banner

Thales Partners

Microsoft

Microsoft

Ensuring a high level of satisfaction among our customers and partners is a core component of business at Microsoft. Thales and Microsoft work closely to enhance the security of Microsoft solutions. Designed to meet the performance and assurance needs of the most demanding applications, Thales offers a full spectrum of encryption technologies for Microsoft applications to secure digital identities, data, communications, and transactions.

 

Partner of the Year Winner
MISA member

Microsoft 365

Double Key Encryption

Protect your most sensitive data while maintaining full control and ownership of your encryption keys outside of the Azure cloud. The solution uses two keys to protect data. One key is created and managed securely by you in a FIPS 140-2 Level 3 Luna HSM and another one created and held by Microsoft in Azure. DKE requires both keys to access protected data, ensuring that Microsoft and other third parties never have access to the protected data on their own. This enhanced data protection capability enables Microsoft customers to benefit from the full power of Microsoft 365 collaboration and productivity tools while protecting sensitive data and meeting data privacy regulations and requirements.

  • Additional security using two keys: one created and held by Microsoft in Azure, and another created and held outside of Azure by the customer
  • Uses Luna HSMs to provide enhanced control over access to encrypted data and key lifecycles and is the best-suited solution for highly sensitive data that requires additional protection Read our product brief to learn more about the Luna Key Broker for Microsoft Double Key Encryption.

Visit the solutions page to learn more about Luna Key Broker for Microsoft DKE.

Microsoft Azure

Thales offers encryption management solutions based upon Thales Luna HSMs to secure and protect your data regardless of its location. With Thales, you have the flexibility to leverage cloud services, the ability to both own and control your encryption keys, and/or reduce the risk of unauthorized data access or data loss.

Bring Your Own Key (BYOK):

  • Tenant root keys generated by the customer
  • Create encryption keys in your own environment and then securely bring those HSM protected keys (BYOK) directly into Azure Key Vault for use
  • CipherTrust Cloud Key Manager from Thales combines support for cloud provider BYOK APIs with corresponding services supporting HYOK, cloud key management automation, and key usage logging and reporting, to provide cloud consumers with a cloud key management services that delivers strong controls over encryption key life cycles for data encrypted by cloud services. 

Keys Generated by Microsoft:

  • Tenant root keys generated by Microsoft
  • Both key generation and lifecycle control rest solely with Microsoft
  • CipherTrust Cloud Key Manager from Thales combines support for cloud provider BYOK APIs with corresponding services supporting HYOK, cloud key management automation, and key usage logging and reporting, to provide cloud consumers with a cloud key management services that delivers strong controls over encryption key life cycles for data encrypted by cloud services. 

Thales CipherTrust Application Data Protection integrates via API with applications running in the Azure cloud to secure data as it is created. Once encrypted by, CipherTrust Application Data Protection application data is kept safe across its entire lifecycle, no matter where it is transferred, backed up, or copied to or within Microsoft Azure.

Using CipherTrust Application Data Protection application encryption, organizations can secure both structured and unstructured data residing on-premises or in the Azure cloud. Additional granular access controls ensure that only authorized users or applications can view secured data wherever it is backed up, transferred or archived. The combination of application encryption and policy-based access controls isolates sensitive data in multi-tenant cloud environments, and mitigates privileged insider risks posed by any Azure administrator.

Backed byThales CipherTrust Cloud Key Manager for key and policy management, Thales CipherTrust Application Data Protection users can produce all of the audit trails, logs and reports they need to demonstrate their regulatory compliance as they benefit from using Microsoft Azure.

Thales CipherTrust Tokenization protects sensitive information in applications running in Azure by replacing it with a surrogate value that preserves the length and format of the data. CipherTrust Tokenizationcan be used to protect primary account numbers (PAN), as well as other sensitive data such as personal identifiable information (PII) and protected health information (PHI) residing in databases on Microsoft Azure. Straightforward to integrate, Thales Tokenization does not require any changes to applications or databases running in the cloud in order to secure data. And, Granular access controls give organizations the ability to tailor access to sensitive data and tokens to ensure only that authorized users or applications can view the data in cleartext.

