Yes, activating whole device encryption is something done by your Exchange server or "mobile device management" administration -- it is not a user-selectable option. Those administrators can also set the screen timeout, pin length, and pin type (numeric only or full range of characters from the regular keyboard).
One of the unusual things about WP8 is that the SD card is read-only. This means that apps can read data from the card, but not copy things to it or modify what's there. Because it can't be written to, it can't be encrypted (which would need to read the existing data, encrypt it, and write it back). Because the card can't be encrypted, the Exchange Active Sync policy that requires card encryption fails on WP8 devices.
For you, assuming that you use Exchange, you can try to convince your admin to create a security policy for you (and other WP8 users) that turns on full device encryption while not requiring removable storage encryption. The work involved is fairly minimal. The risk to the business (let's pretend that it's one governed by strict data leakage laws, like medicine or finance) is that you'd have two devices, one WP8 and another that does have removable storage. Since the Exchange security policy is set per user rather than per device type, the new policy that you had set up could allow unencrypted data to leak out of the organization via the SD card on the non-WP8 device.
Microsoft can address this in different ways. It could have phone models that lack an SD slot "lie" to the server, saying that the card is encrypted and justifying it on the basis of there being no actual risk since there is no actual card. It could have all models "lie" to the server, saying that the card is encrypted when it isn't, justifying it on the basis of not creating a risk for data to "leak" from the phone to the outside world. It could create a new policy that says "force encryption on writeable removable card" and advise administrators to switch to that. I would go on, but won't.