All transactions with Azure Storage through the Azure portal take place over HTTPS. You can also use the storage REST API over HTTPS to interact with Azure Storage. When you call the REST API, you can enforce that the call is being made over HTTPS to access objects in storage accounts. To enforce this, you need to enable the secure transfer that's required for the storage account.

When you use shared access signatures to delegate access to Azure Storage objects, you can enable an option that only allows for the HTTPS protocol to be used when you use shared access signatures. This will ensure that links with SAS tokens use the proper protocol.

Azure Files uses Server Message Block (SMB) 3.0 encryption, which also supports encryption. It's available in Windows 8, Windows 8.1, Windows 10, and Windows Server 2012 R2. It allows cross-region access and even access on the desktop. 

The data is encrypted by client-side encryption before it is transferred to the Azure Storage instance, so the data is encrypted as it travels across the network.