Contact Us

Microsoft with SafeNet Data Security

About Microsoft

Gemalto and Microsoft work closely to enhance the security of Microsoft solutions. Designed to meet the performance and assurance needs of the most demanding applications, Gemalto offers a full spectrum of encryption technologies for Microsoft applications to secure digital identities, data, communications, and transactions. Microsoft offers several applications that integrate with Gemalto's SafeNet portfolio of crypto management, encryption, and authentication solutions to provide users with powerful data protection solutions.


Microsoft offers several applications that integrate with the SafeNet portfolio of crypto management, encryption, and authentication solutions to provide users with powerful data protection solutions.

For an overview of Gemalto's integrations with Microsoft download the Security Solutions for Microsoft Applications eBook.

Microsoft with SafeNet Data Security

One Microsoft Way
Redmond, Washington 98052-7329
United States
North America

Integrated Application(s):

    Microsoft Windows Logon: Network Access with SafeNet Authentication ServiceCertified Partner Logo

    SafeNet Authentication Service integrates with Microsoft Windows Logon to provide users with a network access solution.

    Resources and Additional Information:

    Microsoft Remote Web Workplace: Virtual Desktop Infrastructure with SafeNet Authentication ServiceCertified Partner Logo
    SafeNet Authentication Service integrates with Microsoft Remote Web Workplace to provide users with a virtual desktop infrastructure solution.

    Microsoft Identity LifeCycle Manager: IAM with SafeNet Enterprise HSMCertified Partner Logo
    SafeNet Enterprise HSM (formerly Luna SA) integrates with Microsoft Identity LifeCycle Manager to provide users with an IAM solution.

    Microsoft File Servers: Storage and Archive with SafeNet StorageSecure
    SafeNet StorageSecure integrates with Microsoft File Servers to provide users with a storage and archive solution.

    Microsoft Certificate Enrollment: Certificate Services with SafeNet Hardware Security Modules
    SafeNet PCI-E and SafeNet Enterprise (formerly Luna PCI and Luna SA) HSMs both integrate with Microsoft Certificate Enrollment to provide users with certificate services solutions.

    Microsoft Solutions: Identity Verification and SafeNet Authentication Solutions

     Gemalto's SafeNet portfolio of authentication solutions provide front-end identity verification for a number of Microsoft products. 

    Organizations have a wide variety of authentication options that address the challenges posed by workforce mobility and password proliferation. SafeNet authentication solutions offer flexible service delivery that simplifies implementation and management. Automated processes significantly reduce the time and cost of provisioning, administering, and managing users and tokens compared to traditional authentication models.

    SafeNet authentication solutions secure access to the following Microsoft products:  

    Active Directory Certificate Services 
    Active Directory Rights Management Services
    Active Directory Federated Services
    Forefront Identity Manager
    Forefront Threat Management Gateway
    Forefront Unified Access Gateway
    Internet Authentication Service (IAS)
    Internet Information Services (IIS)
    Internet Security and Acceleration Server 2006 (ISA)
    Online Certificate Status Protocol (OCSP)
    Office 365
    Outlook Web Access
    Remote Web Workplace
    RD Web Access (RDWeb, formerly TSWeb)
    SQL Server 2008
    Windows 2008R2 SSTP (Secure Socket Tunneling Protocol)
    Windows Logon
    Windows Storage Servers  


    Microsoft Office 365: Identity Verification and SafeNet Authentication SolutionsCertified Partner Logo

    Microsoft Office 365 delivers standard Office applications and files directly from the cloud for flexible yet reliable access to the applications that enterprises depend on. With Office 365, users’ applications and files are persistently available whether the user is offline at their desk, online, or on a mobile device. Office 365 supports both Windows and Mac operating systems.

