{AzureComputeVm} uses disks not encrypted with customer managed key (CMK). Encrypting the VM's OS disk (boot volume), Data disks (non-boot volume) ensures that the entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads. Encryption with customer managed key (CMK) is superior encryption although requires additional planning. Using customer managed keys may provide an additional level of security or meet an organization's regulatory requirements. By default, Azure disks are encrypted using SSE with PMK.