Hi everyone. I did not know how to answer these questions so maybe some of you have experiences with encryption.
1. The wording is quite difficult. Is Service-side enryption = Storage Service Encryption? Both use the SSE.
2. In the constraints i saw "Managed disks encrypted using customer-managed keys cannot also be encrypted with Azure Disk Encryption.". Why that? As i know, SSE with CMK and ADE are not same things, right?
3. The abbreviation KEK is confusing. I thought that's what is used in SSE (the CMK) respectively during ADE (when I add a key to the key vault and use it for the disk encryption). Now i saw there is in premium key vault the option "KEK for BYOK". Whats the difference, what is the KEK now? For what do i need that KEK for BYOK if i already have my KEK as i added key in key vault?
4. It is recommended to use a key in key vault for ADE?