Update-AzRecoveryServicesVault
Updates MSIdentity to the recovery services vault.
Syntax
Update-AzRecoveryServicesVault
[-ResourceGroupName] <String>
[-Name] <String>
[-IdentityId <String[]>]
[-RemoveUserAssigned]
[-RemoveSystemAssigned]
[-DisableClassicAlerts <Boolean>]
[-DisableAzureMonitorAlertsForJobFailure <Boolean>]
[-PublicNetworkAccess <PublicNetworkAccess>]
[-ImmutabilityState <ImmutabilityState>]
[-CrossSubscriptionRestoreState <CrossSubscriptionRestoreState>]
[-DefaultProfile <IAzureContextContainer>]
[-Token <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzRecoveryServicesVault
[-ResourceGroupName] <String>
[-Name] <String>
-IdentityType <MSIdentity>
[-IdentityId <String[]>]
[-DisableClassicAlerts <Boolean>]
[-DisableAzureMonitorAlertsForJobFailure <Boolean>]
[-PublicNetworkAccess <PublicNetworkAccess>]
[-ImmutabilityState <ImmutabilityState>]
[-CrossSubscriptionRestoreState <CrossSubscriptionRestoreState>]
[-DefaultProfile <IAzureContextContainer>]
[-Token <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
This cmdlet is used to add or remove the MSI from the recovery services vault. Use -IdentityType param to add a SystemAssigned/UserAssigned identity to the RSVault. Use RemoveSystemAssigned/RemoveUserAssigned switch to remove the MSI from the vault.
Examples
Example 1: Add SystemAssigned identity to the recovery services vault
Update-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName" -IdentityType SystemAssignedThis cmdlet is used to add a SystemAssigned identity to a recovery services vault.
Example 2: Add UserAssigned identity to the recovery services vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$identity1 = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroupName" -Name "UserIdentity1"
$identity2 = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroupName" -Name "UserIdentity2"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -IdentityType UserAssigned -IdentityId $identity1.Id, $identity2.Id
$updatedVault.Identity | Format-List
PrincipalId :
TenantId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Type : UserAssigned
UserAssignedIdentities : {[/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserIdentity1,
Microsoft.Azure.Management.RecoveryServices.Models.UserIdentity],
[/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserIdentity2,
Microsoft.Azure.Management.RecoveryServices.Models.UserIdentity]}The first cmdlet fetches the recovery services vault. The second and third cmdlet fetches the user created MSIs. The fourth cmdlet adds the user MSIs to the vault. The fifth cmdlet shows the Identities added to the vault.
Example 3: Remove SystemAssigned and UserAssigned identities from the vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -RemoveSystemAssigned
$AllUserIdentities = $vault.Identity.UserAssignedIdentities.Keys | ForEach-Object {$_}
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -RemoveUserAssigned -IdentityId $AllUserIdentities
$updatedVault.Identity | Format-List
PrincipalId :
TenantId :
Type : None
UserAssignedIdentities :The first cmdlet fetches the recovery services vault. The second cmdlet removes the SystemAssigned identity from the vault. The third cmdlet fetches all the user MSIs as a list from the vault. The fourth cmdlet removes all the user MSIs from the vault. In case you want, you can provide selected user identities to be removed as comma separated, like in previous example. The fifth cmdlet shows the identities in the vault, as we removed all the identites, Type is displayed as None.
Example 4: Update PublicNetworkAccess, ImmutabilityState of recovery services vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -PublicNetworkAccess "Disabled" -ImmutabilityState "Unlocked"
$updatedVault.Properties.PublicNetworkAccess
$updatedVault.Properties.ImmutabilitySettings.ImmutabilityState
Disabled
UnlockedThe first cmdlet fetches the recovery services vault. The second cmdlet updates PublicNetworkAccess, ImmutabilityState properties of the recovery services vault. The third and fourth command are used to fetch the public network access and immutability state of the vault.
Example 5: Enable/Disable CrossSubscriptionRestore for recovery services vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -CrossSubscriptionRestoreState Disabled
$updatedVault.Properties.RestoreSettings.CrossSubscriptionRestoreSettings.CrossSubscriptionRestoreState
DisabledThe first cmdlet fetches the recovery services vault. The second cmdlet updates CrossSubscriptionRestoreState of the recovery services vault. The third command gets the cross subscription restore state of the vault.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CrossSubscriptionRestoreState
Cross subscription restore state of the vault. Allowed values are "Enabled", "Disabled", "PermanentlyDisabled".
| Type: | Nullable<T>[CrossSubscriptionRestoreState] |
| Accepted values: | Enabled, Disabled, PermanentlyDisabled |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableAzureMonitorAlertsForJobFailure
Boolean paramter to specify whether built-in Azure Monitor alerts should be received for every job failure.
| Type: | Nullable<T>[Boolean] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableClassicAlerts
Boolean paramter to specify whether backup alerts from the classic solution should be disabled or enabled.
| Type: | Nullable<T>[Boolean] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IdentityId
ARM Ids of the UserAssigned Identity to be added/removed. This is a comma separated list of Identity Ids.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IdentityType
The MSI type assigned to Recovery Services Vault.
| Type: | MSIdentity |
| Accepted values: | SystemAssigned, None, UserAssigned |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ImmutabilityState
Immutability State of the vault. Allowed values are "Disabled", "Unlocked", "Locked". Unlocked means Enabled and can be changed, Locked means Enabled and can't be changed.
| Type: | Nullable<T>[ImmutabilityState] |
| Accepted values: | Disabled, Unlocked, Locked |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies the name of the recovery services vault to update.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PublicNetworkAccess
Parameter to Enable/Disable public network access of the vault. This setting is useful with Private Endpoints.
| Type: | Nullable<T>[PublicNetworkAccess] |
| Accepted values: | Enabled, Disabled |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveSystemAssigned
Provide this switch to remove SystemAssigned Identity from the vault.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveUserAssigned
Provide this switch to remove UserAssigned Identity from the vault. Also, provide IdenityId parameter along with this switch.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
Specifies the name of the Azure resource group where recovery services vault is present.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Token
Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").Token to fetch authorization token for different tenant
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Outputs
Azure PowerShell