Backed by Thales CipherTrust Manager for key and policy management, Thales Tokenization users can produce all of the audit trails, logs and reports they need to demonstrate their regulatory compliance as they benefit from using Microsoft Azure.
 
Thales CipherTrust Database Protection encrypts sensitive data such as credit card numbers, social security numbers, and passwords at the column-level in databases running on Microsoft Azure – all without changing the database’s architecture.

With Thales CipherTrust Database Protection database encryption, organizations can define access to sensitive encrypted data according to role, user, time of day, or other variables. Granular access controls limit data access according to job responsibilities and prevent database administrators (DBAs) from impersonating other users with the appropriate access privileges to sensitive data. In addition, CipherTrust Database Protection provides built-in and automated key rotation and data re-keying, and comprehensive logging and auditing.

Backed by Thales CipherTrust Manager for key and policy management, Thales CipherTrust Database Protection users can produce all of the audit trails, logs and reports they need to demonstrate their regulatory compliance as they benefit from using Microsoft Azure. 

Thales CipherTrust Transparent Encryption Suite provides transparent and automated file-level encryption to secure sensitive and highly-regulated data on virtual machine instances running in the Azure cloud. With ThalesCipherTrust Transparent Encryption Suite, organizations can securely use the cloud to store such unstructured data as credit card numbers, personal information, logs, passwords, configurations, and more in a broad range of files, including word processing documents, spreadsheets, images, database files, exports, archives, and backups, and big data implementations.

File encryption separates administrative duties to ensure that data is isolated from Microsoft Azure administrators, other tenants, and any unauthorized parties. Granular access controls ensure that only authorized users or processes can view encrypted data wherever it resides – in backup, archive or even in a third-party cloud.

Host Guardian Service key storage: For the strongest possible security, we recommend that HGS keys are created and stored exclusively in a Hardware Security Module (HSM). If you are not using HSMs, applying BitLocker on the HGS servers is strongly recommended.

Resources and Additional Information

Luna Azure

Thales Luna HSM Encryption Strategies for Microsoft Azure Solution Brief

BYOK

Microsoft Azure Key Vault BYOK with Thales Luna HSM Integration Guide

hosters

Guarded Fabric and Shielded VM Planning Guide for Hosters

Microsoft Azure Stack

Microsoft Azure Stack enables customers to extend Azure services and capabilities to their environment of choice - from the data center to edge locations and remote offices. With Azure Stack HCI, customers can run their production workloads anywhere on hybrid, familiar hyper-converged infrastructure. Thales solutions validated for use with Microsoft Azure Stack HCI/Hub include:

Microsoft Infrastructure - Servers

Active Directory Federation Services (AD FS) is a tool installed on Windows servers that provides users throughout an enterprise with single sign-on (SSO) access to network and cloud-based resources. AD FS verifies user identities based on an exchange of private and secure information generated from a variety of authentication technologies–including certificate-based authentication, OTP, OOB, and pattern-based authentication–generated from a wide variety of form factors, such as hardware, software, or mobile tokens. When users authenticate to AD FS, they need only sign in once to then receive access to multiple web applications over the life of a single online session.

Thales Luna HSMs integrate with AD FS to secure the token signing and certificate private keys. Preserving the token signing and certificate keys in Luna HSM, organizations preserve the integrity of the authentication transaction. Since these materials never leave the hardware appliance, unauthorized users never have access to the materials they would need to steal to impersonate an authorized user. When Luna HSMs serve as the secure root of the SSO infrastructure, organizations can rest assured that identity verification transactions will be uncompromised.

Resources and Additional Information

ADFS

Microsoft Active Directory Federation Services (ADFS) with Thales Luna HSMs - Integration Guide

 

 

Active Directory Rights Management Services (AD RMS) is an information protection server that safeguards digital information from unauthorized use. Through the use of encryption, content owners using AD RMS can define which users have access to and can take actions on their content (for example Word documents, email, web pages, etc.).

