Always Encrypted with Secure Enclaves – Try It Now in SQL Server 2019 Preview!

Last year, we revealed our efforts to bring confidential computing capabilities of Always Encrypted to the next level, by leveraging secure enclave technologies. Over the last twelve months, the SQL team, alongside Microsoft Research, Windows and Developer Tools groups, have worked together to make the SQL Server platform the first commercial RDBMS that can protect… Read more

Enabling Confidential Computing with Always Encrypted using Enclaves (Early Access Preview)

Last week at Ignite, we announced a major SQL security investment that enhances Always Encrypted with secure enclave technologies to enable: Rich computations on encrypted columns, including pattern matching, range comparisons, and sorting, which unlocks Always Encrypted to a broad range applications and scenarios that require such computations to be performed inside the database system…. Read more

Getting Started with Always Encrypted using PowerShell

In the previous articles from the Always Encrypted blog series, we demonstrated how to configure Always Encrypted using SQL Server Management Studio. In this article, we will show you how to configure Always Encrypted from the command line, using PowerShell. Prerequisites To try the examples in this article, you need: A database, named Clinic, hosted… Read more

Parameterization for Always Encrypted – Using SSMS to Insert into, Update and Filter by Encrypted Columns

SQL Server  Management Studio 17.o (the next major update of SSMS, currently available as a Release Candidate) introduces two important capabilities for Always Encrypted: Ability to insert into, update and filter by values stored in encrypted columns from a Query Editor window. The new online encryption algorithm, exposed in the Set-SqlColumnEncryption PowerShell cmdlet, which makes tables available… Read more

Always Encrypted in Azure SQL Database is Generally Available

I’m happy to announce Always Encrypted in Azure SQL Database is now generally available! Always Encrypted is a feature designed to ensure sensitive data and its corresponding encryption keys are never revealed in plaintext to the database system. With Always Encrypted enabled, a SQL client driver encrypts and decrypts sensitive data inside client applications or application servers,… Read more

Developing Databases using Always Encrypted with SQL Server Data Tools

We are excited to announce that SQL Server Data Tools (SSDT) now supports developing databases using Always Encrypted. Always Encrypted is a feature in SQL Server 2016 and Azure SQL Database that ensures your sensitive data is never revealed in plaintext to the database system. An Always Encrypted-enabled client driver achieves that by transparently encrypting and… Read more

Best Practices for Moving Data Encrypted with Always Encrypted

With the introduction of Always Encrypted, Microsoft’s SQL platform (SQL Server 2016 and SQL Azure DB) protects sensitive data in use (during transactions and computations) without requiring any significant re-work in your applications. In a typical scenario, a client application is set up with Always Encrypted enabled in the database connection string. This instructs the… Read more

Using SQL Server Integration Services (SSIS) with Always Encrypted

We would like share a couple of links to two articles, just published on SQL Server IntegrationServices (SSIS) Blog, which provide guidance for how to use SSIS with Always Encrypted: SSIS with Always Encrypted Lookup transformation with Always Encrypted… Read more

Using Hardware Security Modules with Always Encrypted

Using Hardware Security Modules with Always Encrypted In the examples from the previous articles on Always Encrypted, we demonstrated column master keys stored in Windows Certificate Store and in Azure Key Vault. In this article, we will introduce yet another option: storing column master keys in hardware security modules (HSMs). HSM Primer and Introduction to… Read more

Using the Azure Key Vault Key Store Provider for Always Encrypted

During the SQL PASS Summit 2015, we released a custom key store provider that enables support for column master keys stored in Azure Key Vault to  As you may recall, an earlier blog post discussed the process of creating a custom key store provider using Azure Key Vault as an example key store.  That… Read more