@Rosenthal, Murray Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
What you mean by Full disk encryption?
The use of SSE + PMK entails encryption at the managed disk level, but the temporary disk and cache for the disks are not encrypted. The managed disk itself is encrypted. If you are aiming to encrypt the entire data path, then you need to enable encryption at the host. With this, we can ensure that the entire virtual machine is encrypted, including the temporary and cache.
Additional information
SSE with PMK (Server-Side Encryption with Customer-Provided Keys) is a method of encrypting data at rest in Azure Storage using a customer-provided encryption key. SSE with PMK encrypts the data at the server-side before it is written to disk, and the encryption key is managed by the customer.
While SSE with PMK provides a high level of security for data at rest, it is not equivalent to full disk encryption. Full disk encryption is a method of encrypting an entire disk or volume, including the operating system and all data stored on the disk. Full disk encryption provides a higher level of security than SSE with PMK because it encrypts the entire disk, including the operating system and all data stored on the disk.
SSE with PMK is a good option for encrypting data at rest in Azure Storage, but it is important to note that it only encrypts the data stored in Azure Storage and not the entire disk or volume. If you require full disk encryption, you may need to use a different encryption method, such as BitLocker for Windows or FileVault for macOS.
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.