DuoKey for Microsoft 365

We have developed for you the most powerful double key encryption (DKE) systems and advanced key management solutions for unparalleled data protection across the cloud and hosted applications.

Our products are designed to take cloud security beyond industry standards, guaranteeing no one can access your critical data without authorization.

YOUR SENSITIVE document with double key encryption
Protect your document in transit and at rest. IT IS ALWAYS PROTECTED
check who opened and ACCESSED to your sensitive information

Built with Security and Privacy in mind

DuoKey Key Management is the industry’s first true cloud-native key management system. It utilizes patented technology and Multiparty Computation (MPC) to provide cryptographic key management with security equivalent to an HSM, with high-availability in a pure-cloud fashion.

It delivers keys to any cloud service, requires no trust in any service provider, and enables total key immunity against malicious actors, side-channel attacks, state-nation hacking, and unlawful or unauthorized key access.

digitialize your workplace.
Move to microsoft 365 secured with duoKey.

Double Key Encryption (DKE) utilizes two component keys to protect highly sensitive data — a key that is in the customer’s control and a Microsoft key stored securely in Microsoft Azure
Hold your own keys

The most significant threats to the exposure of sensitive or confidential data are employee mistakes. In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping and lawful data requests.

personal device
Stop data leakage

The most significant threats to the exposure of sensitive or confidential data are employee mistakes. In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping and lawful data requests.


Highly secure, always keep your sensitive data private

Even keys stored only in server memory could be vulnerable to compromise. Where the value of the data demands it, keys should be encrypted whenever stored and only be made available in unencrypted form within a secure, tamper-protected environment and even (in extreme cases) kept offline


Granular Access Control Equals Robust Security

It is often necessary to move a key between systems. This should be accomplished by encrypting (“wrapping”) the key under a pre-shared transport key (a key-encryption key, or KEK), which may be either symmetric or asymmetric. Where this is not possible (e.g. when sharing symmetric transport keys to bootstrap the system), the key should be split into multiple components that must then be kept separate until being re-entered into the target system (and then the components are destroyed)

DuoKey has resolved an operational headache for us by letting us managing all keys in one place

See our supported Key Vault for storing your encryption keys

DuoKey for Office365 can leverage on industry vendors HSM like ATOS, Thales, Securosys and Entrust but also integrate our innovative MPC KmaaS powered by SEPIOR MPC

Key Vault for storing your encryption
Securosys for Encryption
Sepior Logo Medblue
ATOS logo - Data Security Services
Amazon Web services
Fortanix for Data Security and encryptions

Make your critical data protected

DuoKey allows you to encrypt your sensitive documents and emails directly on your desktop with your own encryption key and store it in Office 365 or any other cloud service while keeping the key under your exclusive control.

Secure your keys

Keeping data together with encryption keys increases the likelihood of an attacker finding the keys, decrypting them, and exfiltrating sensitive data to the outside. Keeping encryption keys in hardware security modules is a key step toward securing the keys, ensuring separation between the data and the keys

Protect your end users

Protect data no matter how it's accessed with a variety of multi-factor authentication methods. Centralize data across security systems to provide visibility into seemingly disparate events

Monitor usage

Metrics are measures providing a standard that allows a performance assessment. These could be technical, such as encryption time, or manual, such as risk management policy review frequency. Monitoring refers to sufficient frequency and transparency to ensure that action can be taken to remediate poor performance or replicate good performance.

Reduce your attack surface

To reduce the threat surface and likelihood of breaches as well as to satisfy auditors’ requests for repeatable data protection in the cloud, most firms believe that they can’t even begin migrating their workloads and data to the cloud without proper data encryption


With DuoKey for Office 365 You Get:

Double your security

Apply two layers of security to your most sensitive content in Azure cloud for Microsoft Office 365 documents and files. DuoKey adds a second layer of encryption on all your document encryption keys (DEK) with a root master key (MK) that is protected using our MPC algorithm. The MK is controlled and do not exist in clear text by the final customer. Cloud provider has no access to the MK.

Own and fully control your key and the software that generates your key

Replacing Microsoft Hold your Own Key (HYOK), Double Key Encryption does not require enterprise customers to operate their own Active Directory and Rights Management servers. Instead, customers are empowered to provide their own cryptographic keys in real time

Secure your workforce

Secure your collaboration with external users while protecting highly sensitive documents or email using our DKE encryption. All files are always protected at-rest,in-transit but also in-use. This guarantee that if document is shared with other party it can't be decrypted as DuoKey adds a strong access control embedded within your content.

Conditional Access Control

Manage user access to your key and the content protected by the key. Our module is able to provide specific conditional access rules based on country, IP, devices, roles and groups extracted from the context of user access.


With DuoKey for Office 365 Double Encryption, MPC share keys are never in the clear or recombined. This avoids using a complex hardware security module and provides the same level of security (FIPS 140-3). You have full control of your key which you can choose the location and who has access. Encrypt so even Microsoft does not have ability to access your content

Avoid key loss or disclosure

Your encryption keys are split into two parts to avoid the internal risk of key disclosure or complex key ceremony protocol. You still have the option of storing the keys in an HSM box. MPC (Multi-Party Computing) is an innovative way to reduce the complexity of storing sensitive key material in one place and eliminate the concept of private keys. Every encryption is done in a secure, distributed way to protect against data theft, physical damage, and insider collusion


Ready to deploy DuoKey for Office 365 ?

DuoKey for Office365 is part of DuoKey KmaaS and available in the marketplace in Azure or on-premise. We also have a partner that can host and serve our apps



DuoKey for Office365 can be hosted on-premise on a docker linux container or via Openshift Kubernetes cluster. It works fully automated deployement via Terreform and helm charts


Some of our partners can server DuoKey Cockpit and 365 as SaaS tenant. Tenant and Edition (package) management for 365 applications is fully isolated.

Azure Marketplace

Try and buy DuoKey directly from Azure Marketplace using your actual Azure tenant and consumption.