Case Study: Fujitsu achieves secure Microsoft CA root-key protection and a scalable managed PKI service with Thales OneWelcome

Fujitsu New Managed Service Uses Thales Data Protection On Demand to Secure Microsoft Certificate Authority

Fujitsu faced growing demand from customers—particularly in regulated industries like healthcare—to strengthen Microsoft Certificate Authority (CA) infrastructures and protect signing keys that underpin PKI and sensitive personal data. To address a European pharmaceutical client’s need for stronger key management and regulatory compliance without large capital expenditure, Fujitsu partnered with Thales OneWelcome and introduced Thales Data Protection On Demand (DPoD) — HSM On Demand for Microsoft ADCS — as the root of trust for Microsoft CA signing keys.

Thales OneWelcome’s DPoD service was integrated into Fujitsu’s managed Microsoft CA offering to enforce hardened boundaries around root CA keys, provide high availability and redundancy, and enable automated orchestration with zero upfront investment. The solution delivered a cost‑effective, hybrid-capable PKI service with a 99.95% SLA, reduced operational complexity, strengthened regulatory posture for protected health information, and created new upsell opportunities for Fujitsu across its European managed services portfolio.

Fujitsu

Petri Heinälä

Security Offering Architect