Always Encrypted is a family of industry-leading data protection features that provide a separation between those who own the data and can view it, and those who manage the data but should have no access. Until now, Always Encrypted with secure enclaves in Azure SQL Database relied on a hardware solution, Intel Software Guard Extensions (SGX) hardware enclaves. With the release of Azure SQL Database Always Encrypted with virtualization-based security (VBS) this dependency is removed.
Unlike Intel SGX, virtualization-based security (VBS) is a software-based solution with no hardware dependency. This allows you to bring the benefits of Always Encrypted with secure enclaves to all Azure SQL Database offerings. You can use the feature with a compute tier (provisioned or serverless), a purchasing model (vCore or DTU), a compute size (currently, up to 128 vCores), and a region that best matches your workload requirements. And, since VBS enclaves are available in existing hardware offerings, they come with no extra cost.
Home Business IT General availability: Azure SQL Database Always Encrypted with virtualization-based security (VBS) enclaves