Its close integration with Active Directory identity management tools make it easy to assign access privileges to users in an organization. Additionally, usage policies travel with the files so access controls remain in place regardless of the file’s location. AD RMS secures files from a wide range of products including Microsoft Office, SharePoint, Exchange Server, Internet Explorer and Internet Information Services (IIS).

 AD RMS users can deploy Thales Luna HSMs to securely store the encryption keys used in protecting digital content. Keeping RMS encryption keys in Luna HSM's tamper-proof appliance means that only authorized users will ever have access to the keys necessary for accessing secured digital content. 

Resources and Additional Information

ADRM

Active Directory Rights Management Services with Thales Luna HSM Integration Guide

 

 

Active Directory Certificate Services (ADCS) is a management tool for the administration of cryptographic materials used in public key infrastructures (PKI). More specifically, ADCS is the service that provides the core functionality for Windows Server’s certification authority (CA). Certificates enhance security by assigning the identity of a person, device, or service to a specific private key to ensure proper identity verification during sensitive cryptographic transactions. For organizations that rely on PKI, ADCS offers a cost-effective, efficient, secure way to manage the distribution and use of these certificates.

Fundamental to the integrity of this infrastructure is the CA’s root cryptographic signing key, which is used to sign the public keys of certificate holders and its own public key. The compromise of a CA’s root key either by malicious intent or by accident can have catastrophic consequences. Best practice dictates that this root-signing key be diligently stored in a tamper-proof hardware security module (HSM).

Organizations that use AD CS in their infrastructure can store their encryption keys and certificates in Thales Luna HSM and Thales Luna Cloud HSM Services.

Resources and Additional Information

Thales Luna Hardware Security Solutions for Microsoft Certificate Services Thales Luna Hardware Security Solutions for Microsoft Certificate Services - Solution Brief

Microsoft ADCS IG

Microsoft Active Directory Certificate Services with Thales Luna HSMs Integration Guide

Microsoft ADCS Cloud

Microsoft Active Directory Certificate Services with Luna Cloud HSM Service - Integration Guide

Microsoft ADCS Cloud

Microsoft NDES with Luna HSMs - Integration Guide
 

Microsoft Authenticode permits end users to verify the authenticity of software code before downloading it from the Internet. Authenticode relies on the use of private keys to sign and time-stamp software during publication.

Thales Luna HSM and Thales Luna Cloud HSM service integrate with Authenticode to secure the cryptographic materials that sign code and prove authenticity of authorship. Luna HSM’s FIPS 140-2 Level 3 tamperproof appliance preserves the integrity of code-signing operations by ensuring that the cryptographic materials used in the signing process remain secure.

Resources and Additional Information

Guardian

Microsoft Authenticode and Thales Luna HSM and Thales Luna Cloud HSM service Integration Guide

 

 

Microsoft Certificate Enrollment: Thales Luna PCIe HSM and Thales Luna Network HSM both integrate with Microsoft Certificate Enrollment to provide users with certificate services solutions.

 

 

The Host Guardian Service (HGS) is a server role introduced in Windows Server 2016 for configuring guarded hosts and running shielded VMs (shielded virtual machines) in Windows Server and System Center Virtual Machine Manager.

The Host Guardian Service Role specifically provides Attestation and Key Protection services that are needed to enable Hyper-V to run Shielded VMs. The Attestation services validate a Hyper-V host as a "guarded host", which then enables the Key Protection service to provide the transport key required to unlock and subsequently run Shielded VMs.

The Host Guardian Service serves as a critical security component in protecting the transport key, and works in conjunction with other Windows Server 2016 components to ensure high security levels for Shielded VMs.

Resources and Additional Information

Guardian

Microsoft Host Guardian Service (HGS) with Thales Luna HSM and Thales Luna Cloud HSM service Integration Guide

 

 

Thales is a member of the Microsoft Developer Program, ensuring Thales is up-to-date with new Microsoft operating system releases. Vormetric Data Security supports all Microsoft 2008/2012 operating system platforms.

