Encryption scopes enable you to provision multiple encryption keys to manage encryption at the container or blob level. Customers and ISVs can now use a single storage account for multi-tenancy scenarios by provisioning separate encryption keys for each customer. The key that protects an encryption scope may be either a Microsoft-managed key or a customer-managed key in Azure Key Vault.
Source: Microsoft Azure – aggiornamenti