<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">

S365 DKE

One click to protect your data

Double-Key Encryption against data privacy threats

No engineering or maintenance required

Unlimited number of documents & emails

30-day free trial

Add-in for  Picture1

Starting at $625.00/1-month

What is it ?

Acting similarly to a Cloud Access Security Broker (CASB), Securosys 365 DKE encrypts data on the Microsoft client before transferring it to the cloud.


Who is it for ?

For professionnals & organizations who need private documents to remain private.

Why using it ?

To reach the highest standards of your industry regarding data security.


How it works

  • Securosys 365 DKE acts like a CASB, i.e. a security policy enforcement point between your Office 365 documents and our Primus HSM.
  • For end-users, the process is straightforward: select a sensitivity label once for all your documents or emails.
  • Your data undergoes a dual encryption process, first by Microsoft and then by Securosys - Learn more about Double Key Encryption.
  • In the event of a security breach, your documents remain safeguarded, unauthorized individuals cannot access your data.

Use cases

Securosys365 Double Encryption Key (DKE) for legal services

Legal services

In my capacity as an attorney, safeguarding attorney-client privileged communications is paramount. Using secure communication channels and document management systems ensures the confidentiality of legal contracts and strategies.

Securosys365 Double Encryption Key (DKE) for public services and government

Public Services and Government

As a government official managing citizen services at the town hall, my responsibility is to safeguard sensitive citizen data and maintain the confidentiality of government documents, implementing secure digital platforms and access controls to ensure the privacy and integrity of public records.

Securosys365 Double Encryption Key (DKE) for healthcare and pharmaceutical industries

Healthcare & Pharmaceuticals

In my role as a medical researcher handling clinical trial results, I must keep the confidentiality of patient records and drug development data, thanks to stringent access controls to protect sensitive healthcare information.

Securosys365 Double Encryption Key (DKE) for Media and Entertainment companies

Media & Entertainment

As a content producer responsible for unreleased films, I am entitled to NDA agreement with multiples agencies. Securing exclusive content and distribution agreements, and implementing measures to prevent unauthorized access and leaks, is a priority.


Defense & Aerospace

As a defense contractor handling classified military plans, I am bound to maintain the utmost protection regarding aerospace technology blueprints and classified government contracts through rigorous security protocols.

Why choosing Securosys365 DKE
30-days free trial

We know how challenging it is for an organisation to adopt a new security feature. Test our solution in your own environment to be sure it meets your requirements. 



No maintenance. No engineering.

The first DKEaaS that doesn't require any engineering on your side. Integrate our solution in less than an hour with your Microsoft Azure tenant.


hour or less to deploy the solution in your environment

Easy to use

Simply pick a sensitivity level once per document. Securosys365 DKE fits smoothly into your daily job—no hassle, no change. 


uptime, with no maintenance downtime


Single encryption vs Securosys365 DKE

No encryption - (Default)
Single Key Encryption (Azure)
Double Key Encryption by Securosys
File content encrypted

File metadata encrypted

File excluded from the search index

No encryption - (Default)
Single Key Encryption (Azure)
Double Key Encryption by Securosys
File content encrypted

File metadata encrypted

File excluded from the search index

Book a demo !

Watch the video below or book a free 30-minute demo. One of our solution engineers will show you how Securosys365 DKE works and how to make the most of it for your business.

If you prefer to talk to sales, please use our contact form.



Check that you have the right technical infrastructure

    Installation (30 min)

Install Azure Information Protection on your environment and link it to your Securosys365 DKE tenant

    Configuration (1-4 hours)

Create & publish the new sensitivity labels


Free trial & proof of concept (PoC)
Why should I do a proof of concept ?

A Proof of Concept for Securosys365 DKE ensures a smooth integration, minimal disruption, and alignment with your expectations, allowing you to validate the effectiveness of our security product before widespread implementation within your organization.

What are the steps to install Securosys365 DKE?
  • Minimum 50 users
  • Microsoft 365 E5 & Microsoft 365 Office Apps for Enterprise (version 18.2008.12711.0 or later)
  • From 1 to 10 sensitivity label names compliant with your organization's information protection policies. Examples provided in the resources
2. Installation (30 minutes)
3. Configuration (1-4 hours)
  • Log in and retrieve your Securosys365 admin credentials through our support portal
  • Create & publish sensitivity labels in your Azure tenant
  • Test
Can Securosys support me for the installation ?

We can offer a 30-minute demo with one of our Senior Product Engineer to address the most common questions.

