Hi,
Can you please suggest how can we make it secure so that the hacker will not be able to read the data no matter even if the server is hacked?
The basic idea of Always Encrypted is that the encryption keys is never revealed to the Database Engine, so it has no meaning if the server is hacked https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver16&WT.mc_id=DP-MVP-5001699 According to your description you stored the key in the Azure Key Vault, which mean that as long as the client cannot connect to it then it cannot use it.