Always Encrypted (introduced in SQL Server 2016) uses client-side encryption ensuring that data is encrypted both in flight and at rest. The encryption relies on keys that are never exposed to SQL Server, which means you can deploy your encrypted database to the cloud without the keys, which are shared only with trusted clients.

SQL Server 2019 (and most recently, Azure SQL Database) takes this technology to the next level, and provides dramatic new capabilities for you to work with encrypted data. This includes rich computation, pattern matching, and range operations over encrypted data. Attend this session and learn how to leverage secure enclaves (based on either hardware or Windows Hyper-V), with Always Encrypted in SQL Server 2019 and Azure SQL Database, so that data also remains encrypted “in use.”