Always Encrypted

E56730

SQL Server security feature data encryption technology

Always Encrypted is a SQL Server security feature that protects sensitive data by encrypting it both at rest and in transit while keeping encryption keys only on the client side.

Try in SPARQL Jump to: Surface forms Statements Referenced by

All labels observed (1)

Label	Occurrences
Always Encrypted canonical	3

Statements (51)

Predicate	Object
instanceOf	SQL Server security feature ⓘ data encryption technology ⓘ
appliesTo	Azure SQL Database ⓘ Azure SQL Managed Instance ⓘ SQL Server ⓘ surface form: Microsoft SQL Server
category	data protection ⓘ database security ⓘ
designedFor	protecting credit card numbers ⓘ protecting financial data ⓘ protecting health information ⓘ protecting national identification numbers ⓘ
deterministicEncryptionAllows	equality comparisons ⓘ
developedBy	Microsoft ⓘ
differsFrom	Transparent Data Encryption by encrypting data in use on server side ⓘ
doesNotSupport	LIKE operator on randomized encrypted columns ⓘ range queries on encrypted columns without special techniques ⓘ
encrypts	specific database columns ⓘ
helpsWith	compliance requirements ⓘ data privacy regulations ⓘ
integratesWith	SQL Server Management Studio ⓘ Visual Studio ⓘ
introducedIn	SQL Server ⓘ surface form: SQL Server 2016
isTransparentTo	database engine ⓘ
limits	operations on encrypted columns ⓘ
performsDecryption	on client side ⓘ
performsEncryption	on client side ⓘ
prevents	DBA from seeing plaintext data ⓘ database engine from seeing plaintext data ⓘ high-privilege users from seeing plaintext data ⓘ
protects	sensitive data ⓘ
randomizedEncryptionDisallows	equality joins ⓘ
randomizedEncryptionProvides	higher security ⓘ
relatedTo	Transparent Data Encryption ⓘ
requires	enabled client driver ⓘ schema changes for encrypted columns ⓘ supported ADO.NET driver ⓘ supported ODBC driver ⓘ
storesKeys	client side ⓘ
supports	deterministic encryption ⓘ encryption at rest ⓘ encryption in transit ⓘ randomized encryption ⓘ
supportsAlgorithm	AES-256 ⓘ RSA ⓘ
supportsKeyStorageIn	Azure Key Vault ⓘ Windows Certificate Store ⓘ hardware security modules ⓘ
uses	column encryption keys ⓘ column master keys ⓘ column-level encryption ⓘ encryption keys ⓘ

Referenced by (3)

Full triples — surface form annotated when it differs from this entity's canonical label.

SQL Server → supportsFeature → Always Encrypted ⓘ

Azure SQL Database → supportsFeature → Always Encrypted ⓘ

Azure SQL Managed Instance → supports → Always Encrypted ⓘ