Azure Backup offers the ability to use your own encryption keys for securing backup data. This capability is supported for Recovery Services Vaults and is now extended for Backup Vaults. You can use Customer Managed Keys (CMK) when creating a new backup vault or update the encryption settings for an existing vault to use CMK. CMK for Backup Vaults is now available in Public Preview in specific Azure regions only, and will be rolled out to the remaining regions in the upcoming weeks.
Please refer to the documentation to learn more on encryption for Backup Vaults using customer managed keys.