To protect the privacy of the data that is being sent across the network, you can connect to Azure using a virtual private network (VPN). This VPN connection can create a private tunnel to access the data. 

• Azure VPN gateways: Azure VPN Gateway can be used to send encrypted traffic between virtual networks, and between virtual networks and on-premises locations across a public connection. 
• Site-to-site VPN: A site-to-site VPN uses IPSec for transport encryption. By default, Azure VPN Gateway uses a set of default proposals. Azure VPN Gateway can also be configured to use a custom IPsec/IKE policy with specific cryptographic algorithms and key strengths.

This can be used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. It is required for this type of connection to have an on-premises VPN device in place that has an external-facing public IP address assigned to it.

• Point-to-site VPN: By using a point-to-site VPN, individual client computers are allowed to access the Azure virtual network. The Secure Socket Tunneling Protocol (SSTP) is used to create the VPN tunnel. For connectivity, you can use your own internal public key infrastructure (PKI) root certificate authority (CA).
• Data Lake: The Data Lake Store encrypts the data in transit by default. Data in transit is secured by an HTTPS connection. This is the only protocol that is supported by the Data Lake Store REST interfaces.

This concludes this section. In the next section, we are going to cover how to encrypt data with Always Encrypted.