Hi All,
Regarding VM encryption, i am aware that on vSAN you can select DITE and DARE whereby DARE encrypts the whole vSAN Datastore.
An alternative to this is VM encryption whereby you can encrypt individual VMs by changing the Storage Policy to the Encryption storage policy and apply to the VM or individual Disk.
Thanks,