All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Labs icon Lab
  • Cloud
  • Security
Azure icon
Labs

Enabling Always Encrypted in Azure SQL

You are assuming the role of a cloud data engineer. You’ve been asked to ensure customer data is always encrypted at rest. Staff such as administrators and backup operators should not have access to customer data, even when using tools like SQL Server Management Studio. The unencrypted data should only be available to the application. In this hands-on lab, you will create an Azure SQL database and an Azure Key Vault, encrypt data using SQL Server Management Studio (SSMS), and view encryption results.

Get started Contact sales
Azure icon
Labs

Path Info

Level
Clock icon Advanced
Duration
Clock icon 45m
Last updated
Clock icon Sep 03, 2025

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create a SQL Server and SQL Database

    Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

    1. Create a single SQL database.
      • The database name can be anything (sampleDB1, in this example).
    2. Create a new server.
      • The server name can be anything unique (sqlsvr#####, in this example).

        Note: It's recommended to append a random five- or six-digit number at the end of the server name.

      • The username and password for the virtual machine can be used for the server admin.
      • Ensure Allow Azure services to access server is checked.
      • Change Compute + storage to Standard, 200 DTUs (or a Standard S04 server).
      • On the Additional settings screen:
        • Under Data Source, select Sample.
        • Set Enable Advanced Data Security to Not now.

  2. Challenge

    Create an Azure Key Vault

    Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

    1. Create an Azure Key Vault.
      • The key vault name can be anything unique (kv#####, in this example).

        Note: It's recommended to append a random five- or six-digit number at the end of the vault name.

    2. On the Access policy screen, in the Key Permissions column, select all permissions except for Purge, Release, Rotate, Get Rotation Policy, and Set Rotation Policy for the logged-in lab user.

  3. Challenge

    Use RDP to Connect to the Virtual Machine

    1. Download and install an RDP client.

    2. In the Azure portal, browse to the VM and take down the public IP address of the server from the Overview tab in the server blade, or use the details from the lab.

    3. Connect to the server via RDP and log in using the credentials provided.

    4. On the virtual machine, use the Internet Options to lower the security of IE or install Microsoft Edge, and set it as the default browser. (The two options work around a bug when using the encryption wizard later.)

  4. Challenge

    Connect to SQL Server and Encrypt Some Data

    1. Connect to SQL Server.
    2. Change the Authentication type to SQL Server Authentication.
    3. Connect using the credentials provided earlier.

      Note: If you are prompted to log in to Azure, use the provided lab credentials.

    4. Browse to Databases > sampledb1 > Tables > and right-click on SalesLT.Customer.
    5. Select Encrypt Columns.
    6. Enable Always Encrypted via the wizard.
    7. Select the FirstName, MiddleName, and LastName columns, and set all three to use Deterministic encryption.
    8. Store the key in Azure Key Vault (log in with the Azure lab credentials).
Pluralsight Skills - Labs - Pluralsight
Author
Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.
Ready to get started?
View individual plans View team plans