Hi,
Azure Kubernetes Service (AKS) now supports a new Azure policy to ensure OS and data disks are encrypted via customer managed keys. This feature enhances security by supporting the creation of a policy to audit the usage of customer managed keys on OS and data disks, or denying the creation of resources not using customer managed keys on OS and data disks.
AKS CMK Deny Policy: https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_CMK_Deny.json
Maxime.