There are several ways to secure Azure Key Vault’s Data Plane.

If you have configured it to be secured via Access Policies, often time it is advisable to audit the assignment at regular interval to ensure that no unwanted user has been assigned access to your key vault.

You can simply call this PowerShell script to get list of all access policies over a key vault.

(Get-AzKeyVault -VaultName $KV.VaultName).AccessPolicies

Additionally, you can loop thru all key vaults in a subscription and do the same

Set-AzContext -Subscription $Subscription.Name
$AllKVs = Get-AzKeyVault
foreach ($KV in $AllKVs ) {
    $APs = (Get-AzKeyVault -VaultName $KV.VaultName).AccessPolicies
    $KVVaultName = $KV.VaultName
    $p = "C:\access-policies\keyvault-" + $KVVaultName + ".csv"
    $APs | Export-Csv -Path $p
}

Finally, in addition to that, you can run a script to iterate over all key vaults over all subscriptions.

Connect-azaccount

function GetAKVAccessPolicies([object] $Subscription) {
    Set-AzContext -Subscription $Subscription.Name
    $AllKVs = Get-AzKeyVault
    foreach ($KV in $AllKVs ) {
        $APs = (Get-AzKeyVault -VaultName $KV.VaultName).AccessPolicies | Select-Object *
        $KVVaultName = $KV.VaultName
        $p = "C:\access-policies\keyvault-" + $KVVaultName + ".csv"
        $APs | Export-Csv -Path $p -NoTypeInformation
    }
}

#Get eligible subscription list
$SubsWithPermission =  Get-AzSubscription 
 
# Iterate over all subscriptions and all AKV
foreach ($sub in $SubsWithPermission) {
 
    GetAKVAccessPolicies -Subscription $sub
}