Using SQL Server Integration Services (SSIS) with Always Encrypted

We would like share a couple of links to two articles, just published on SQL Server IntegrationServices (SSIS) Blog, which provide guidance for how to use SSIS with Always Encrypted: SSIS with Always Encrypted Lookup transformation with Always Encrypted… Read more

Row-Level Security block predicates are generally available on Azure SQL Database

Azure SQL Database’s Row-Level Security (RLS) feature now officially supports block predicates. In contrast to filter predicates, which limit the rows visible to a user, block predicates prevent a user from inserting, updating, or deleting rows that violate your access criteria. You should use filter and block predicates together to control both read and write access to… Read more

Using Hardware Security Modules with Always Encrypted

Using Hardware Security Modules with Always Encrypted In the examples from the previous articles on Always Encrypted, we demonstrated column master keys stored in Windows Certificate Store and in Azure Key Vault. In this article, we will introduce yet another option: storing column master keys in hardware security modules (HSMs). HSM Primer and Introduction to… Read more

Using the Azure Key Vault Key Store Provider for Always Encrypted

During the SQL PASS Summit 2015, we released a custom key store provider that enables support for column master keys stored in Azure Key Vault to  As you may recall, an earlier blog post discussed the process of creating a custom key store provider using Azure Key Vault as an example key store.  That… Read more

Tutorial: Row-Level Security and Entity Framework

In response to a common customer question, we’ve published a short tutorial showing how to use Row-Level Security with Entity Framework.  The tutorial extends an existing ASP.NET MVC app to support a “shared database, shared schema” tenancy model. In this model, a single database contains data for many tenants, and each row in each table is… Read more

Public Preview of Always Encrypted in Azure SQL Database

Always Encrypted is now available for public preview in all service tiers of Azure SQL Database V12. You can use Always Encrypted to ensure sensitive data, such as credit card numbers, is encrypted and decrypted inside client applications or application servers, using keys that are never revealed to Azure SQL Database. As a result, even… Read more

Azure Key Vault Integration for Azure SQL Server VMs

Last week, the SQL VM team announced the Azure Key Vault Integration feature. The Azure Key Vault (AKV) Integration feature simplifies the process for setting up your Azure SQL Server VM to use Azure Key Vault for key protection. If you are planning on using the SQL Server Connector to enable SQL Server encryption with… Read more

SSMS Encryption Wizard – Enabling Always Encrypted in a Few Easy Steps

As we explained in the previous articles, Always Encrypted is a client-side encryption technology – the database system (SQL Server or Azure SQL Database) does not have access to plaintext encryption keys and cannot encrypt or decrypt data protected with Always Encrypted. Consequently, enabling Always Encrypted in a database requires the use of client-side tools to… Read more

Dynamic Data Masking is now generally available for Azure SQL Database

  We’re delighted to announce the general availability of Dynamic Data Masking for Azure SQL Database version V12. Dynamic Data Masking (DDM) is used to limit access to sensitive data in the database by obfuscating it on-the-fly in query results. Many customers are already using DDM to protect their sensitive data and we encourage you… Read more

Oil & Gas Security Demo with SQL Server 2016

At our security session today at PASS Summit 2015, we were extremely fortunate to be joined by Jamey Johnston, a Data Scientist at a large independent Oil & Gas company, who shared a comprehensive demo using Row-Level Security, Dynamic Data Masking, and Always Encrypted to control access to oil well production data. Jamey’s demo showcases… Read more