Public Preview of Always Encrypted in Azure SQL Database

Always Encrypted is now available for public preview in all service tiers of Azure SQL Database V12. You can use Always Encrypted to ensure sensitive data, such as credit card numbers, is encrypted and decrypted inside client applications or application servers, using keys that are never revealed to Azure SQL Database. As a result, even database administrators, other high privilege users, or attackers gaining illegal access to Azure SQL Database will not be able to access the data.

To get started with Always Encrypted, you will need:

  • SQL Server Management Studio (October 2015 preview – version 13.0.700.242, or later) to provision Always Encrypted keys and set up encryption for selected columns within the database.
  • An Always Encrypted-enabled SQL client driver, such as ADO.NET in .NET Framework 4.6, which you need to install on machines hosting your client applications or application servers.

This blog already contains multiple articles on Always Encrypted, which are relevant for both SQL Server 2016 and Azure SQL Database V12 and can help you start using the feature. In particular:

For additional information, please see Always Encrypted (Database Engine).