Currently the provider 'Microsoft.KeyVault.Data' only supports built-in policies provided by Microsoft so if you try and create a custom policy using this provider it will be denied. I tested myself today and received this portal error:
There's a statement on Microsoft Docs relating to RPs and supported definitions below:
Unless explicitly stated, Resource Provider modes only support built-in policy definitions, and exemptions are not supported at the component-level.