Getting Started With Always Encrypted

Updates:  The syntax for column master keys have been updated. Please refer to for details on what is new in Always Encrypted. We have updated the schema for our sample table to follow best practices. Big thanks to Denny Cherry for his feedback and help on greatly improving our sample schema.   The recently… Read more

Announcing Transparent Data Encryption for Azure SQL Database

Available today, SQL Database Transparent Data Encryption (preview) protects your data and helps you meet compliance requirements by encrypting your database, associated backups, and transaction log files at rest without requiring changes to your application. SQL Database TDE is based on SQL Server’s TDE technology which encrypts the storage of an entire database by using… Read more

Using Always Encrypted with Entity Framework 6

Entity Framework 6 was not designed from the start to work with the Always Encrypted feature of SQL Server 2016. However, a lot of effort has gone into making the feature work as transparently as possible with existing code. This article explores the limitations you will need to work around and the potential issues you… Read more

Database Encryption Key (DEK) management

This post will talk about DEK, what it is and how it is securely stored and managed inside a database. Before enabling TDE a DEK must be created which is used to encrypt the contents of the database. It is a symmetric key and supported algorithms are AES with 128-bit, 192bit, or 256bit keys or… Read more

Using the Azure Key Vault Key Store Provider for Always Encrypted

During the SQL PASS Summit 2015, we released a custom key store provider that enables support for column master keys stored in Azure Key Vault to  As you may recall, an earlier blog post discussed the process of creating a custom key store provider using Azure Key Vault as an example key store.  That… Read more

SQL Server and the Windows Server 2008 Firewall

We’ve long recommended that customers use the Windows Firewall to protect SQL Server installations. Starting with Windows XP/SP2, and continuing with Windows Vista, the firewall has been enabled by default on Windows client operating systems. Windows Server 2008 marks the first time this protection has been extended to a Windows Server OS. For those of… Read more

SQL Server 2012 Best Practices Analyzer

Copied from an internal email from a PM on the team, Jakub – I’m pleased to announce that SQL Server 2012 Best Practices Analyzer (BPA) has been released and is available for download at Customer Value The Microsoft SQL Server 2012 BPA is a diagnostic tool thatperforms the following functions: Gathers information about a… Read more

Enforce Windows Password Policy on SQL Server Logins

If users choose to use SQL login to connect to SQL Server rather than using NT authenticating, it is worth to remind that SQL server does provide the option of enforcing window password policy on SQL logins. When creating a SQL login you can specify CHECK_POLICY=on, which will enforced on this login of the Windows… Read more

Database Engine Permission Basics

I am posting this on behalf of my colleague Rick Byham, a technical writer on the SQL Server Team. Database Engine permissions are managed at the server level through logins and fixed server roles, and at the database level through database users and user-defined database roles. Logins Logins are individual user accounts for logging on… Read more

Microsoft ® Source Code Analyzer for SQL Injection – June 2008 CTP

Today Microsoft has released a Community Technology Preview of a new source code analyzer that can help ASP developers find SQL Injection vulnerabilities in their code.   Three weeks ago Microsoft released guidance ( on protecting ASP and ASP.NET web sites against SQL injection attacks. At the same time, Microsoft took an action item to develop… Read more