scroll right

Take control of your encryption keys and protect sensitive data today!