Azure VM EncryptionAtRest: StorageServiceEncryption BYOK vs AzureDiskEncryption

I would like to ask anyone about target of change according to managed disk encryption within IaaS VMs at Azure using BYOK methods (see choices bellow).

Does anyone know whether ADE is still futured functionality, or MS aims to use SSE BYOK and ADE will be deprecated in future?? (Azure portal offer SSE BYOK by default)

There are more choices you have for example:

a) AzureDiskEncryption using BYOK

Documentation:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview

Support for ARM in all API versions (for example the last one 2019-12-01):

https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-03-01/virtualmachines

(you can use alternativelly also KEK functionality to encrypt BEK keys)

b) StorageServiceEncryption using BYOK

since 04/2020 GA:

https://www.google.com/url?q=https://azure.microsoft.com/en-us/updates/serverside-encryption-with-customermanaged-keys-is-now-available/&sa=D&source=calendar&ust=1602332435076000&usg=AOvVaw0QcAQ7YzN4aVfHNeXSpbCB

Documentation:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption

Support for ARM to API version since 2019-07-01 (so it is in 2019-07-01 and 2019-12-01):

https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-07-01/virtualmachines