Use double-key encryption to protect your most sensitive files and emails in Microsoft 365 Apps
To protect your most sensitive content, users of Microsoft 365 Apps can now use Double Key Encryption (DKE) for files and emails using the built-in labeling client. With DKE, Microsoft stores one key in Microsoft Azure and you hold the other key, ensuring that only you can ever decrypt protected content, under all circumstances. Sensitivity labels configured with DKE in Microsoft Purview Compliance Portal are now available for users in Word, Excel, PowerPoint, and Outlook to publish or consume content protected with DKE.
When this will happen:
- Current channel available mid-August 2023
- Monthly Enterprise channel available mid-September 2023
- Semi Annual Enterprise Channel early January 2024
How this will affect your organization:
Users who have sensitivity labels configured with DKE will be able to publish and consume DKE-protected content using the built-in labeling client in Word, Excel, PowerPoint, and Outlook.
With this update, organizations that have also enabled “co-authoring for files encrypted with sensitivity labels” can now deploy DKE labels in the same tenant, allowing users to benefit from M365’s collaboration tools even if some of your users require DKE content for some of their documents.
What you need to do to prepare:
If you’re already using DKE with the Azure Information Protection (AIP) add-in, you can now enable co-authoring for encrypted files and start planning your migration to the built-in labeling client before the add-in is retired in April 2024 (https://aka.ms/AIP2MIP/RetireAddin).
If you’ve been considering DKE for your organization, now is the time to plan for DKE in your environment using the built-in labeling client instead of attempting to deploy it through the AIP Add-in. (https://aka.ms/AIP2MIP/HowTo/GetStarted)