Welcome to the first of three blog posts about the next releases of SQL Server Management Studio (SSMS), and the roadmap for 2024! This first post is high-level and appropriate for anyone who uses SSMS.
We would like to start by sharing information about SSMS 20, which is the next major version release of SSMS (the current release is SSMS 19.3). The SSMS 20 release focuses on a set of connection and security changes.
New look, same connection dialog
In SSMS 20 we have made changes to the connection dialog. In the screenshot below, you will see the Login and Connection Properties pages for the connection dialogs for SSMS 19 and 20 compared side-by-side.
Login page:
Connection properties page:
In SSMS 20, the following changes have been made in the connection dialog to encourage security best practices and improve the visibility of these important options:
- There is a new Connection Security section on the Login page.
- The Encrypt connection property has moved from the Connection Properties page to the Login page.
- The property has been renamed Encryption.
- The property has changed from a checkbox to a drop-down menu.
- The default option for Encryption is now Mandatory.
- In SSMS 19 and earlier, the property was not selected, which meant the default value for Encrypt connection was False.
- The Encryption property now has three options, instead of two, which you will see in the drop-down menu.
SSMS 19.x and below Encryption options | SSMS 20.0 Encryption options |
True (checked) | Mandatory |
False (unchecked) | Optional |
Strict (SQL Server 2022 and Azure SQL) |
- The Trust server certificate property has moved from the Connection Properties page to the Login page.
- A new property, Host name in certificate, has been added to the Login page.
How does this affect my existing connections?
When you open SSMS 20 for the first time, you will be asked if you want to import settings from SSMS 18 or SSMS 19.
If you choose to import settings from either, this will also import the most recently used (MRU) connection entries.
We recommend you review the selections for each imported connection in SSMS 20 before you connect. For connections to Azure SQL Database or Azure SQL Managed Instance, it is recommended to review imported connections in the most recently used (MRU) list and update them to use Strict (SQL Server 2022 and Azure SQL) encryption. Both Azure SQL Database and Azure SQL Managed Instance support encrypted connections and are configured with trusted certificates. Strict (SQL Server 2022 and Azure SQL) encryption is also supported in SQL Server starting with SQL Server 2022.
If you previously connected to SQL Server with the Encrypt connection option enabled (checked), and you do not have a trusted certificate installed (for example, you’re using a self-signed certificate), you'll be prompted to enable the Trust server certificate option for that imported connection:
With Trust server certificate enabled, you’ll be able to connect. If you do not enable it, you won’t be able to connect and you will need to review the configuration to verify that a trusted certificate is installed. Note: if you encounter issues navigating the connection changes in SSMS 20, you can temporarily workaround them by using SSMS 19.x, which can be installed side-by-side with SSMS 20.
Within the same prompt, you can also enable Trust server certificate for all the imported connections in the MRU list. This will only apply to imported connections.
We will not have an option to enable Trust server certificate by default for new connections. Such a setting makes it easier for folks to not be secure. We want to encourage improved security (e.g. for Azure SQL DB and Azure SQL MI, you can and should use Strict (SQL Server 2022 and Azure SQL) encryption).
How do I know what type of encryption to use?
If you are not sure whether your SQL Server supports encryption for connections, you’ll want to check with your database and/or server administrator.
Call to action
It’s atypical for us to share this much detail about a release before it’s available, but we don’t want folks to be surprised.
Feel free to bookmark aka.ms/ssms-connection, which currently points to this post, but will update to redirect to a new Learn page that includes details about the connection changes in SSMS 20 when the Preview build is released. There will be additional updates to existing documentation to help customers navigate this change. We hope that with advance notification, companies will be better prepared to transition into supporting these encryption changes.
What’s next?
The second post in this series will discuss these security changes in more detail.
We will have a Preview release for SSMS 20, and it will be available in the next few weeks. Yes, you read that correctly. Soon after the Preview, we will look to make SSMS 20 generally available.
For those who are wondering about the other changes we discussed for SSMS 20 (migrating to the Visual Studio 2022 shell, etc.), stay tuned for the third post. We will still be making these important changes, but not in SSMS 20.