There is quite some confusion going on about the device encryption on Windows Phone 8.1!
Early WP 8 documents were telling that all devices are encrypted automatically, but this is unfortunately not true!
If You buy a Windows Phone 8/8.1 phone, it is not encrypted. The encryption cannot be activated on the device itself, instead it must be activated either via an Exchange Active Sync mailbox policy or an MDM system. The encryption happens automatically, when a user is connecting to Exchange Server or O365 mailbox with a policy set for encryption, or when the device is managed by an MDM system such as Intune/SCCM, MobileIron, etc.. These allow to turn on encryption, as well.
Do not expect to get a prompt or anything like this, just the policies are applied and then device then is encrypted.
On WP 8.1 phones one can check this via the Storage Sense app. If it shows storage encrypted there, the internal phone storage has been secured.
Attention: The encryption of a device is non-reversible! This is a one way ticket.
Can all Windows 8/8.1 phones be encrypted?
Well I have not checked all of them, but at least for the Nokia Lumia family, encryption is supported throughout all devices, even on low-end devices such as the Lumia 520.
Happy ciphering! :-)