    SafeNet authentication solutions seamlessly integrate so organizations can leverage Office 365’s flexibility while significantly reducing the risk of unauthorized access to corporate resources stored or run in the cloud. Using the Microsoft Active Directory Federation Services (AD FS), SafeNet Authentication hardens access to Office 365 by adding a second layer of identity verification to ensure that only authorized users gain entry to protected applications. If AD FS is used for multiple cloud applications, SafeNet authentication solutions can unify authentication policies for the entire IT environment making identity verification easy across the entire enterprise.

    Resources and Additional Information:


    SafeNet Authentication Service and Microsoft Office365 Solution Brief 

    Protecting Microsoft Office365 with SafeNet Authentication Service Integration Guide

    Using SAC with CBA for Office 365

    Windows Storage Servers: Data at Rest Encryption and SafeNet StorageSecure

    Windows Server is a storage platform specifically optimized for use with network attached storage (NAS) devices. Virtualization capabilities, iSCSI support, thin provisioning, and comprehensive management tools are all part of the rich feature set that make Windows Server ideal for enterprise-level operations. With Windows Server, organizations can leverage inexpensive storage to create highly available, robust, and high performing storage solutions tailored to their needs.

    Gemalto's SafeNet StorageSecure integrates with Windows Servers to secure data at rest. The SafeNet StorageSecure encryption appliance sits in the network between clients and Windows Servers to apply 256-bit AES encryption according to predefined security policies. All existing storage management applications and tools continue to operate as intended; in SafeNet StorageSecure protected environments, customers see no change in the user experience.

    SafeNet StorageSecure can use Microsoft Active Directory’s identity services to establish granular role administration. This feature allows administrators to separate duties among teams so employees can maintain the storage infrastructure without having access to cleartext data.

    Resources and Additional Information

    Online Certificate Status Protocol: Certificate Services and SafeNet Enterprise HSMCertified Partner Logo
    Microsoft Online Certificate Status Protocol (OCSP) is used to validate a certificate’s status in real-time. Using OCSP, administrators manage and distribute revocation status information on certificates in PKI environments. OCSP integrates with SafeNet Enterprise (formerly Luna SA) HSM to verify, and revoke if necessary, certificates residing in the hardware security module.

    Authenticode: Code Signing and SafeNet Enterprise and SafeNet PCI-E HSMsCertified Partner Logo

    Microsoft Authenticode permits end users to verify the authenticity of software code before downloading it from the Internet. Authenticode relies on the use of private keys to sign and time-stamp software during publication.

    SafeNet Enterprise/SafeNet PCI-E (formerly Luna SA and Luna PCI) HSMs integrate with Authenticode to secure the cryptographic materials that sign code and prove authenticity of authorship. SafeNet Enterprise HSM’s FIPS 140-2 Level 3 tamperproof appliance preserves the integrity of code-signing operations by ensuring that the cryptographic materials used in the signing process remain secure.

    Resources and Additional Information:

    SharePoint: Web Services and SafeNet Data ProtectionCertified Partner Logo

    SharePoint is a collaboration and file sharing platform that facilitates content management and communication throughout an enterprise. Available as an on premises deployment or as a hosted service, SharePoint offers flexible deployments to match the needs of small and large scale enterprises alike. The ability to consolidate resources from disparate collaboration solutions onto SharePoint makes it possible for administrators to reduce training and maintenance expenses while also increasing IT productivity.

    For organizations needing to secure SharePoint deployments, SafeNet Enterprise (formerly Luna SA) HSM can serve as the trusted root for the encryption features offered by Microsoft Active Directory Rights Management Services (AD RMS), Microsoft SQL Server, and Microsoft Internet Information Services (IIS). Despite the use of multiple Microsoft encryption solutions, a single SafeNet Enterprise HSM can store keys from the disparate deployments to provide a security foundation to data in use, at rest and in transit.Microsoft integrates with both SafeNet Luna SA and SafeNet Authentication Service to provide users with a web services solution.

    In addition to storing encryption keys, SafeNet Enterprise HSM improves overall performance by offloading resource intensive SSL operations from the IIS server. This added benefit ensures that administrators need not choose between performance and security when protecting network communications.

