Skip Navigation


About Microsoft

Microsoft (Nasdaq "MSFT" @microsoft) is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.


Thales TCT integrates with numerous Microsoft products to provide federal customers with best-of-breed security solutions meeting all necessary standards and compliance requirements.
  • Microsoft Azure

    Thales data discovery and classification, advanced encryption and centralized key management solutions give you protection and control of data stored on your premises, in Microsoft Azure, and other cloud providers. Thales technology enables you to:

    • Avoid cloud vendor encryption lock-in and ensure the data mobility you need while you efficiently and securely spread workloads and data across multiple cloud vendors, including Microsoft Azure, with centralized, independent encryption management
    • Take secure advantage of Azure Key Vault with centralized key management that spans multiple clouds
    • Identify attacks faster with data access logging to industry-leading SIEM applications
    • Reduce or eliminate risks arising from compromised credentials with advanced encryption including privileged user access controls
    •  Architect applications for the cloud with built-in security using vaultless tokenization with dynamic data masking

    Data Discovery and Classification
    CipherTrust Data Discovery and Classification locates regulated data in Microsoft Azure, other clouds and on-premises across many different types of data stores, include Azure block storage offerings and Azure Files. It offers a quick start with a full set of built-in classification templates with centralized operations on CipherTrust Manager. The product enables informed decision making about what and how to protect data in Microsoft Azure.

    Advanced encryption for Microsoft Azure 
    If you’re 100% Microsoft Azure-based with stringent data security controls, or if you’re running hybrid clouds with data distributed across your on-premises private cloud, multiple cloud providers, and on Microsoft Azure, you need an advanced data encryption solution. CipherTrust Transparent Encryption protects your files and databases stored anywhere, including Microsoft Azure, without any changes to applications, databases, infrastructure or business practices. Bring your own encryption to Microsoft Azure and other infrastructure as a service providers.

    Centralized, secure key management
    CipherTrust Manager centralizes key, policy and log management for CipherTrust Transparent Encryption, available in various hardware models for on-premises deployment, or can be instantiated in the Azure Marketplace.

    Multicloud BYOK management
    Organizations that cannot bring their own encryption can still follow industry best practices by managing keys externally using CipherTrust Cloud Key Manager. The CipherTrust Cloud Key Manager leverages cloud provider Bring Your Own Key (BYOK) API’s to reduce key management complexity and operational costs by giving customers lifecycle control of encryption keys with centralized management and visibility. The solution is available on the Microsoft Azure Marketplace, or can be deployed on premises or in any private cloud deployment to meet more stringent compliance requirements. 

    BYOK for Microsoft Azure Key Vault with Thales TCT Luna T-Series HSMs
    The ability to import keys generated in Luna T-Series HSMs via the Thales BYOK solution provides enhanced control and security over encryption keys used by Azure Services and applications running in the cloud. By generating your own keys with a Luna HSM, you can easily verify the origin and quality of the keys you are using in the cloud, strengthening the security of your organization’s key management and security practices.

    Download Solution Brief

  • Microsoft Active Directory Federation Services

    Active Directory Federation Services (AD FS) is a tool installed on Windows servers that provides users throughout an enterprise with single sign-on (SSO) access to network and cloud-based resources. AD FS verifies user identities based on an exchange of private and secure information generated from a variety of authentication technologies–including certificate-based authentication, OTP, OOB, and pattern-based authentication–generated from a wide variety of form factors, such as hardware, software, or mobile tokens. When users authenticate to AD FS, they need only sign in once to then receive access to multiple web applications over the life of a single online session.

    Thales TCT Luna T-Series HSMs integrate with AD FS to secure the token signing and certificate private keys. Preserving the token signing and certificate keys in Luna HSM, organizations preserve the integrity of the authentication transaction. Since these materials never leave the hardware appliance, unauthorized users never have access to the materials they would need to steal to impersonate an authorized user. When Luna HSM serve as the secure root of the SSO infrastructure, organizations can rest assured that identity verification transactions will be uncompromised.

    Thales authentication solutions integrate with AD FS, enabling organizations to implement strong authentication for AD FS supported clients and web-based applications, such as Office 365. Acting as the trusted identity provider, the SafeNet portfolio of authentication solutions extend Active Directory identities to AD FS-supported environments. Thales solutions provide a wide range of authentication methods. Additionally, SafeNet authentication solutions integrate with the Thales AD FS agent to provide the authentication mechanism for its SSO features. Through the AD FS agent, organizations can implement strong authentication policies for AD FS supported clients and web-based applications.

  • Active Directory Certificate Services (ADCS)

    Active Directory Certificate Services (ADCS) is a management tool for the administration of cryptographic materials used in public key infrastructures (PKI). More specifically, ADCS is the service that provides the core functionality for Windows Server’s certification authority (CA). Certificates enhance security by assigning the identity of a person, device, or service to a specific private key to ensure proper identity verification during sensitive cryptographic transactions. For organizations that rely on PKI, ADCS offers a cost-effective, efficient, secure way to manage the distribution and use of these certificates.

    Fundamental to the integrity of this infrastructure is the CA’s root cryptographic signing key, which is used to sign the public keys of certificate holders and its own public key. The compromise of a CA’s root key either by malicious intent or by accident can have catastrophic consequences. Best practice dictates that this root-signing key be diligently stored in a tamper-proof hardware security module (HSM).

    Organizations that use AD CS in their infrastructure can store their encryption keys and certificates in Thales TCT's Luna T-Series HSM.

    Download Solution Brief

  • Microsoft Online Certificate Status Protocol (OCSP)
    Microsoft Online Certificate Status Protocol (OCSP) is used to validate a certificate’s status in real-time. Using OCSP, administrators manage and distribute revocation status information on certificates in PKI environments. OCSP integrates with  Luna T-Series HSM to verify, and revoke if necessary, certificates residing in the hardware security module.
  • Microsoft SQL Server

    Microsoft SQL Server is a powerful relational database that enables organizations to scale operations with confidence, improve IT and developer efficiency, and effectively manage business intelligence on a self-service basis. With SQL Server, enterprises can process large volumes of data in fractions of a second making data mining and near-instant insights easy.

    Thales TCT Luna T-Series HSMs integrates with Microsoft SQL Servers to securely store encryption keys and manage such cryptographic operations as key creation, deletion, SQL encryption, and SQL decryption. Thales TCT HSMs addition allows administrators to store SQL server’s master cryptographic keys within a protected hardware appliance and not on the same software platform where encrypted data is stored. Verifiable audit trails act as a deterrent and serve as evidence that keys are properly managed and secured throughout their entire lifecycle to make demonstrating compliance easier.

    In addition to the Thales TCT Luna Network HSM, the high-assurance Thales TCT Luna PCIe HSM can also be integrated directly in the Microsoft SQL Server.

  • How To Video Series
  • Microsoft 365

    Votiro + Microsoft 365

    Votiro proactively removes malware threats from Office 
    365 email content and attachments, without significantly delaying email delivery. Votiro’s patented Content Disarm and Reconstruction-as-a-Service technology identifies the known-good elements of files, selecting them and moving them to a clean file template in a single, seamless process.

    Learn More


Have an integration question? 

Contact us to learn more about an integration or to inquire about becoming an integration partner. 

Contact Us

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.