Share via


Public Preview of Always Encrypted in Azure SQL Database

Always Encrypted is now available for public preview in all service tiers of Azure SQL Database V12. You can use Always Encrypted to ensure sensitive data, such as credit card numbers, is encrypted and decrypted inside client applications or application servers, using keys that are never revealed to Azure SQL Database. As a result, even database administrators, other high privilege users, or attackers gaining illegal access to Azure SQL Database will not be able to access the data.

To get started with Always Encrypted, you will need:

  • SQL Server Management Studio (October 2015 preview – version 13.0.700.242, or later) to provision Always Encrypted keys and set up encryption for selected columns within the database.
  • An Always Encrypted-enabled SQL client driver, such as ADO.NET in .NET Framework 4.6, which you need to install on machines hosting your client applications or application servers.

This blog already contains multiple articles on Always Encrypted, which are relevant for both SQL Server 2016 and Azure SQL Database V12 and can help you start using the feature. In particular:

For additional information, please see Always Encrypted (Database Engine).

Comments

  • Anonymous
    November 09, 2015
    What platforms will support this feature?   I get Azure and SQL Server, but what about my offline database (SQL Express)?

  • Anonymous
    November 10, 2015
    The comment has been removed

  • Anonymous
    November 11, 2015
    Hi Jack. The decision on which editions of SQL Server (in particular Express) will support Always Encrypted has not been finalized yet.

  • Anonymous
    November 11, 2015
    @Envo Could you please clarify which operation (request type) on the dacwebservice endpoint you are having trouble with. Please include information about errors, if you are getting any. Thanks.

  • Anonymous
    June 13, 2016
    This is great, has this now gone GA, or you have a release date?Many thanks.

  • Anonymous
    December 14, 2016
    I am working on an iOS app where I am using Azure App Service with Azure SQL Database. I encrypted few columns by connecting the Azure SQL DB in SQL Server Management Studio 2016. After that I tried to push and pull data from iOS app which gave error. How can I manage this for an iOS app?

    • Anonymous
      December 15, 2016
      To make your app work with Always Encrypted, you need to:- Ensure your app is configured to use .NET 4.6 or later. - Deploy the certificate to the cert store (assuming you are using a certificate as a column master key).- Adjust the connection string stored in App Service to do include column encryption setting=enabled.