You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?
The storage account and the key vault must be in the same region and in the same Azure Active Directory (Azure AD) tenant, but they can be in different subscriptions. Storage1 is in the West US region. KeyVault1 is the only key vault in the same region. Reference: https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview
