In step 1 to step 5, we navigated to the location where we can manage the encryption key.
In step 6 to step 9, we created a new key, protected it with a password, and confirmed that we want to change the key.
Finally, in step 10 we downloaded the key.
Make sure you backup your key in a secure location as Microsoft will not have access to the key or to the encrypted data anymore.
By following these 10 steps you will have encrypted your data at rest with a key that you manage. Any existing or newly created data will be encrypted from then onward.
It is important to understand the risks associated with encryption keys. A malicious administrator can potentially render an instance unusable by encrypting it, locking it, and deleting the encryption key. Luckily the encryption takes 72 hours to complete giving you a window to roll back before any damage is caused. For more details read the TechNet article at https://technet.microsoft.com/en-us/library/mt492471.aspx#KM_risk.