Double Key Encryption (DKE) - Why two keys?

DKE gives an extra layer of security allowing you to retain control of one of the keys-giving you ultimate authority over access to your data. It was also designed to fulfill regulatory and compliance standards which require the use of multiple keys to protect sensitive/highly regulated data. DKE helps organizations meet these requirements. Imagine a scenario where one key is compromised, your data remains protected because the second key is still required to access the encrypted information. This gives a layer of resilience.

However, even as you adopt DKE, you should note that it is intended for your most sensitive data that is subject to the strictest protection requirements. Users are advised to conduct due diligence in identifying the right data to cover with this solution before you deploy. In some cases, you might need to narrow your scope and use other solutions.
Link to relevant documentation: 
Double Key Encryption (DKE) | Microsoft Learn