Open Microsoft SQL Server Management Studio.

Connect to the SQL Server.

Open your database, and go to Security > Always Encrypted Keys > Column Master Key. Right-click and select New Column Master Key.

In the New Column Master Key window, enter a name and select Key Storage Provider (CNG) in the Key Store drop-down list.

Select Futurex CNG in the Select a provider drop-down list.

Select [ Generate Key ].

Select [ OK ] to save and close.

Under the same database, go to Security > Always Encrypted Keys > Column Encryption Key. Right-click and select New Column Encryption Key.

Enter a name for the key. Then, select the CEK you generated in the previous section in the drop-down list.

Select [ OK ] to finish.

Under the database, expand Tables. Right-click on the table you want to encrypt and select Encrypt Columns.

In the Always Encrypted wizard, on the Introduction page, select [ Next ].

In the Column Selection page, select the columns you want to encrypt, select the Encryption Type, and set the Encryption Key to the CEK you generated in the previous subsection. Then, select [ Next ].

In the Master Key Configuration page, select [ Next ].

In the In-Place Encryption Settings page, select [ Next ].

In the Run Settings page, select Proceed to finish now, and select [ Next ].

In the Summary page, select [ Finish ].

Select [ Close ] to finish.

Open Microsoft SQL Management Studio.

Go to the Always Encrypted tab.

Select the Enable Always Encrypted (column encryption) checkbox.

Connect to the server with the administrative user you used to configure Always Encrypted.

When you run your first query, a dialog box appears, prompting you to enable Parameterization. Select either [ Enable ] or [ Close ]. You can modify this setting later under Query > Query Options > Advanced.

Query your encrypted table.