Skip to main content
All CollectionsMicrosoft Dynamics 365
Configure Cloud KMS for Microsoft Dynamics 365
Configure Cloud KMS for Microsoft Dynamics 365

This article provides information about AWS KMS accounts to encrypt and decrypt your data.

Updated today

📝NOTE

The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact support.

Overview

To initiate scheduled backups of Microsoft Dynamics 365 data, inSync requires access to the data encryption key (ekey). The ekey encrypts user data before storing it in the inSync Cloud, adhering to Druva's strict digital envelope encryption standards. Druva does not store users' keys or have access to their data.

Enabling Cloud Key Management

By default, Druva requires you to enable the Cloud Key Management feature via the Management Console. This secure feature uses the AWS Key Management System (AWS KMS) to manage the encryption process for SaaS application data.

  1. Data Key Generation: AWS KMS generates a unique Data Key.

  2. Key Encryption: The Data Key encrypts the ekey, which is then securely stored in the Druva Cloud.

  3. Backup Process: During scheduled backups, the encrypted ekey and Data Key are combined to retrieve the original ekey, completing the backup process.

❗ Important

  • The Data Key is rotated every three months after enabling Cloud Key Management.

  • Once enabled, the Cloud Key Management feature cannot be disabled via the Management Console.

  • Druva does not store users' ekeys or have access to their data.

💡TIP

For organizations requiring full control over encryption, Enterprise Key Management (BYOK) offers a secure solution. It allows you to use your AWS KMS keys for encrypting and decrypting data, enhancing Druva's default encryption. This feature is available upon request. To learn more, see Enterprise Key Management for Microsoft Dynamics 365.

AWS KMS Benefits

Druva leverages AWS KMS to ensure secure ekey management and encryption for SaaS application data. Key benefits include:

  1. Fully Managed: A scalable, fully managed encryption service.

  2. Data Encryption: Unique Data Key creation for encrypting data before storage.

  3. Compliance: Certified security and quality controls.

To know more about the AWS KMS benefits, see AWS Cloud Key Management System.

Configure Cloud Key Management

Before you begin, ensure:

  • You have received the confirmation email from Support about the activation of the Cloud Key Management feature for your account.

  • You are logged on to Druva console either as a Cloud administrator or you are managing the users and groups from your administrator account.

Procedure

  1. On the Endpoints/SaaS Apps console, click and select Endpoints & SaaS Apps Settings.

  2. Go to the Key Management tab and click edit.

  3. Select the Enable Cloud Key Management feature checkbox to click Save.

Important

Once you enable the Cloud Key Management from the Management Console, you cannot disable it.

Related Articles
Configure Cloud Key Management
How to Activate Cloud KMS in SaaS Apps Management Console
Enterprise Key Management for Microsoft 365
Enterprise Key Management for Microsoft Entra ID
Enterprise Key Management for Microsoft Dynamics 365
Did this answer your question?