Azure SQL Always Encrypted Now Generally Available

Microsoft has just announced that their “Always Encrypted” feature for Azure SQL has now been released to General Availability.

Always Encrypted allows you to consistently store columns of data within SQL tables as encrypted data. The encryption/decryption happens at the .NET calling layer so that the underlying data at rest is always encrypted. In order to encrypt/decrypt the calling application has to be registered, have sufficient permissions and access to the encryption keys.

By leveraging Always Encrypted, any DBA level access has no ability to decrypt the data without going through the application tier. Any direct SQL call will result in encrypted data being returned.

Another advantage to this approach is selective column encryption – only columns specified by the schema are encrypted such as personal information, credit card numbers, etc.

Christopher Woodill

About ME

Enterprise technology leader for the past 15+ years…certified PMP, Six Sigma Black Belt and TOGAF Enterprise Architect. I collaborate with companies to help align their strategic objectives with concrete implementable technology strategies. I am Vice President, Enterprise Solutions for Klick Health.

Leave a Comment