You are designing a data protection strategy for Azure virtual machines. All the virtual machines are in the Standard tier and use managed disks.
You need to recommend a solution that meets the following requirements:
The use of encryption keys is audited.
All the data is encrypted at rest always.
You manage the encryption keys, not Microsoft.
What should you include in the recommendation?