 

 

Microsoft Online Certificate Status Protocol (OCSP) is used to validate a certificate’s status in real-time. Using OCSP, administrators manage and distribute revocation status information on certificates in PKI environments. OCSP integrates with Thales Luna HSM and Thales Luna Cloud HSM service to verify, and revoke if necessary, certificates residing in the hardware security module.

Resources and Additional Information

OCSP

Microsoft OCSP and Thales Luna HSM and Thales Luna Cloud HSM service Integration Guide

 

 

SharePoint is a collaboration and file sharing platform that facilitates content management and communication throughout an enterprise. Available as an on premises deployment or as a hosted service, SharePoint offers flexible deployments to match the needs of small and large scale enterprises alike. The ability to consolidate resources from disparate collaboration solutions onto SharePoint makes it possible for administrators to reduce training and maintenance expenses while also increasing IT productivity.

For organizations needing to secure SharePoint deployments, Thales Luna HSM can serve as the trusted root for the encryption features offered by Microsoft Active Directory Rights Management Services (AD RMS), Microsoft SQL Server, and Microsoft Internet Information Services (IIS). Despite the use of multiple Microsoft encryption solutions, a single Thales HSM can store keys from the disparate deployments to provide a security foundation to data in use, at rest and in transit. Microsoft integrates with both Thales Luna Luna HSM and SafeNet Trusted Access to provide users with a web services solution.

In addition to storing encryption keys, Thales Luna Network HSM improves overall performance by offloading resource-intensive SSL operations from the IIS server. This added benefit ensures that administrators need not choose between performance and security when protecting network communications.

Additional Resources

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

Microsoft SQL Server is a powerful relational database that enables organizations to scale operations with confidence, improve IT and developer efficiency, and effectively manage business intelligence on a self-service basis. With SQL Server, enterprises can process large volumes of data in fractions of a second making data mining and near-instant insights easy.

Thales HSMs integrates with Microsoft SQL Servers to securely store encryption keys and manage such cryptographic operations as key creation, deletion, SQL encryption, and SQL decryption. Thales HSMs addition allows administrators to store SQL server’s master cryptographic keys within a protected hardware appliance and not on the same software platform where encrypted data is stored. Verifiable audit trails act as a deterrent and serve as evidence that keys are properly managed and secured throughout their entire lifecycle to make demonstrating compliance easier.

In addition to the Thales Luna Network HSM, the high-assurance Thales Luna PCIe HSM can also be integrated directly in the Microsoft SQL Server.

Thales KeySecure encryption platform secures SQL Server databases through granular field or column-level encryption. The appliance’s high-performance cryptographic processing allows administrators to offload critical encryption tasks so security efforts do not impact database operations. Large enterprises with disparate encryption systems can also employ Thales KeySecure as an external key manager and storage device for third-party encryption offerings. Consequently, organizations employing SQL Server’s encryption capabilities can store those cryptographic keys, as well as keys for other encryption products, on the appliance. Thales KeySecure maximizes overall security and streamlines security administration to help ensure organizations are compliant with a range of security best practices and regulations.

Resources and Additional Information

SQL Server

Microsoft SQL Server and Thales Luna HSM and Thales Luna Cloud HSM service Integration Guide

 

SQL Server

Microsoft SQL Server Always Encrypted Integration Guide

 

 

The Windows Hardware Lab Kit (Windows HLK) is a test automation framework provided by Microsoft to certify devices for Windows. Microsoft's Windows Certification Program, lays out procedures for submitting hardware and software modules, including drivers, for Microsoft quality assurance tests. Passing the tests qualifies the hardware/software for Microsoft certification, which verifies both the driver provider's authenticity and the driver's safety and functionality.

To digitally sign and certify a device driver, a Windows Hardware Lab Kit (HLK) package, which includes the driver and the related hardware, should be submitted to the Windows Certification Program for testing, using the Windows Dev Center Hardware Dashboard Services (the Hardware Dashboard).

Thales Luna HSM is used to secure the package signing keys.

