I can see in my key vault that there is the BEK under [secrets] section inside the vault. Which makes sense, as this is the actual key used to do the symmetric disk encryption.
Now, I want to use the KEK as well to wrap the symmetric key. To do that, I will go to key vault, create a KEY, which will create an RSA Asymmetric key under the [Key] section inside the key vault. Now I run this command to encrypt a drive in a VM specifying KEK.