A few months ago we announced the support for virtualization-based security (VBS) enclaves in Azure SQL Database. This announcement brings numerous advantages, including robust confidential queries and seamless cryptographic operations, to all Azure SQL Database offerings, independent from the underlying hardware. You can use the feature with any compute tier (provisioned or serverless), purchasing model (vCore or DTU), compute size and region that aligns with your workload needs. And, since VBS enclaves are available in existing hardware offerings, there is no additional cost.
An Azure SQL Database elastic pool enables software as a service (SaaS) developers to optimize the price performance ratio for a group of databases, within a prescribed budget, while delivering performance elasticity for each database. By incorporating Always Encrypted with VBS enclaves in elastic pools, you can combine robust data protection with the cost-effectiveness that elastic pools offer. This integration ensures that your databases are secure while maintaining an efficient allocation of resources.
Any database you add to the elastic pool will inherit the enclave property from the elastic pool, like the database SLO. Hence, if you add a database without VBS enclaves enabled to an elastic pool with VBS enabled, this new database becomes part of elastic pool and VBS enclaves will be enabled on this database. Adding a database with VBS enclaves enabled to an elastic pool without VBS enclaves is not supported.