Update-AzDataProtectionBackupVault
Update a BackupVault resource belonging to a resource group.
Syntax
UpdateExpanded (Default)
Update-AzDataProtectionBackupVault
-ResourceGroupName <String>
-VaultName <String>
[-Token <String>]
[-AzureMonitorAlertsForAllJobFailure <String>]
[-CrossRegionRestoreState <String>]
[-CrossSubscriptionRestoreState <String>]
[-EnableSystemAssignedIdentity <Boolean>]
[-ImmutabilityState <String>]
[-ResourceGuardOperationRequest <String[]>]
[-SoftDeleteRetentionDurationInDay <Double>]
[-SoftDeleteState <String>]
[-Tag <Hashtable>]
[-UserAssignedIdentity <String[]>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-SubscriptionId <String>]
[-CmkEncryptionState <String>]
[-CmkIdentityType <String>]
[-CmkUserAssignedIdentityId <String>]
[-CmkEncryptionKeyUri <String>]
[-SecureToken <SecureString>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityExpanded
Update-AzDataProtectionBackupVault
-InputObject <IDataProtectionIdentity>
[-Token <String>]
[-XmsDeletedVaultId <String>]
[-AzureMonitorAlertsForAllJobFailure <String>]
[-CrossRegionRestoreState <String>]
[-CrossSubscriptionRestoreState <String>]
[-ETag <String>]
[-EnableSystemAssignedIdentity <Boolean>]
[-EncryptionSetting <IEncryptionSettings>]
[-ImmutabilityState <String>]
[-ReplicatedRegion <String[]>]
[-ResourceGuardOperationRequest <String[]>]
[-SoftDeleteRetentionDurationInDay <Double>]
[-SoftDeleteState <String>]
[-StorageSetting <IStorageSetting[]>]
[-Tag <Hashtable>]
[-UserAssignedIdentity <String[]>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Update a BackupVault resource belonging to a resource group.
Examples
$tag = @{"Owner"="sarath";"Purpose"="AzureBackupTesting"}
Update-AzDataProtectionBackupVault -SubscriptionId "xxx-xxx-xxx" -ResourceGroupName sarath-rg -VaultName sarath-vault -Tag $tag
ETag IdentityPrincipalId IdentityTenantId IdentityType Location Name Type
---- ------------------- ---------------- ------------ -------- ---- ----
2ca1d5f7-38b3-4b61-aa45-8147d7e0edbc 72f988bf-86f1-41af-91ab-2d7cd011db47 SystemAssigned centraluseuap sarath-vault Microsoft.DataProtection/backupVaults
The first command creates a new tag hashtable with tags and their values.
The second command adds the given tags to the backup vault.
Example 2: Disable Azure monitor alerts for job failures
Update-AzDataProtectionBackupVault -ResourceGroupName "rgName" -VaultName "vaultName" -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -AzureMonitorAlertsForAllJobFailure 'Disabled'
Name Location Type IdentityType
---- -------- ---- ------------
vaultName southeastasia Microsoft.DataProtection/backupVaults SystemAssigned
This command disables the monitor alerts for all the job failures for the backup vault.
Allowed values are: Enabled, Disabled.
Note that by default this setting is enabled.
Example 3: Update vault ImmutabilityState, CrossSubscriptionRestoreState, soft delete settings
Update-AzDataProtectionBackupVault -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -CrossSubscriptionRestoreState Disabled -ImmutabilityState Disabled -SoftDeleteRetentionDurationInDay 99 -SoftDeleteState Off
Name Location Type IdentityType
---- -------- ---- ------------
vaultName southeastasia Microsoft.DataProtection/backupVaults SystemAssigned
This command is used to modify Immutability state, cross subscription restore state, soft delete settings of the vault.
These parameters are optional and can be used independently.
Example 4: Update vault CmkIdentityType from UserAssignedManagedIdentity to SystemAssignedManagedIdentity and CmkEncryptionKeyUri
$cmkKeyUri = "https://samplekvazbckp.vault.azure.net/keys/testkey/3cd5235ad6ac4c11b40a6f35444bcbe1"
Update-AzDataProtectionBackupVault -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -CmkIdentityType SystemAssigned -CmkEncryptionKeyUri $cmkKeyUri
Name Location Type IdentityType
---- -------- ---- ------------
vaultName southeastasia Microsoft.DataProtection/backupVaults SystemAssigned
This command is used to modify CmkIdentityType and CmkEncryptionKeyUri.
