Overview Encryption Hierarchy Choose an Encryption Algorithm Transparent Data Encryption (TDE) Move a TDE Protected Database to Another SQL Server Enable TDE on SQL Server Using EKM TDE with Azure SQL TDE with Bring Your Own Key Configure TDE with BYOK Rotate TDE BYOK keys Remove TDE protector SQL Server and Database Encryption Keys Service Master Key Extensible Key Management (EKM) Extensible Key Management Using Azure Key Vault Setup Steps for Extensible Key Management Using the Azure Key Vault Use SQL Server Connector with SQL Encryption Features SQL Server Connector Maintenance & Troubleshooting Back Up the Service Master Key Restore the Service Master Key Create a Database Master Key Back Up a Database Master Key Restore a Database Master Key Create Identical Symmetric Keys on Two Servers Encrypt a Column of Data Always Encrypted Always Encrypted Wizard Overview of Key Management for Always Encrypted Create and Store Column Master Keys (Always Encrypted) Configure Always Encrypted using SQL Server Management Studio Configure Always Encrypted using PowerShell Configure Always Encrypted Keys using PowerShell Rotate Always Encrypted Keys using PowerShell Configure Column Encryption using PowerShell Always Encrypted (client development) Develop Applications using Always Encrypted with the .NET Framework Data Provider for SQL Server Always Encrypted Cryptography Migrate Sensitive Data Protected by Always Encrypted