Blog Post

Azure SQL Blog

3 MIN READ

Always Encrypted vs Always Encrypted with secure enclaves

Microsoft

Jun 06, 2024

Introduction Encryption is a vital technique for protecting sensitive data from unauthorized access or modification. SQL Server and Azure SQL Database offer two encryption technologies that allow y...

Updated Jun 05, 2024

Version 1.0

Microsoft

Joined March 29, 2019

View Profile

Azure SQL Blog

Follow this blog board to get notified when there's new activity

PieterVanhove

Microsoft

Jul 09, 2024

Hi Francesco_beqom,

As devakishore mentioned, Always Encrypted with secure enclaves gives you much more flexibility compared to Always Encrypted.

The first version of Always Encrypted didn't use an enclave, so you were limited when you want to use an encrypted column in a where clause.

The enclave allows your to use rich confidential queries and use like, < >, BETWEEN, etc. in the where-clause on encrypted columns. Another advantage of the enclave is that it is used during the initial encryption. So, the data doesn't have to leave the database anymore to perform the initial encryption.

More information on how Always Encrypted with secure enclaves works can be found in our documentation or in this blog post.

Regarding your comment on Dynamic Data Masking and Always Encrypted. That is correct, DDM is not an encryption feature and the data is still in plaintext in the database.