Public Preview of Always Encrypted in Azure SQL Database

Always Encrypted is now available for public preview in all service tiers of Azure SQL Database V12. You can use Always Encrypted to ensure sensitive data, such as credit card numbers, is encrypted and decrypted inside client applications or application servers, using keys that are never revealed to Azure SQL Database. As a result, even database administrators, other high privilege users, or attackers gaining illegal access to Azure SQL Database will not be able to access the data.

To get started with Always Encrypted, you will need:

• SQL Server Management Studio (October 2015 preview – version 13.0.700.242, or later) to provision Always Encrypted keys and set up encryption for selected columns within the database.
• An Always Encrypted-enabled SQL client driver, such as ADO.NET in .NET Framework 4.6, which you need to install on machines hosting your client applications or application servers.

This blog already contains multiple articles on Always Encrypted, which are relevant for both SQL Server 2016 and Azure SQL Database V12 and can help you start using the feature. In particular:

• For how to create a new database schema using Always Encrypted and develop a simple application accessing encrypted columns, see Getting Started With Always Encrypted.
• For how to encrypt selected columns in an existing database, see SSMS Encryption Wizard - Enabling Always Encrypted in a Few Easy Steps.
• For how to develop a web application using Always Encrypted, see Developing Web Apps using Always Encrypted.

For additional information, please see Always Encrypted (Database Engine).

Comments

• Anonymous
  November 09, 2015
  What platforms will support this feature?   I get Azure and SQL Server, but what about my offline database (SQL Express)?

• Anonymous
  November 10, 2015
  The comment has been removed

• Anonymous
  November 11, 2015
  Hi Jack. The decision on which editions of SQL Server (in particular Express) will support Always Encrypted has not been finalized yet.

• Anonymous
  November 11, 2015
  @Envo Could you please clarify which operation (request type) on the dacwebservice endpoint you are having trouble with. Please include information about errors, if you are getting any. Thanks.

• Anonymous
  June 13, 2016
  This is great, has this now gone GA, or you have a release date?Many thanks.

• Anonymous
  December 14, 2016
  I am working on an iOS app where I am using Azure App Service with Azure SQL Database. I encrypted few columns by connecting the Azure SQL DB in SQL Server Management Studio 2016. After that I tried to push and pull data from iOS app which gave error. How can I manage this for an iOS app?

  • Anonymous
    December 15, 2016
    To make your app work with Always Encrypted, you need to:- Ensure your app is configured to use .NET 4.6 or later. - Deploy the certificate to the cert store (assuming you are using a certificate as a column master key).- Adjust the connection string stored in App Service to do include column encryption setting=enabled.