Professional Level

Enabling Encryption in Azure SQL

Pricing
1.25 hours
  • 4 Learning Objectives

About this Hands-on Lab

Part of what defines a modern cloud engineer’s role is privacy concerns. Between the GDPR and the various US states’ attempts to govern PII, it has become more and more important that we understand how to secure data. In this hands-on lab, students will employ one of the most important and common data at rest protection mechanisms — Always Encrypted SQL data. We will build a SQL server and populate a database with sample data. Then, we’ll connect and encrypt a targeted portion of that data.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Use RDP to Connect to the Virtual Machine and Install SQL Server Management Studio

Use the Remote Desktop client (available from Microsoft for Windows clients natively and Mac clients here).

  1. Connect to the server via RDP, logging in with the provided lab credentials.
  2. Browse to this link and download SSMS.
Connect to the SQL Server
  1. In the Azure portal, click the provisioned SQL server to open it.
  2. In Overview, copy the server name to the clipboard.
  3. Connect to the SQL server using the following values, replacing <SERVER_NAME> with your unique name copied from Azure:
    • Server type: Database Engine
    • Server name: <SERVER_NAME> (example: 5x4a345oyk6ya.database.windows.net)
    • Authentication: SQL Server Authentication
    • Login: acguser
    • Password: <SERVER_NAME>! (example: 5x4a345oyk6ya!)
Create an Azure Key Vault

In the Azure portal, create an Azure vault using the following values:

  • Resource group: Existing resource group
  • Key vault name: samplevault491512
  • Region: Region where the resource group is located
    1. Leave the rest as their defaults and click Next: Access policy.
    2. In Key Permissions, ensure the following operations are not selected for the logged-in lab user:
      Purge, Release, Rotate, Get Rotation Policy, and Set Rotation Policy
    3. Click Review + create > Create.
Encrypt Some Data
  1. Return to the Remote Desktop client.
  2. In Object Explorer to the left, click Databases > SampleDB > Tables > SalesLT.Customer.
  3. Right-click on SalesLT.Customer and click Encrypt Columns.
  4. Click Next.
  5. In Column Selection, select FirstName, MiddleName, and LastName.
  6. In Encryption Type, select Deterministic for all three columns.
  7. Click Next.
  8. In Master Key Configuration, select Azure Key Vault and click Sign In.
  9. Sign in using the provided lab credentials.
  10. Click Next > Next > Finish.
  11. Sign in to the Azure account again.
Contact SalesSee Pricing

Additional Resources

In this lab, we will take on the role of a cloud security engineer for the company Mythical Corp. We have been tasked with validating that existing data in Azure SQL can be, in a granular fashion, encrypted. We are required to ensure access to this data going forward, and we are required to ensure future data added to the database tables in concern is also encrypted. Lastly, we must complete all of these tasks from the cloud itself.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization