When you creating the dls, you need to pass the parameters as below. Otherwise, it creates the dls with Service managed encryption, i.e. -Encryption ServiceManaged.
New-AzDataLakeStoreAccount -ResourceGroupName <RG-name> -Name joydls -Location "East US 2" -Encryption UserManaged -KeyVaultId "<keyvault-resource-id>" -KeyName "testkey" -KeyVersion "444243d9xxxx8db2303d1"
To enable a user managed Key Vault for encryption, the service principal created automatically along with your dls needs the permission to access the key in your keyvault, so we need to configure the access policy for the service principal, run the command below after creating the dls, then it will work fine.
$ObjectId = (Get-AzDataLakeStoreAccount -ResourceGroupName <RG-name> -Name joydls).Identity.PrincipalId
Set-AzKeyVaultAccessPolicy -ResourceGroupName <RG-name> -VaultName joykeyvault -ObjectId $ObjectId -PermissionsToKeys encrypt,decrypt,get
Enable-AzDataLakeStoreKeyVault -Name "joydls"
Check in the portal:
Besides, I notice you are using the new Az module mixed with the old AzureRm, please don't do this, sometimes it will cause an error, I recommend you to just use the Az module Enable-AzDataLakeStoreKeyVault, because the AzureRm module has been deprecated and will not be updated.