Always Encrypted with Secure Enclaves – Try It Now in SQL Server 2019 Preview!

Last year, we revealed our efforts to bring confidential computing capabilities of Always Encrypted to the next level, by leveraging secure enclave technologies. Over the last twelve months, the SQL team, alongside Microsoft Research, Windows and Developer Tools groups, have worked together to make the SQL Server platform the first commercial RDBMS that can protect… Read more

Enabling Confidential Computing with Always Encrypted using Enclaves (Early Access Preview)

Last week at Ignite, we announced a major SQL security investment that enhances Always Encrypted with secure enclave technologies to enable: Rich computations on encrypted columns, including pattern matching, range comparisons, and sorting, which unlocks Always Encrypted to a broad range applications and scenarios that require such computations to be performed inside the database system…. Read more

Getting Started with Always Encrypted using PowerShell

In the previous articles from the Always Encrypted blog series, we demonstrated how to configure Always Encrypted using SQL Server Management Studio. In this article, we will show you how to configure Always Encrypted from the command line, using PowerShell. Prerequisites To try the examples in this article, you need: A database, named Clinic, hosted… Read more

Parameterization for Always Encrypted – Using SSMS to Insert into, Update and Filter by Encrypted Columns

SQL Server  Management Studio 17.o (the next major update of SSMS, currently available as a Release Candidate) introduces two important capabilities for Always Encrypted: Ability to insert into, update and filter by values stored in encrypted columns from a Query Editor window. The new online encryption algorithm, exposed in the Set-SqlColumnEncryption PowerShell cmdlet, which makes tables available… Read more

Using SQL Server Integration Services (SSIS) with Always Encrypted

We would like share a couple of links to two articles, just published on SQL Server IntegrationServices (SSIS) Blog, which provide guidance for how to use SSIS with Always Encrypted: SSIS with Always Encrypted Lookup transformation with Always Encrypted… Read more

Using Hardware Security Modules with Always Encrypted

Using Hardware Security Modules with Always Encrypted In the examples from the previous articles on Always Encrypted, we demonstrated column master keys stored in Windows Certificate Store and in Azure Key Vault. In this article, we will introduce yet another option: storing column master keys in hardware security modules (HSMs). HSM Primer and Introduction to… Read more

Using the Azure Key Vault Key Store Provider for Always Encrypted

During the SQL PASS Summit 2015, we released a custom key store provider that enables support for column master keys stored in Azure Key Vault to  As you may recall, an earlier blog post discussed the process of creating a custom key store provider using Azure Key Vault as an example key store.  That… Read more

Public Preview of Always Encrypted in Azure SQL Database

Always Encrypted is now available for public preview in all service tiers of Azure SQL Database V12. You can use Always Encrypted to ensure sensitive data, such as credit card numbers, is encrypted and decrypted inside client applications or application servers, using keys that are never revealed to Azure SQL Database. As a result, even… Read more

SSMS Encryption Wizard – Enabling Always Encrypted in a Few Easy Steps

As we explained in the previous articles, Always Encrypted is a client-side encryption technology – the database system (SQL Server or Azure SQL Database) does not have access to plaintext encryption keys and cannot encrypt or decrypt data protected with Always Encrypted. Consequently, enabling Always Encrypted in a database requires the use of client-side tools to… Read more

New Enhancements in Always Encrypted

The new version of SQL Server Management Studio (October 2015 Preview – build 13.0.700.242) and .NET Framework 4.6.1 RC bring several exciting enhancements to Always Encrypted. In the next few articles, we will cover these enhancements in details. For now, we will provide a brief summary of what is new. Note: If you used Always… Read more