Encryption at rest, on by default
All indexing includes encryption on the backend automatically with no measurable impact on indexing workloads or size. This applies to newly indexed documents only. For existing content, you have to re-index to gain encryption. Encryption status of any given index is not visible in the portal, nor available through the API. However, if you indexed after January 24, 2018, data is already encrypted.
Managed by Microsoft
In the context of Azure Search, all aspects of encryption, decryption, and key management are internal. You cannot turn it on or off, manage or substitute your own keys, or view encryption settings in the portal or programmatically. Internally, encryption is based on Azure Storage Service Encryption, using 256-bit AES encryption, one of the strongest block ciphers available.