How long Microsoft can use a DKE public key before they ask the PK Endpoint Manager for a new one.
Alternatively, this can be left blank for pre-defined PK Endpoint Manager administrator permissions to be enforced for the configuration. Specifically define administrators who can edit or delete the DKE Configuration. Make sure to configure the MIP/Applications and MIP/Config page before continuing through this section to populate labels. In order for labels to appear in the label table they must be added from the "Import" button or added manually from the "Add" button. Once Labels are added to the Labels table shown on this page, they can be used in the MIP labels dropdown as a remediations option. This page allows administrators to view and import security Labels from Microsoft into the PK Endpoint Manager.
With that DKE controlled by the PEM, an administrator sets what users and groups should have access to the DKE key. The second key that customers control is managed by a cloud or on-premises instance of the PKWARE Enterprise Manager (PEM). Without having both keys, Microsoft cannot decrypt files encrypted with DKE.
Microsoft Azure stores one key and the customer holds the second key, which means customers can finally maintain full control of one their keys. Microsoft DKE uses two keys to access protected content. Double key encryption allows organizations to utilize the seamless experiences with encrypted Office file types while also giving customers the benefit of knowing no one else outside their organization can decrypt their files, including Microsoft. Microsoft allows for customers to choose between different types of key management capabilities around their Information Protection suite Microsoft Managed Key, Bring Your Own Key, and Double Key Encryption. Administrators managing Microsoft’s Information Protection around double key encryption with PKWARE don’t have to worry about the aspects that come from enterprise key management scalability, auditability, durability, security, and high availability. PKWARE key management support for Microsoft Double Key Encryption (DKE) provides organizations with a simple and seamless experience for administrators.