Unfortunately, we cannot provide consulting resources to work on your infrastructure and perform the installation on your behalf.

However, we would be happy to recommend consulting partners to support you with the installation.

How to kickstart a proof-of-concept for Securosys365 DKE ?
  • Liaise internaly with the relevant stakeholders. Most likely the CISO
  • Assess the complexity of the solution, the pre-requisites, the technical & human resources needed. Appoint external resources if needed
  • Install Azure Information Protection on your environment and link it to your Securosys365 DKE tenant (30 minutes)
  • Choose and implement security labels (1-4 hours)
  • Run some tests as an end-users on Excel, Word, PowerPoint, Outlook, to cover your most important use cases
What are the technical skills needed to install Securosys365 DKE?

To install Securosys365 DKE, you need to understand the following concepts:

  • Azure Fundamentals
  • Azure Information Protection (AIP)
  • Azure Active Directory (AAD)

which would be most likely CISO, IT Manager/Director, System Administrator, Security Analyst, Security Engineer, Security Architect. They can be supported by Security Consultant, IT Auditor, Data Protection Officer (DPO), Compliance Officer, Risk Manager, 

Why does Securosys365 DKE work with Microsoft E5 licences, but not E1 & E3 ones ?

Securosys365 DKE works with the Double-Key Encryption (DKE) protocol from Microsoft, which is only included in E5 licences.

If you don't have an E5 licence, Microsoft offers a 30-day free trial here

Microsoft Office already encrypts the data by default. Isn't that sufficient ?

While Microsoft Office does include default encryption for data, Securosys365 DKE goes beyond by providing additional layers of security. Our solution not only enhances encryption but also empowers you to control who can encrypt/decrypt data, offering advanced threat detection and customization options tailored to your organization's specific needs. This ensures a comprehensive and customizable approach to safeguarding your sensitive data alongside the default encryption provided by Microsoft Office.

What makes Securosys365 DKE different from other solutions ?

The main difference is that most of the alternative solutions rely on Microsoft's DKE open-source project which requires:

  • a dedicated infrastructure project
  • engineering to deploy the software
  • regular maintenance

Securosys365 DKE is one of the few fully managed DKEaaS on the market that removes all these pain points for you.

Once a sensitivity level is chosen, can I update if to a higher/lower one ?

Yes, you can always update sensitivity labels.

What is included in the monthly subscription ?

The monthly subscription includes:

  • Infrastructure/hardware costs - Primus HSM, etc.
  • Software costs with continuous improvement
  • Online console to manage your key
  • 24/7 support & maintenance

Not included:

  • Azure & Microsoft desktop App licences
  • Any consulting/training/support for the Proof of Concept PoC & onboarding - We can recommend some partners instead
Risk mitigation
Can Securosys decrypt my documents ?

No, Securosys cannot access your data because:

  • Securosys doesn't have access to your Azure tenant
  • The decryption is performed on the client's device by the Office Apps
Why choosing multiple sensitivity labels ? Can't we simply have one and apply it to all the data ?

Within your organization, you might have different groups of users with different roles & duties. The permissions will be different for each of them.

Thus, you will need a specific sensitivity labels to match each use cases.

What does Securosys365 DKE protect my documents against ?
Securosys365 DKE enables you to retain control of your second key and mitigate the following risks:
  • Security vulnerabilities in complex hyperscaler environments
  • Malicious activities by hyperscalers or employees
  • Loss of intellectual property
Additionally, it ensures compliance with GDPR protection laws.
Exit process
What happens if the key is lost ?

If the Securosys365 DKE key is lost, you could not decrypt your data anymore.

However, this risk is being eliminated as your key is stored in an HSM which is redundant.

If a user A leaves the company, can a user B access its documents ?

Yes, the MIP admin on customer side simply needs to apply user A's permissions to user B.

What happens if I lose access to my documents, or if my Microsoft Office 365 subscription is cancelled ?

The data would remain encrypted and could not be used by anyone

What happens to my documents if I unsubscribe from Securosys365 DKE ?

Before your subscription ends, we recommend the following exit process:

  • Decrypt all your documents and move them to their new location
  • If you have a lot of documents, you can run a PowerShell script to decrypt any DKE-encrypted protected files.

Please contact us at least 1-month before the termination to ensure a smooth exit process.

You might be interested in


HSM as a Service. Several offers tailored to your needs

External Key Storage (XKS)


Vault by HashiCorp

Cloud-Aware Primus HSM for Hashicorp Vault