Choosing an Azure Ledger Technology

Choosing an Azure Ledger Technology

Date Published
(MM/dd/YYYY): 06/17/2021


At the annual Microsoft Build 2021 Developer Conference, we announced two
new products that are based on blockchain technology.  Azure Confidential
, now in preview, offers a fully managed service for customers who
need to store sensitive data with high integrity and confidentiality. Azure SQL Database ledger,
also in preview, enables storage of sensitive relational data in a
tamper-evident way.


In this blog post, we’ll introduce you to both of these new products as well
as help you understand when it makes sense to use them individually, together,
and even with an existing blockchain system.


Confidential Ledger

Enterprises running sensitive workloads need a secure way to store their
logs and important metadata while collaborating with other parties. 
The Confidential Consortium Framework (CCF) is a
Microsoft-created open framework for building confidential permissioned
blockchain services. By running a confidential blockchain network of nodes in secure enclaves, data remains append-only with immutability
guarantees and the data from the client goes straight to the ledger’s


Building on the CCF framework, Azure Confidential
 (preview) provides the ability to store sensitive data records
with integrity and confidentiality guarantees, all in a highly available and
performant manner. Stored data remains immutable and tamper-proof in the
append-only ledger with the benefits of a fully managed solution that provides
infrastructure and operations so customers can get started quickly. The service
provides these assurances by harnessing the power of Confidential Computing‘s secure enclaves when setting up
the decentralized blockchain network. Microsoft’s access is limited to setting
up and managing the network, and this specialized design means that only the
customer has access to transaction data in the Confidential Ledger.


Asking yourself the following questions can help you decide if Azure
Confidential Ledger is right for you:


  1. Do you need to store unstructured data (i.e. files,
    digests) that must remain intact for recordkeeping purposes?
  2. Are you working with sensitive workflows where
    confidentiality must be maintained?
  3. Are you in need of a service that has high integrity
    and security with a minimalistic trusted computing base?
  4. Are you working with parties that need irrefutable
    evidence that tampering did not occur to the stored data?

If you said yes to one or more of these, Azure Confidential Ledger is right
for you. Customers have been using Azure Confidential Ledger in various
ways. Novaworks,
an e-parliamentary software solution, is using Azure Confidential Ledger to
securely log votes in a tamper-proof ledger for a high-fidelity voting process.


SQL Database ledger

Azure SQL Database
 (preview) is a tamper-evident solution for your databases that
provides cryptographic proof of your database’s integrity.  Using a
blockchain data structure implemented as system tables in your database, the
ledger feature ensures that any transaction which modifies relational data in
your database can be tracked, and any potential tampering detected and easily
remediated.  Providing proof that your data has not been tampered with is
as simple as running a stored procedure that compares the calculated
cryptographic hashes in your database against a database digest, which is
published automatically in a secure location, such as Azure Confidential


Ledger is a feature of Azure SQL Database, meaning there is no additional
cost to add tamper-evidence capabilities.  You don’t have to migrate data
from your existing SQL databases to add tamper-evidence capabilities and no
changes are needed to your applications as ledger is an extension of existing
SQL table functionality. 


Asking yourself the following questions can help you decide if Azure SQL
Database ledger is right for you.


  1. Do you have business-critical data in Azure SQL
    Database where you must ensure data integrity is intact?
  2. Can 3rd parties who interact with your
    data accept a “trust, but verify” model rather than each party having a
    copy of the ledger?
  3. Do you need to prove to auditors or regulators that
    your data has not been tampered with?
  4. Do you have a need for queryability and strong data
    management capabilities, such as streaming data from a blockchain to an
    off-chain store while maintaining integrity from on-chain to off-chain?

If you can answer “yes” to any of these questions, then Azure SQL Database
ledger is right for you.  Customers like, who provide a
global liquidity network for banks, are already using this capability to
provide a ledger of transactions to regulators to prove that global banking
transactions have not been tampered.  Read our blog to learn


it all together

Trust is foundational in any business process that spans organizational
boundaries.  Microsoft goes beyond traditional blockchains, using the
building blocks of this technology as the underpinning for the distributed
ledger of Azure Confidential Ledger and the consolidated data store of Azure
SQL Database ledger.  These solutions empower our customers to apply the
power of blockchain to sensitive data, simplifying solution development,
reducing cost and providing a new level of digital trust to transactions.


Deciding which technology is best for your needs ultimately depends on the
level of trust between parties transacting with the data, and the type of data
being protected.  In addition to the points mentioned above, consider the
following when deciding whether Azure SQL Database ledger or Azure Confidential
Ledger is right for you.



  • Read the Azure Confidential Ledger announcement blog and documentation to learn more about how this new
    service is empowering our customers and securing their work.
  • Read the Azure SQL Database ledger documentation and whitepaper to
    learn more about how the ledger feature works and how to use it with your
    Azure SQL Database.