Create a key for Microsoft 365 DKE
Create a key set for DKE
Create the key set per Creating a Key Set for DKE.
For example, the key set named microsoft-dke was created for the purpose of this integration.
The number of DKE keys in each Key Set is shown on the Key Sets tab, last column in the right.
Create a cloud key for Microsoft 365 DKE
The Microsoft 365 DKE keys are not replicated to Azure. These are stored in the Entrust KeyControl in a separate area alongside the Azure KeyVaults and managed HSMs.
Create a cloud key per Creating a CloudKey for DKE. For example:
-
In the Actions menu select Key Set and Type as shown.
-
In the Details tab of the Create CloudKey window, enter the Name and Description.
-
In the Access tab select which Azure accounts can access the key. Select either Allow all or Specific Tenants. This selection can be changed later, after the key is created.
If specific tenants are specified, only users who authenticate with those tenants can access the key for DKE encryption and decryption. 
-
In the Schedule tab select the rotation schedule.
Key rotation and tag setting behave the same as any other cloud keys. Key deletion moves the key into a Pending Delete state for a chosen period. The key is fully deleted at the end of that period or can be recovered or manually purged earlier. DKE keys can be disabled, and while disabled cannot be used for DKE encryption or decryption. -
Select the key just created and scroll down to see the details. Notice the various tabs.
