Published Jun 27, 2023
Message Center
Updated January 24,March 15, 2024: We have updated the rollout timeline below. Thank you for your patience.
To protect your most sensitive content, users of Microsoft 365 Apps can now use Double Key Encryption (DKE) for files and emails using the built-in labeling client. With DKE, Microsoft stores one key in Microsoft Azure and you hold the other key, ensuring that only you can ever decrypt protected content, under all circumstances. Sensitivity labels configured with DKE in Microsoft Purview Compliance Portal are now available for users in Word, Excel, PowerPoint, and Outlook to publish or consume content protected with DKE.
This message is associated with Microsoft 365 Roadmap ID 124984
[When this will happen:]
General availability:
[How this will affect your organization:]
Users who have sensitivity labels configured with DKE will be able to publish and consume DKE-protected content using the built-in labeling client in Word, Excel, PowerPoint, and Outlook.
With this update, organizations that have also enabled "co-authoring for files encrypted with sensitivity labels" can now deploy DKE labels in the same tenant, allowing users to benefit from M365's collaboration tools even if some of your users require DKE content for some of their documents.
[What you need to do to prepare:]
If you're already using DKE with the Azure Information Protection (AIP) add-in, you can now enable co-authoring for encrypted files and start planning your migration to the built-in labeling client before the add-in is retired in April 2024 (https://aka.ms/AIP2MIP/RetireAddin).
If you've been considering DKE for your organization, now is the time to plan for DKE in your environment using the built-in labeling client instead of attempting to deploy it through the AIP Add-in. (https://aka.ms/AIP2MIP/HowTo/GetStarted)
Updated January 24, 2024: We have updated the rollout timeline below. Thank you for your patience.
To protect your most sensitive content, users of Microsoft 365 Apps can now use Double Key Encryption (DKE) for files and emails using the built-in labeling client. With DKE, Microsoft stores one key in Microsoft Azure and you hold the other key, ensuring that only you can ever decrypt protected content, under all circumstances. Sensitivity labels configured with DKE in Microsoft Purview Compliance Portal are now available for users in Word, Excel, PowerPoint, and Outlook to publish or consume content protected with DKE.
This message is associated with Microsoft 365 Roadmap ID 124984
[When this will happen:]
General availability:
[How this will affect your organization:]
Users who have sensitivity labels configured with DKE will be able to publish and consume DKE-protected content using the built-in labeling client in Word, Excel, PowerPoint, and Outlook.
With this update, organizations that have also enabled "co-authoring for files encrypted with sensitivity labels" can now deploy DKE labels in the same tenant, allowing users to benefit from M365's collaboration tools even if some of your users require DKE content for some of their documents.
[What you need to do to prepare:]
If you're already using DKE with the Azure Information Protection (AIP) add-in, you can now enable co-authoring for encrypted files and start planning your migration to the built-in labeling client before the add-in is retired in April 2024 (https://aka.ms/AIP2MIP/RetireAddin).
If you've been considering DKE for your organization, now is the time to plan for DKE in your environment using the built-in labeling client instead of attempting to deploy it through the AIP Add-in. (https://aka.ms/AIP2MIP/HowTo/GetStarted)