Additional Resources

Windows HLK

Windows HLK and Thales Luna HSM Integration Guide

 

 

 

Microsoft Misc. - Legacy

Microsoft® Identity Manager (MIM) is an identity management system that allows administrators to centrally manage identities and credentials across an enterprise in order to streamline administration and facilitate the enforcement of corporate policies.

Close integration with Microsoft Active Directory and Exchange Server means administrators can effectively manage credentials from a central point so that it is easier to ensure that only appropriate users have access to sensitive materials. Additionally, detailed auditing capabilities, automated full lifecycle identity administration and self-service features combine to reduce the amount of time spent on help desk calls and audit reporting. Thales HSMs and authentication solutions integrate with FIM to enhance the security operations involved in verifying and managing enterprise identities.

Thales Luna HSMs integrate to protect the private keys and certificates that are assigned to users to verify their identities. When administrators store these materials in a FIPS 140-2 Level 3-validated tamper-proof HSM, they ensure that the materials are never exposed outside of the HSM and are always protected from unauthorized users.

By building the MIM certificate management infrastructure with the Luna HSM as the secured root, administrators ensure the integrity of all of their identity verification transactions.

Resources and Additional Information

MIM

Microsoft Identity Manager (MIM) with Thales Luna HSM Integration Guide

 

 

Microsoft Forefront Threat Management Gateway (TMG) is a secure web gateway that unifies multiple layers of security into an easy-to-use solution that protects against advanced web-based threats. Forefront TMG inspects web traffic at the network, application, and content layers so users can safely and productively use network resources without worrying about persistent threats.

Beyond its ability to monitor web traffic for viruses and malware, it can serve as a firewall and VPN to secure access to internal resources. An SSL feature set secures internal communications through encryption so sensitive enterprise resources remain visible only to authorized users. TMG can be deployed either as a stand-alone server to deliver the maximum performance or as a virtualized machine combined with other applications to reduce capital investments.

Thales Luna PCIe HSMs integrate with Forefront TMG to secure SSL transactions by storing master SSL private key in a FIPS 140-2 Level 3 tamper-proof hardware appliance. The Thales Luna PCIe HSM integration also significantly improves server performance by offloading resource-intensive cryptographic operations to the purpose-built encryption appliance.

 

 

Microsoft Forefront Unified Access Gateway (UAG) provides secure remote access to corporate networks for employees, partners, and customers. UAG uses Secure Socket Layer (SSL), Virtual Private Network (VPN), Web application firewalls, and secure endpoint management to securely deliver web-based enterprise applications. Using UAG, enterprise applications are securely available to authorized users from anywhere.

Thales Luna Network HSMs integrates to store the certificates and encryption keys at the heart of UAG’s SSL transactions. With Thales HSMs as the root of trust, organizations can securely send data and deliver applications through protected SSL tunnels. Data is encrypted before it travels and the keys necessary to decrypt it never leave the hardware appliance thus eliminating the possibility that data will be intercepted while in cleartext.

Microsoft IAM

Microsoft Active Directory Federation Services (AD FS) is a tool installed on Windows servers that provides users throughout an enterprise with single sign-on (SSO) access to network and cloud-based resources. AD FS verifies user identities based on an exchange of private and secure information generated from a variety of authentication technologies–including certificate-based authentication, OTP, OOB, and pattern-based authentication–generated from a wide variety of form factors, such as hardware, software, or mobile tokens. When users authenticate to AD FS, they need only sign in once to then receive access to multiple web applications over the life of a single online session.

Thales authentication solutions integrate with AD FS, enabling organizations to implement strong authentication for AD FS supported clients and web-based applications, such as Office 365. Acting as the trusted identity provider, the SafeNet portfolio of authentication solutions extend Active Directory identities to AD FS-supported environments. Thales solutions provide a wide range of authentication methods. Additionally, SafeNet authentication solutions integrate with the Thales AD FS agent to provide the authentication mechanism for its SSO features. Through the AD FS agent, organizations can implement strong authentication policies for AD FS supported clients and web-based applications.

