0

Always Encrypted and Dynamic data masking are two important security features available in SQL Server 2016. Can both of these features co-exist on single database table.

If yes, what should be the order? Shall we perform masking on encrypted columns or shall we perform encryption on masked columns?

Nikhil Vithlani - Microsoft
  • 797
  • 5
  • 13
user2016941
  • 11
  • 1

1 Answers1

0

Using Always Encrypted with Dynamic Data Masking is currently not supported.

  • Always Encrypted does not support encrypting a masked column.
  • Always Encrypted encrypts the data on the client and sever never has access to the keys. hence, the server only has access to ciphertext for an encrypted. Hence for an encrypted column, the server will be unable to generated the masked values.
Nikhil Vithlani - Microsoft
  • 797
  • 5
  • 13