Explanation
Graphical user interface, text, application, email Description automatically generated

Box 1: extensions
Azure Disk Encryption can be enabled via Azure PowerShell or Azure CLI. That is normally seen in remediation. In a real-world scenario you would like to see a virtual machine during its creation include disk encryption process. This is technically possible thanks to Disk Encryption VM extension.
Box 2: AzureDiskEncryption
Example:
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(parameters('vmName'),'/diskEncryption')]",
"apiVersion": "2019-03-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
],
"properties": {
"publisher": "Microsoft.Azure.Security",
"type": "AzureDiskEncryption",
Reference:
https://azsec.azurewebsites.net/2019/12/28/azure-disk-encryption-arm-template-for-windows-vm/