Enabling Storage Service Encryption for an Azure Storage account in the portal is only a one click show.
As well with PowerShell it is very easy.
Set-AzureRmStorageAccount -ResourceGroupName "smt" -Name "azcdmdncloudwitness" -EnableEncryptionService Blob -Verbose
Currently there is no Azure Resource Manager QuickStart template available on GitHub for SSE. Therefore you have to dive into the ARM Storage schema with API version 2016-01-01.
So you have to add the following lines into the properties section of your Storage account description.
First you have the overall encryption section. In this section you are defining the key source and currently Microsoft.Storage is the only option available here. Then you are defining the different services and the only option here right now is blob. Under your service, you just have to set enabled to true or false, regarding what you want to use.
"properties": {
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": true
}
}
}
}
For more information about SSE have a look at the Q&A in the Azure documentation.
-> Frequently asked questions about Storage Service Encryption for Data at Rest