Merge branch 'main' of

WilliamDAssafMSFT · WilliamDAssafMSFT · commit b0f448d7ee1c · 2024-04-16T09:37:11.000-07:00
diff --git a/docs/relational-databases/security/encryption/always-encrypted-enclaves.md b/docs/relational-databases/security/encryption/always-encrypted-enclaves.md
@@ -219,6 +219,7 @@ The following limitations are specific to Always Encrypted with secure enclaves:
 - Tooling limitations:
   - The only supported key stores for storing enclave-enabled column master keys are Windows Certificate Store and Azure Key Vault.
   - To trigger an in-place cryptographic operation via `ALTER TABLE`/`ALTER COLUMN`, you need to issue the statement using a query window in SSMS or Azure Data Studio, or you can write your own program that issues the statement. Currently, the `Set-SqlColumnEncryption` cmdlet in the SqlServer PowerShell module and the Always Encrypted wizard in SQL Server Management Studio don't support in-place encryption. Move the data out of the database for cryptographic operations, even if the column encryption keys used for the operations are enclave-enabled.
+- When you restore a VBS enclave-enabled database, it's essential to reconfigure the VBS enclave setting again.
 
 ## Next steps
 
diff --git a/docs/relational-databases/security/encryption/configure-always-encrypted-keys-using-ssms.md b/docs/relational-databases/security/encryption/configure-always-encrypted-keys-using-ssms.md
@@ -34,9 +34,6 @@ The **New Column Master Key** dialog allows you to generate a column master key
     - **Certificate Store - Current User** - indicates the Current User certificate store location in the Windows Certificate Store, which is your personal store.
     - **Certificate Store - Local computer** - indicates the Local computer certificate store location in the Windows Certificate Store. 
     - **Azure Key Vault** -  you need to sign in to Azure (click **Sign in**). Once you sign in, you are able to select one of your Azure subscriptions and a key vault or a managed HSM (requires SSMS 18.9 or later).
-        > [!NOTE]
-        > The **New Column Master Key** dialog does not currently support key vaults using role permissions for authorization. Only key vaults using access policies are supported.
-
         > [!NOTE]
         > Using column master keys stored in a [managed HSM](/azure/key-vault/managed-hsm/overview) in Azure Key Vault requires SSMS 18.9 or a later version.
 
