SSE & CMK +ADE

Possible.

SSE - By default, managed disks are encrypted with Azure Storage encryption, which uses server-side encryption (SSE) with a platform-managed key to protect the data on OS and data disks.  

CMK - SSE is comprised of several components and there are two choices when determining how encryption keys are managed. The two types are:

1. Platform Managed Keys (PMK) - This is the default offering and setting when you create a managed disk. When you navigate to a virtual machine, click on the Disks of the VM, you will notice that the Encryption header states: SSE with PMK
2. Customer Managed Keys (CMK) - CMK offers organizations that have the requirement to manage the encryption keys themselves the ability to bring their own keys to Key Vault (BYOK – Bring Your Own Key), or generate new ones, and use them to encrypt the desired resources. Server-side encryption for managed disks with customer-managed keys offers an integrated experience with Azure Key Vault. You can either import your RSA keys to your Key Vault or generate new RSA keys in Azure Key Vault. 

ADE - Any customer using Azure Infrastructure as a Service (IaaS) features can achieve encryption at rest for their IaaS VMs and disks through Azure Disk Encryption. All Azure Storage services (Blob storage, Queue storage, Table storage, and Azure Files) support server-side encryption at rest; some services additionally support customer-managed keys and client-side encryption.

• Server-side: All Azure Storage Services enable server-side encryption by default using service-managed keys, which is transparent to the application. For more information, see Azure Storage Service Encryption for Data at Rest. Azure Blob storage and Azure Files also support RSA 2048-bit customer-managed keys in Azure Key Vault. For more information, see Storage Service Encryption using customer-managed keys in Azure Key Vault.
• Client-side: Azure Blobs, Tables, and Queues support client-side encryption. When using client-side encryption, customers encrypt the data and upload the data as an encrypted blob. Key management is done by the customer. For more information, see Client-Side Encryption and Azure Key Vault for Microsoft Azure Storage.

 
Links
ADE- https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
SSE+CMK- https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption#automatic-key-rotation-of-customer-managed-keys-preview

Thanks for bringing this out. In fact ADE can still use "CMK" if key vault is used. 

The MS FAQ is useful too
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-faq

Does Azure Disk Encryption allow you to bring your own key (BYOK)?

Yes, you can supply your own key encryption keys. These keys are safeguarded in Azure Key Vault, which is the key store for Azure Disk Encryption. For more information on the key encryption keys support scenarios, see Creating and configuring a key vault for Azure Disk Encryption.

How do I rotate secrets or encryption keys?

To rotate secrets, just call the same command you used originally to enable disk encryption, specifying a different Key Vault. To rotate the key encryption key, call the same command you used originally to enable disk encryption, specifying the new key encryption.


https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview