To trigger an enclave-enabled (in-place) encryption operation using the Set-SqlColumnEncryption cmdlet, one needs to specify the enclave parameters - EnclaveAttestationProtocol and EnclaveAttestationURL (as per the enclave being used). But, if the operation is found to be ineligible to be carried out on a secure enclave, then the cmdlet silently falls back to client-side mode of encryption.
This enhancement is to implement a switch parameter DisableFallBackToClientSide for the Set-SqlColumnEncryption cmdlet. On specifying this parameter, the cmdlet would error out with an appropriate error message if the operation is ineligible for in-place mode instead of silently falling back to client-side mode of encryption.
To trigger an enclave-enabled (in-place) encryption operation using the
Set-SqlColumnEncryptioncmdlet, one needs to specify the enclave parameters -EnclaveAttestationProtocolandEnclaveAttestationURL(as per the enclave being used). But, if the operation is found to be ineligible to be carried out on a secure enclave, then the cmdlet silently falls back to client-side mode of encryption.This enhancement is to implement a switch parameter
DisableFallBackToClientSidefor theSet-SqlColumnEncryptioncmdlet. On specifying this parameter, the cmdlet would error out with an appropriate error message if the operation is ineligible for in-place mode instead of silently falling back to client-side mode of encryption.