Resources and Additional Information

Microsoft Active Directory Federation Services Integration Guide

 

 

Thales Trusted Access integrates with Microsoft Active Directory Lightweight Directory Services to provide users with an effective network access solution.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Application Request Routing (ARR) is an extension to Internet Information Server (IIS), which enables an IIS server to function as a load balancer.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resource and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Access Control Service or Windows Azure Access Control Service is a Microsoft-owned cloud-based service that provides an easy way of authenticating and authorizing users to gain access to web applications and services, while allowing the features of authentication and authorization to be factored out of the application code.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Microsoft Azure RemoteApp helps employees stay productive anywhere, and on a variety of devices—Windows, Mac OS X, iOS, or Android. Your company’s applications run on Windows Server in the Azure cloud, where they’re easier to scale and update. Employees install Microsoft Remote Desktop clients on their Internet-connected laptop, tablet, or phone and then can access applications as if they are running locally.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

SafeNet Authentication Solutions integrates with Microsoft Azure Virtual Desktop Infrastructure to provide users with a virtual desktop infrastructure solution.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

 

SafeNet Authentication Client (SAC) is a public key infrastructure (PKI) middleware that provides a secure method for exchanging information based on public key cryptography, enabling trusted third-party verification of user identities.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

SAC using CBA for MS Azure AD

 

 

SafeNet Authentication Client integrates with Microsoft BitLocker to provide users with a file and disk encryption solution.

Resources and Additional Information

Using SafeNet Authentication Client CBA for BitLocker

 

 

Windows Defender Credential Guard uses virtualization-based security to isolate and protect secrets (e.g., NTLM password hashes and Kerberos ticket-granting tickets) to block pass-the-hash or pass-the-ticket (PtH) attacks. 

Resource and Additional Information

SafeNet Authentication Client (SAC) is a public key infrastructure (PKI) middleware that provides a secure method for exchanging information based on public key cryptography, enabling trusted third-party verification of user identities. 

Using SafeNet Authentication Client with Windows Defender Credential Guard

 

 

Dynamics CRM is the customer relationship management software developed by Microsoft. Out of the box, the product focuses mainly on sales, marketing, and service (helpdesk) sectors.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Microsoft® Forefront Identity Manager (FIM) is an identity management system that allows administrators to centrally manage identities and credentials across an enterprise in order to streamline administration and facilitate the enforcement of corporate policies. Close integration with Microsoft Active Directory and Exchange Server means administrators can effectively manage credentials from a central point so that it is easier to ensure that only appropriate users have access to sensitive materials. 

Additionally, detailed auditing capabilities, automated full lifecycle identity administration and self-service features combine to reduce the amount of time spent on help desk calls and audit reporting. Thales HSMs and authentication solutions integrate with FIM to enhance the security operations involved in verifying and managing enterprise identities.

Thales authenticators enable FIM users to store or create private digital credentials inside a number of form factors ranging from tokens to smartcards for easy, secure and portable authentication. 

From the central FIM console, administrators can provision, update and de-provision the authenticators used in their enterprise. Thales wide range of form factor support (including authenticators from third parties), coupled with FIM’s centralized identity management tools significantly reduces the complexity and expense of implementing and managing multi-factor authentication. Thales integration strengthens an enterprise's identity verification processes to ensure that only authorized users have access to sensitive enterprise materials.

Additional Resources

SAC Certificate-based Authentication on Microsoft FIM CM 2010 R2

 

 

Microsoft Forefront Unified Access Gateway (UAG) provides secure remote access to corporate networks for employees, partners, and customers. UAG uses Secure Socket Layer (SSL), Virtual Private Network (VPN), Web application firewalls, and secure endpoint management to securely deliver web-based enterprise applications. Using UAG, enterprise applications are securely available to authorized users from anywhere.    

