Advanced Security in Exchange is a dual key pair system. Two
Note If you choose to have KMS issue X.509v1 certificates in your organization, an additional key pair for digital signatures will be created. One signature key pair will be used with X.509v1 certificates, and the other signature key pair with X.509v3 certificates.
The user's private encryption key is kept on a Key Management server, which means it can be accessed by KMS administrators. This allows system-wide key recovery, key revocation, and other key management tasks designed to safeguard encrypted data within your organization.
The user's private signature key, however, is stored securely on
the user's computer. This means the user is the only person who can
access their private signature key, preserving the