I was implemented the Always Encrypted and Dynamic data masking concepts in my azure SQL database on two different tables.

But I have doubt like “Is it possible to apply the dynamic data masking on already encrypted column in same table”.

I tried the above scenario it gives error like “The data type of column 'SSN' does not support data masking function 'partial'.”.

I run the below query for applying the masking on already encrypted column.

ALTER TABLE [dbo].[CustomerTables]
ALTER COLUMN [SSN] ADD MASKED WITH (FUNCTION = 'partial(0,"XXX-XX-",4)');

Can you please tell me is it possible it possible to apply the dynamic data masking on already encrypted column in same table or not.

Pradeep

No, currently encrypted columns cannot be masked. And, you cannot encrypt a column that has been masked.

With Dynamic Data Masking, masked values are produced on the server side. To produce a masked value (especially using a partial mask), SQL Server needs to know the original value (in plaintext). If a column is encrypted with Always Encrypted, SQL Server only knows ciphertext and it cannot decrypt it - only a client application can decrypt the values stored in encrypted columns.