@sakuraime Thank you for reaching out.
You should be able to retreive the details using Get-AzSqlInstanceTransparentDataEncryptionProtector
The process to add a Key in BYOK scenario involves configuring a KeyVault NetworkRuleSet and AccessPolicy, these steps are simplified into an easy to use script. Please check if you are following all the steps.
The process to rotate the TDE Keys is here
If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.