Thank you for posting your query on Microsoft Q&A, from above description, I could understand that you have generated a certificate using Azure KeyVault with "Data Encipherment" flag, but when you merge the signed CSR with KeyVault request the signed certificate is missing the flag.
Please do correct me if this is not the case by responding in the comments section.
I tested this in my lab with request as follows:
Post merging the signed request the result certificate is missing other Key usage flag
Answer to your first question would be yes, the resulting signed Certificate may not include the "Data encipherment" flag anymore.
Despite the presence or absence of the "Data encipherment" flag in the signed certificate, decryption via the Azure Key Vault REST API using the private key associated with the certificate still works as it should because of the initially set "Data encipherment" key usage flag. This is because the "Data encipherment" flag is set on the private key in the Key Vault, not on the certificate itself.
Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.'
Thanks,
Akshay Kaushik