Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Cloud
    • Security
Azure icon
Labs

Enabling Always Encrypted in Azure SQL

You are assuming the role of a cloud data engineer. You’ve been asked to ensure customer data is always encrypted at rest. Staff such as administrators and backup operators should not have access to customer data, even when using tools like SQL Server Management Studio. The unencrypted data should only be available to the application. In this hands-on lab, you will create an Azure SQL database and an Azure Key Vault, encrypt data using SQL Server Management Studio (SSMS), and view encryption results.

Azure icon
Lab platform
Lab Info
Level
Advanced
Last updated
Sep 24, 2025
Duration
45m

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
Table of Contents
  1. Challenge

    Create a SQL Server and SQL Database

    Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

    1. Create a single SQL database.
      • The database name can be anything (sampleDB1, in this example).
    2. Create a new server.
      • The server name can be anything unique (sqlsvr#####, in this example).

        Note: It's recommended to append a random five- or six-digit number at the end of the server name.

      • The username and password for the virtual machine can be used for the server admin.
      • Ensure Allow Azure services to access server is checked.
      • Change Compute + storage to Standard, 200 DTUs (or a Standard S04 server).
      • On the Additional settings screen:
        • Under Data Source, select Sample.
        • Set Enable Advanced Data Security to Not now.
  2. Challenge

    Create an Azure Key Vault

    Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

    1. Create an Azure Key Vault.
      • The key vault name can be anything unique (kv#####, in this example).

        Note: It's recommended to append a random five- or six-digit number at the end of the vault name.

    2. On the Access policy screen, in the Key Permissions column, select all permissions except for Purge, Release, Rotate, Get Rotation Policy, and Set Rotation Policy for the logged-in lab user.
  3. Challenge

    Use RDP to Connect to the Virtual Machine
    1. Download and install an RDP client.

    2. In the Azure portal, browse to the VM and take down the public IP address of the server from the Overview tab in the server blade, or use the details from the lab.

    3. Connect to the server via RDP and log in using the credentials provided.

    4. On the virtual machine, use the Internet Options to lower the security of IE or install Microsoft Edge, and set it as the default browser. (The two options work around a bug when using the encryption wizard later.)

  4. Challenge

    Connect to SQL Server and Encrypt Some Data
    1. Connect to SQL Server.
    2. Change the Authentication type to SQL Server Authentication.
    3. Connect using the credentials provided earlier.

      Note: If you are prompted to log in to Azure, use the provided lab credentials.

    4. Browse to Databases > sampledb1 > Tables > and right-click on SalesLT.Customer.
    5. Select Encrypt Columns.
    6. Enable Always Encrypted via the wizard.
    7. Select the FirstName, MiddleName, and LastName columns, and set all three to use Deterministic encryption.
    8. Store the key in Azure Key Vault (log in with the Azure lab credentials).
About the author

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight