This guide describes how to use Thales nShield HSMs to generate cryptographic keys—known as tenant keys—for use by Microsoft Rights Management services within Windows Azure (Windows Azure RMS).
The guide provides step-by-step instructions on generating tenant keys on-premise and transferring the keys to cloud-based Thales nShield HSMs hosted by Microsoft.
The key generation and transfer process is known as RMS Bring Your Own Key (BYOK). Thales offers a BYOK deployment package, described here. A video illustrating how Thales and Microsoft’s BYOK works can be found here.