Data Encryption

Microsoft Provisioning Framework (MPF) provides encryption of stores for three categories of potentially sensitive data:

Not all MPF data is encrypted. Data is not encrypted for the audit log, Provisioning Queue Manager service, or Client registry key.


The MPF data encryption architecture assumes that the system is secure and that keys will be stored in a safe place. If the configuration database is corrupted or destroyed so that the master key can no longer be retrieved, it will be impossible to access data in the transaction logs. For this reason, it is recommended that MPF installations have backup computers running SQL Server for the configuration database and transaction logs.