SafeNet Trusted Access integrates to verify user identities as they log on to enterprise networks via UAG. By adding SafeNet’s multifactor authentication, enterprises strengthen VPN security ensuring that only authorized users gain access to private networks. Additionally, SafeNet Trusted Access simplifies ongoing administration of the authentication infrastructure for improved efficiency.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

 

 

SafeNet Trusted Access integrates with Microsoft Internet Authentication Service/Network Policy Server to provide users with a network access solution.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Additional Resources:

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

Agent Configuration Guide for Microsoft IAS and NPS

 

 

SafeNet Trusted Access integrates with Microsoft Internet Security and Acceleration and Outlook Web Access to provide users with a remote access solution.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Additional Resources

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Internet Security and Acceleration (ISA) Server 2006 are to be used in conjunction with Outlook Web Access (OWA) 2007 to view e-mail via web browser authenticating against STA, using SafeNet tokens.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

DirectAccess is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. 

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

SafeNet Authentication Client (SAC) is a PKI middleware application that provides a secure method for exchanging information based on public-key cryptography, enabling trusted third-party verification of user identities.  

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

SAC Using CBA for Microsoft DirectAccess 

 

 

Microsoft Office 365 delivers standard Office applications and files directly from the cloud for flexible yet reliable access to the applications that enterprises depend on. With Office 365, users’ applications and files are persistently available whether the user is offline at their desk, online, or on a mobile device. Office 365 supports both Windows and Mac operating systems.

SafeNet authentication solutions seamlessly integrate so organizations can leverage Office 365’s flexibility while significantly reducing the risk of unauthorized access to corporate resources stored or run in the cloud. Using the Microsoft Active Directory Federation Services (AD FS), SafeNet Authentication hardens access to Office 365 by adding a second layer of identity verification to ensure that only authorized users gain entry to protected applications. If AD FS is used for multiple cloud applications, SafeNet authentication solutions can unify authentication policies for the entire IT environment making identity verification easy across the entire enterprise.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

SafeNet Authentication Client (SAC) is a public key infrastructure (PKI) middleware that provides a secure method for exchanging information based on public key cryptography, enabling trusted third-party verification of user identities.

Resources and Additional Information:

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

Implementing authentication and access controls for office 365

 

 

Microsoft Office 365 ProPlus is a productivity software (including Word, PowerPoint, Excel, Outlook, OneNote, Publisher, Access, and Lync) that is installed on your desktop or laptop computer. It is a user-based service that allows users to access Office experiences on up to five PCs or Macs, and on their mobile devices.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

SafeNet Authentication Client (SAC) is a PKI middleware application that provides a secure method for exchanging information based on public-key cryptography, enabling trusted third-party verification of user identities.  

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA). 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

SAC Using CBA for Office 365 ProPlus

 

 

SafeNet Authentication Service and SafeNet Authentication Manager both integrates with Microsoft Outlook Web Access to provide users with a virtual desktop infrastructure solution.

Resources and Additional Information:

SafeNet Authentication Solutions for Microsoft Office Web Access Integration Guide

 

 

Outlook on the web (formerly known as Outlook Web App or Outlook Web Access) is a browser-based email client. Outlook on the web lets you access your Microsoft Exchange Server mailbox from almost any web browser. 

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Web Application Proxy is a role service of the Remote Access server role in Windows Server® 2012 R2. Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access your web applications from outside the corporate network.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Microsoft Routing and Remote Access service (RRAS)  is a software router and an open platform for routing and networking. Its routing services can be used by organizations in local area network (LAN) and wide area network (WAN) environments or over the Internet by using secure VPN connections. Routing is used for multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT) routing services.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

SafeNet Authentication Client integrates with Microsoft Putty to provide users with a remote access solution.

Resources and Additional Information:

SafeNet Authentication Client Integration Guide Using SAC with Putty-CAC

 

 

SafeNet Trusted Access integrates with Microsoft Remote Web Workplace to provide users with a virtual desktop infrastructure solution.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

SafeNet Authentication Client (SAC) integrates MS Windows 10 to provide users with network access solution.

 

 

SafeNet Trusted Access integrates with Microsoft Windows Logon to provide users with a network access solution.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information:

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

Agent Configuration Guide for Microsoft Windows Logon