Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15

Video Transcription

00:00
Hello, Siberians. Welcome to Lesson 2.4. Off model to off This course titled Is a Trees Over one Microsoft Azure Actiq Design. Yeah, the tasks that will cover in this demo
00:13
so we'll start out by creating on azure Key Vote resource in the Nigel region.
00:19
Then we'll configure the advance access policy toe allow as your disk encryption to be able to use this key vote recess.
00:27
What then? Generate an encryption key within the key. Vote with us,
00:31
after which would enable as your disk encryption
00:34
and finally well reviewed the encryption status off our virtual machine.
00:40
So here's official representation of what my environments looks like. I haven't and as a virtual mission called as your wind VM
00:48
there has to this attached to hit
00:51
on. Always. Disk on a data disk on Dhe will be encrypted, but this using keys that will be start in an azure key vote resource.
00:59
So let's walk through our tasks.
01:03
Task number one will create an azure key vote resource
01:07
and has a visual representation of what well between.
01:10
So I was signed into the azure Pato and are we creating an azure key? What resource? Let's get on with that.
01:17
So here I am in the azure Pato. I go ahead and go on the home. I click on, Create a resource, and I type in key vote.
01:27
I click on key votes on I Click on Create.
01:33
This gives me the options to specify the parameters for Mikey about resource. I can specify every source scope for that. I have an existence research group called Cyber Every Lesson, too. So go ahead and select that.
01:47
I'm gonna have to specify in them for the key votes. So let's go ahead and call this
01:55
so cyber UK self key vote.
01:59
How'd in quiet and specify the region? Why wants to put this give out free sourcing? I can specify the price into which can either be standard a premium are quiet and leave it a standard for now
02:08
on dhe. I won't be making any other changes. I'll just go ahead and review and creates this key vote resource.
02:15
Let's click on create.
02:22
So this only takes a few seconds to create a CZ. You can see there is the resources now created. I can click on goto results, which takes me to my key vote resource So let's go to the rest off our tasks.
02:35
So in the second task, House sets the key vote advanced access policy to allow as your disk encryption.
02:44
So the reason why we need to do this is the azure disc. Encryption service needs to be able toe access the keys that I start in the key vote resource. So we need to give it access for an access policy. Let's go ahead and do that.
02:59
So why? Hey, I mean, my azure give out
03:02
on Dhe. If I scored on, I can see access policies here.
03:07
So that's where we can get grant access to the data plane. I click on access policies on at the top. Air this out what I referred to as the advance access policies. So where we can grant access toe setting as your resources or certainly just service is to be able to use this. Give also are wide and just pacify
03:25
as your disk encryption for volume encryption
03:29
and I'll go ahead and click on safe
03:32
handle. It takes a few seconds to complete. Now that that's completed, that's going with the rest of our tasks.
03:39
So the next task will be to generate an encryption key for disc encryption.
03:46
So what are we doing in this case is I'll be creating
03:49
something called a key encryption key.
03:52
So this is a key that can be used to wrap or protect a bit broken encryption keys so that they're not just start in a jockey vote in an unencrypted format.
04:00
So that's what I'm quiet and creates now.
04:03
So here I am in the azure Pato
04:06
our weight and click on keys.
04:10
Andi Consider they're currently no keys in this cave art resource. Our click on generates slash in parts on. I'll leave that sets to generate our gift is the name
04:20
disc encryption K K stand for key encryption key. I'll leave the type as ever, say undersize as to zero for eight on Our Guy Didn't we can create.
04:32
So then literally took about a second to create. So that's that step done.
04:39
So in the next task are quiet and enable as your disk encryption.
04:44
And there's a visual representation of Fort out between
04:46
the 1st 1 That out do is out. Go on the d'Azur virtual machine on our enable disc encryption for the disks off that virtual machine that's going to install an agent on the machine, which will be responsible for enabling bit locker and for the encryption process.
05:03
This wouldn't start the encryption key into the azure key vote resource. I'm gonna specify in this case they keep about resource that I created that I've been using on dhe that's going to start the bit look encryption key encrypted by the key encryption key into this key vote as secret.
05:23
So let's go ahead and do that.
05:26
I'm back to the edge of pot off. First of all, if I show you on the secrets that they're currently no secret present for this key vote resource.
05:34
So if I go back on the home and I go on the virtual machines,
05:39
I select my virtual machine
05:41
and I go on the disks.
05:44
Now if I go on the disk, if I select encryption,
05:46
I can specify which discs off this veteran mission. I want to encrypt. I want to increase reports. The always under data disks that currently attached are great and specify that our need to specify keep out
05:59
so in this case are great and select a key vote and keep for the encryption. So let's select that
06:04
I can select my key vote. I created Alia.
06:09
So, by the way, the key vote has to be in the same region as the virtual machine
06:14
Proglide and select the key that I created Elliot, the disc encryption key
06:18
on dhe. I'll just quiet and specify division, which is on the one that I have. From now on, I'll go ahead and select that
06:26
if I click on safe this week caused the virtual machine to restart on. If I quiet and click on yes,
06:32
the veteran mission is gonna be restarted, and then the encryption process was stat
06:38
our guide and post a recording. Once the encryption process as completed, we can quiet and review that.
06:46
So let's go to the final task in this lesson, which is to review the encryption status.
06:51
So if I go back to the azure, Pado can see my virtual machine as successfully restarted and it's currently showing his running.
07:00
I'm logged into the veteran mission very out they pee. I'm in the control panel. If I click on system and security on, if I click on bit, look at Dr Encryption, you can see that bit look, encryption is currently enabled for my operating system. Drive on also for my data drives, including the
07:17
attached data disk.
07:21
If I now go over to the azure Pato on dhe, if I go back to
07:28
my key votes
07:30
on, if I select
07:32
secrets,
07:34
you can see that now I have two secret and one secret for each disc that's encrypted. If I click on that, you'll be able to reveal the tax. So if I click on the vision
07:46
you considered us six tags and within the tax, you can see that this is for Volume F on. That's the volume level on dhe for this virtual machine. So it's lives the tags in. That'll help us to identify
07:59
which key matches which volume and with virtual machine.
08:05
So that's it for this particular demo. Thanks very much for joining me, and I'll see you in the next lesson.

Up Next

AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor