Microsoft strives to produce innovative products and services that meet customers' evolving needs. Thales nShield HSMs are certified to support a wide range of Microsoft security solutions and deliver the industry’s most operationally efficient key management framework. Thales enables Microsoft customers to utilize cryptographic security to enhance their business as well as satisfy evolving compliance requirements. Thales and Microsoft together facilitate the secure adoption of new technologies and delivery models including virtualization and cloud computing. Thales e-Security is a Gold Certified Microsoft partner.
Thales nShield HSMs safeguard digital certificate issuance, management and validation processes for organizations looking to extend the security of Microsoft Active Directory Certificate Services PKI with a hardware-based solution. Using nShield HSMs, all key generation and certificate signing operations are executed within the tamper-resistant confines of the module. Private keys are securely stored and never accessible outside the HSM. Microsoft has published guidance stating that using an HSM to provide strong protection of CA keys or other high value keys is one of the strongest controls you can implement to protect your PKI (“Securing Public Key Infrastructure”, Microsoft IT, Information Security and Risk Management, published May 16, 2014).
Thales nShield HSMs create tight controls around the management and use of the keys used by Microsoft Rights Management Services (RMS). For organizations deploying on-premises Active Directory Rights Management Service (AD RMS) Thales nShield HSMs safeguard and manage the key completely independent of the software environment.
Organizations subscribing to Windows Microsoft Azure cloud services – RMS and Key Vault for cloud applications and services in the cloud can choose to generate and maintain custody of their own keys (including authentication keys, storage account keys, and data encryption key(s) independent of Microsoft. This unique bring your own key (BYOK) solution gives organizations control and visibility of the use of their keys and neutralizes the perception that sensitive data maintained in the cloud is vulnerable because the cloud can only be a shared service with a shared security infrastructure.
Thales key management for Microsoft SQL Server 2014, 2012 and 2008 extends and enhances security by providing protection and lifecycle management for database encryption keys. nShield HSMs utilize Microsoft’s Extensible Key Management (EKM) interface to support Transparent Data Encryption (TDE) and cell-level encryption modes for protection and consolidation of database application keys. This provides high assurance key archival for long-term data access as well as facilitating periodic rotation of encryption keys as required by regulations such as PCI DSS.
In addition to the resources linked on this page, several detailed integration guides are available for Thales-Microsoft solutions -- please visit our Knowledge Base for a full listing.