    Additional Resources 

    Forefront Threat Management Gateway: SSL Key Storage and SafeNet PCI-E HSMCertified Partner Logo

    Microsoft Forefront Threat Management Gateway (TMG) is a secure web gateway that unifies multiple layers of security into an easy-to-use solution that protects against advanced web-based threats. Forefront TMG inspects web traffic at the network, application, and content layers so users can safely and productively use network resources without worrying about persistent threats.

    Beyond its ability to monitor web traffic for viruses and malware, it can serve as a firewall and VPN to secure access to internal resources. An SSL feature set secures internal communications through encryption so sensitive enterprise resources remain visible only to authorized users. TMG can be deployed either as a stand-alone server to deliver maximum performance, or as a virtualized machine combined with other applications to reduce capital investments.

    SafeNet PCI-E HSMs by Gemalto integrate with Forefront TMG to secure SSL transactions by storing master SSL private key in a FIPS 140-2 Level 3 tamper-proof hardware appliance. The SafeNet PCI-E HSM integration also significantly improves server performance by offloading resource intensive cryptographic operations to the purpose-built encryption appliance.

    Microsoft Active Rights Management Services Rights Management with SafeNet Enterprise HSMCertified Partner Logo

    Active Directory Rights Management Services (AD RMS) is an information protection server that safeguards digital information from unauthorized use. Through the use of encryption, content owners using AD RMS can define which users have access to and can take actions on their content (for example Word documents, email, web pages, etc.).

    Its close integration with Active Directory identity management tools make it easy to assign access privileges to users in an organization. Additionally, usage policies travel with the files so access controls remain in place regardless of the file’s location. AD RMS secures files from a wide range of products including Microsoft Office, SharePoint, Exchange Server, Internet Explorer and Internet Information Services (IIS).

     AD RMS users can deploy Gemalto's SafeNet Enterprise HSM (formerly Luna SA) to securely store the encryption keys used in protecting digital content. Keeping RMS encryption keys in SafeNet Enterprise HSM's tamper-proof appliance means that only authorized users will ever have access to the keys necessary for accessing secured digital content. 

    Since master encryption keys never leave the appliance, only authorized users can get the keys they need to decrypt RMS protected files. SafeNet Enterprise HSM preserves the security of secured files by keeping the keys necessary for properly accessing data out of harm's way. SafeNet Enterprise HSM by Gemalto  integrates well with Microsoft Active Directory Rights Management Services to provide users with rights management and IAM solutions.

    Additional Resources

    Active Directory Certificate Services: Certificate Storage with SafeNet Enterprise HSMCertified Partner Logo

    Microsoft Active Directory Certificate Services (AD CS) is a management tool for the administration of cryptographic materials used in public key infrastructures (PKI). More specifically, AD CS is the service that provides the core functionality for Windows Server’s certification authority (CA). Certificates enhance security by assigning the identity of a person, device, or service to a specific private key to ensure proper identity verification during sensitive cryptographic transactions. For organizations that rely on PKI, AD CS offers a cost-effective, efficient, secure way to manage the distribution and use of these certificates.

    Fundamental to the integrity of this infrastructure is the CA’s root cryptographic signing key, which is used to sign the public keys of certificate holders and its own public key. The compromise of a CA’s root key either by malicious intent or by accident can have catastrophic consequences. Best practice dictates that this root-signing key be diligently stored in a tamper-proof hardware security module (HSM).

    Organizations that use AD CS in their infrastructure can store their encryption keys and certificates in Gemalto's SafeNet Enterprise (formerly Luna SA) hardware security modules.

    In addition, certificates issued by AD CS can also be provisioned to Gemalto's SafeNet smart card authentication tokens for certificate-based authentication, and managed in SafeNet Authentication Manager.

    Additional Resources:

Back to Partner Search
Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  

By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.