MCS supports double encryption for Azure VM

With this feature, you can create a machine catalog of Azure VM with double encryption. Double encryption is essentially platform-side encryption (default) + customer managed encryption (CMEK). If you are a high-security customer who is concerned about the risk associated with any particular encryption algorithm, implementation, or key being compromised, you can now opt for an additional layer of encryption. This new layer can be applied to persistent OS and data disks, snapshots, and images.