DRAG DROP Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016. You need to encrypt VM1 disks by using Azure Disk Encryption. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 
This looks right: create the Azure key vault, set access policies on it, then deploy the VM disk encryption extension. That way the extension has permissions to get the keys from the vault. Pretty sure that's the official process, but open to corrections.
- Create an Azure key vault → Configure access policies → Run Set-AzureRmVmDiskEncryptionExtension
