Ned Otter has started a new series on Always Encrypted with Secure Enclaves in SQL Server 2019:
SQL 2019 supports an enhanced version of Always Encrypted, known as “Secure Enclaves”. What is an enclave? It’s like a consulate: “….a state that is enclosed within the territory of another state”.
It takes the form of a protected region of memory within the SQL Server environment, requiring special credentials for access. Data in the secure enclave lives in an unencrypted state.
However, as I’ll discuss later in this series, depending on how your organization implements Always Encrypted with Secure Enclaves, it might not be as secure as you had hoped.
That’s pretty ominous. The first part is a fairly high-level overview which gets you familiar with enclaves.