In the Azure "Security Center" we are receiving several recommendations regarding our Cognitive Services "translate" (free tier) service including:
Cognitive Services accounts should enable data encryption
Cognitive Services accounts should use customer owned storage or enable data encryption
Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)
The instructions on how to remediate these issues talk about going to the "Encryption" option in the service, however this option is not present for us. Reading the https://docs.microsoft.com/en-us/azure/cognitive-services/translator/encrypt-data-at-rest article it states that "For subscriptions that only support Microsoft-managed encryption keys, you will not have an Encryption section", furthermore, it also sates "By default, your subscription uses Microsoft-managed encryption keys. If you are using a pricing tier that supports Customer-managed keys, you can see the encryption settings for your resource in the Encryption section of the Azure portal" suggesting that either (1) we have a subscription that does not support this or (2) the free tier does not support this. Furthermore, this page also states that encryption is enabled by default anyway ("Data is encrypted and decrypted using FIPS 140-2 compliant 256-bit AES encryption.").
So, to me the Security Center warnings are false positives or even invalid, is this correct?

