DuoKey for Microsoft 365
We have developed for you the most powerful double key encryption (DKE) systems and advanced key management solutions for unparalleled data protection across the cloud and hosted applications.
Our products are designed to take cloud security beyond industry standards, guaranteeing no one can access your critical data without authorization.
Built with Security and Privacy in mind
DuoKey Key Management is the industry’s first true cloud-native key management system. It utilizes patented technology and Multiparty Computation (MPC) to provide cryptographic key management with security equivalent to an HSM, with high-availability in a pure-cloud fashion.
It delivers keys to any cloud service, requires no trust in any service provider, and enables total key immunity against malicious actors, side-channel attacks, state-nation hacking, and unlawful or unauthorized key access.
digitialize your workplace.
Move to microsoft 365 secured with duoKey.
Hold your own keys
The most significant threats to the exposure of sensitive or confidential data are employee mistakes. In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping and lawful data requests.
Stop data leakage
The most significant threats to the exposure of sensitive or confidential data are employee mistakes. In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping and lawful data requests.
Highly secure, always keep your sensitive data private
Even keys stored only in server memory could be vulnerable to compromise. Where the value of the data demands it, keys should be encrypted whenever stored and only be made available in unencrypted form within a secure, tamper-protected environment and even (in extreme cases) kept offline
- Always client-side encryption is performed
- No third-party can ever access your data
- Monitor who uses your keys
- Dedicated tenant and vault for storing your keys

Granular Access Control Equals Robust Security
It is often necessary to move a key between systems. This should be accomplished by encrypting (“wrapping”) the key under a pre-shared transport key (a key-encryption key, or KEK), which may be either symmetric or asymmetric. Where this is not possible (e.g. when sharing symmetric transport keys to bootstrap the system), the key should be split into multiple components that must then be kept separate until being re-entered into the target system (and then the components are destroyed)
DuoKey has resolved an operational headache for us by letting us managing all keys in one place
Senior Information Security Architect
See our supported Key Vault for storing your encryption keys
DuoKey for Office365 can leverage on industry vendors HSM like ATOS, Thales, Securosys and Entrust but also integrate our innovative MPC KmaaS powered by SEPIOR MPC






Make your critical data protected
DuoKey allows you to encrypt your sensitive documents and emails directly on your desktop with your own encryption key and store it in Office 365 or any other cloud service while keeping the key under your exclusive control.
Secure your keys
Keeping data together with encryption keys increases the likelihood of an attacker finding the keys, decrypting them, and exfiltrating sensitive data to the outside. Keeping encryption keys in hardware security modules is a key step toward securing the keys, ensuring separation between the data and the keys
Protect your end users
Protect data no matter how it's accessed with a variety of multi-factor authentication methods. Centralize data across security systems to provide visibility into seemingly disparate events
Monitor usage
Metrics are measures providing a standard that allows a performance assessment. These could be technical, such as encryption time, or manual, such as risk management policy review frequency. Monitoring refers to sufficient frequency and transparency to ensure that action can be taken to remediate poor performance or replicate good performance.
Reduce your attack surface
To reduce the threat surface and likelihood of breaches as well as to satisfy auditors’ requests for repeatable data protection in the cloud, most firms believe that they can’t even begin migrating their workloads and data to the cloud without proper data encryption
With DuoKey for Office 365 You Get:
Double your security
Apply two layers of security to your most sensitive content in Azure cloud for Microsoft Office 365 documents and files. DuoKey adds a second layer of encryption on all your document encryption keys (DEK) with a root master key (MK) that is protected using our MPC algorithm. The MK is controlled and do not exist in clear text by the final customer. Cloud provider has no access to the MK.
Own and fully control your key and the software that generates your key
Replacing Microsoft Hold your Own Key (HYOK), Double Key Encryption does not require enterprise customers to operate their own Active Directory and Rights Management servers. Instead, customers are empowered to provide their own cryptographic keys in real time
Secure your workforce
Secure your collaboration with external users while protecting highly sensitive documents or email using our DKE encryption. All files are always protected at-rest,in-transit but also in-use. This guarantee that if document is shared with other party it can't be decrypted as DuoKey adds a strong access control embedded within your content.
Conditional Access Control
Manage user access to your key and the content protected by the key. Our module is able to provide specific conditional access rules based on country, IP, devices, roles and groups extracted from the context of user access.
Control
With DuoKey for Office 365 Double Encryption, MPC share keys are never in the clear or recombined. This avoids using a complex hardware security module and provides the same level of security (FIPS 140-3). You have full control of your key which you can choose the location and who has access. Encrypt so even Microsoft does not
have ability to access your content
Avoid key loss or disclosure
Your encryption keys are split into two parts to avoid the internal risk of key disclosure or complex key ceremony protocol. You still have the option of storing the keys in an HSM box. MPC (Multi-Party Computing) is an innovative way to reduce the complexity of storing sensitive key material in one place and eliminate the concept of private keys. Every encryption is done in a secure, distributed way to protect against data theft, physical damage, and insider collusion
Ready to deploy DuoKey for Office 365 ?
DuoKey for Office365 is part of DuoKey KmaaS and available in the marketplace in Azure or on-premise. We also have a partner that can host and serve our apps
On-Prem
DuoKey for Office365 can be hosted on-premise on a docker linux container or via Openshift Kubernetes cluster. It works fully automated deployement via Terreform and helm charts
SaaS
Some of our partners can server DuoKey Cockpit and 365 as SaaS tenant. Tenant and Edition (package) management for 365 applications is fully isolated.
Azure Marketplace
Try and buy DuoKey directly from Azure Marketplace using your actual Azure tenant and consumption.