Using this screen, you can configure the settings required to use the Double Key Encryption (DKE) capability. To access this screen, go to MIP > Config in PK Endpoint Manager (PEM). Click Edit button to edit the listed properties.
Following is the description of properties:
Define the administrators in this field who can edit or delete the DKE configuration. If this field is left empty, the pre-defined PEM administrator permissions will be enforced for configuration.
Client Cache Time In Hours
This field displays time (in hours) for which Microsoft can use a DKE public key before asking PEM for a new one. The default value is 24. Click the value to edit the interval.
Server Cache Time In Seconds
This field displays the duration (in seconds) for which the server caches the list of DKE keys in memory, after which it must access the current information from the database. The default value is 60. Click the value to edit the interval.
Enter the URL that the environment will be called on. This must match the Application ID URL for the Azure Application registration.
Note: In the Azure App registration, /mds may not have been included on the end of the URL, but it needs to be added here. Example: https://pkwareoperations.pkware.com/mds
An application restart is required on all nodes in the cluster or farm when changes are made to this value.
Enable Encrypt API
Select this checkbox to enable users to encrypt files with DKE labels.
Enable Decrypt API
Select this checkbox to enable users to decrypt files with DKE labels.
Enable Data Security Intelligence logging for encryption
Select this checkbox to enable PK Protect agents to report client log events for DKE encryption in DSI Events panel.
Enable Data Security Intelligence logging for decryption
Select this checkbox to enable PK Protect agents to report client log event for DKE decryption.
Select this checkbox to direct PEM to communicate through a proxy server when connected to the internet.
This field is where the proxy server URL is defined for PEM.