Dynamic data deidentification (dynamic data masking enhancement)
Existing data masking feature has limitation - when query is executed it compares the data to actual value stored in row. This allows brut force attack on dynamically data masked column to output the actual record for the column which is attacked. Even though presented column will display masked number but attacker knows the original value of that field.
Instead of comparing the original value stored inside the database, if feature allows me with trace flag or any other way to compare data to masked value. It will result in completely unknown records and attacker will not be able to identify the actual data.
This enhancement to dynamic data masking allows to be implemented in non-production or reporting environment with no code change, no large amount of data updates at stored values on large databases in seconds with just applying policies and it will also meet many of the security requirements for the data.
Other options are static data masking & always encrypted but they all require lot more configuration, processing time to update and change the date which stored at database layer.
That would be amazing if they could get this working and we would not have to look into a third party tool with never ending fees.