Data Encryption

Microsoft Provisioning Framework (MPF) provides encryption of stores for three categories of potentially sensitive data:

• Transaction state in transaction logs - Transactions and rollback data are encrypted if the request XML contains a procedure or lower-level execute node marked with a sensitive attribute. For transaction logs and the configuration database, MPF uses a two-tier symmetric key encryption algorithm that employs the same key for both encrypting and decrypting. In this system, transactions are encrypted with a unique key. Data is stored in a payload containing user information and the state of the transaction, referenced by a transaction ID in the database. In turn, each transaction key is encrypted with a master key generated from a password stored in the configuration database. The encrypted payload and the encrypted transaction key are both stored in the transaction log and referenced by a transaction ID. After the transaction key is decrypted, it is used to decrypt the payload message to extract the user's data.

• Provisioning settings in the Microsoft Windows registry - Provisioning settings are encrypted using the same two-tier symmetric key encryption that is used for transaction state in transaction logs.

• User credentials stored in the configuration database - The Windows registry stores MPF registry keys in \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning. Windows encrypts settings for the Audit and Recovery service, provisioning engine, and queue manager using an encryption key it generates from the account that the component is running under. For example, by default, it encrypts registry settings for provisioning engines using a key generated from MPFServiceAcct.

Not all MPF data is encrypted. Data is not encrypted for the audit log, Provisioning Queue Manager service, or Client registry key.