If you moved your OneNote Notebooks to OneDrive or SharePoint then by default, all OneDrive files are already encrypted at rest and in transit.
Text from MS Support Site “How OneDrive safeguards your data in the cloud”
Protected in transit
When data transits into the service from clients, and between datacenters, it’s protected using transport layer security (TLS) encryption. We only permit secure access. We won’t allow authenticated connections over HTTP, but instead redirect to HTTPS.
Protected at rest
Physical protection: Only a limited number of essential personnel can gain access to datacenters. Their identities are verified with multiple factors of authentication including smart cards and biometrics. There are on-premises security officers, motion sensors, and video surveillance. Intrusion detection alerts monitor anomalous activity.
Network protection: The networks and identities are isolated from the Microsoft corporate network. Firewalls limit traffic into the environment from unauthorized locations.
Application security: Engineers who build features follow the security development lifecycle. Automated and manual analyses help identify possible vulnerabilities. The Microsoft Security Response Center helps triage incoming vulnerability reports and evaluate mitigations. Through the Microsoft Cloud Bug Bounty Terms, people across the world can earn money by reporting vulnerabilities.
Content protection: Each file is encrypted at rest with a unique AES256 key. These unique keys are encrypted with a set of master keys that are stored in Azure Key Vault.
The Windows Defender anti-malware engine scans documents at download time for content matching an AV signature (updated hourly).