By default, when you create a new key vault, the Azure Key Vault firewall is disabled. It's possible to enable public access to your Key vault from trusted sources only, using Firewall and virtual networks rules.
Recommended Mitigation
It is recommended to review the Key vault network configuration and limit the access to trusted networks and/or IP addresses only.