These parameters are optional and can be used independently.
Example 5: Update vault CmkIdentityType from SystemAssignedManagedIdentity to UserAssignedManagedIdentity
$cmkIdentityId = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami"
Update-AzDataProtectionBackupVault -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -CmkIdentityType UserAssigned -CmkUserAssignedIdentityId $cmkIdentityId
Name Location Type IdentityType
---- -------- ---- ------------
vaultName southeastasia Microsoft.DataProtection/backupVaults UserAssigned
This command is used to change CmkIdentityType from SystemAssigned to UserAssgined.
CmkIdenityId is a required parameter.
Example 6: Update vault to assign a User Assigned Managed Identity (UAMI)
$UAMI = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/userAssignedIdentityName"
$vault = Update-AzDataProtectionBackupVault -EnableSystemAssignedIdentity -UserAssignedIdentity $UAMI -SubscriptionId "00000000-0000-0000-0000-000000000000" -VaultName "vaultName" -ResourceGroupName "resourceGroupName"
Name Location Type IdentityType
---- -------- ---- ------------
vaultName southeastasia Microsoft.DataProtection/backupVaults SystemAssigned, UserAssigned
First, define the User Assigned Managed Identity (UAMI) ARM resource ID.
Next, use the Update-AzDataProtectionBackupVault cmdlet to assign the UAMI to the backup vault while keeping the System Assigned Managed Identity.
The -EnableSystemAssignedIdentity switch enables the system-assigned identity, and the -UserAssignedIdentity parameter specifies the user-assigned identity to associate with the vault.
Parameters
-AsJob
Run the command as a job
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AzureMonitorAlertsForAllJobFailure
Parameter to Enable or Disable built-in azure monitor alerts for job failures.
Security alerts cannot be disabled.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CmkEncryptionKeyUri
The Key URI of the CMK key to be used for encryption.
To enable auto-rotation of keys, exclude the version component from the Key URI.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CmkEncryptionState
Enable CMK encryption state for a Backup Vault.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CmkIdentityType
The identity type to be used for CMK encryption - SystemAssigned or UserAssigned Identity.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CmkUserAssignedIdentityId
This parameter is required if the identity type is UserAssigned.
Add the user assigned managed identity id to be used which has access permissions to the Key Vault.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CrossRegionRestoreState
Cross region restore state of the vault.
Allowed values are Disabled, Enabled.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CrossSubscriptionRestoreState
Cross subscription restore state of the vault.
Allowed values are Disabled, Enabled, PermanentlyDisabled.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnableSystemAssignedIdentity
Determines whether to enable a system-assigned identity for the resource.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EncryptionSetting
Customer Managed Key details of the resource.
Parameter properties
Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.IEncryptionSettings
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateViaIdentityExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ETag
Optional ETag.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateViaIdentityExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ImmutabilityState
Immutability state of the vault.
Allowed values are Disabled, Unlocked, Locked.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Identity Parameter
UpdateViaIdentityExpanded
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-NoWait
Run the command asynchronously
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ReplicatedRegion
List of replicated regions for Backup Vault
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateViaIdentityExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
The name of the resource group.
The name is case insensitive.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGuardOperationRequest
Resource guard operation request in the format similar to <ResourceGuard-ARMID>/<operation>/default.
Use this parameter when the operation is MUA protected.
Supported operations include dppReduceImmutabilityStateRequests, dppReduceSoftDeleteSecurityRequests, and dppModifyEncryptionSettingsRequests.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SecureToken
Parameter to authorize operations protected by cross tenant resource guard.
Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch authorization token for different tenant.
Parameter properties
Type: SecureString
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SoftDeleteRetentionDurationInDay
Soft delete retention duration in days.
Parameter properties
Type: Double
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SoftDeleteState
Soft delete state of the vault.
Allowed values are Off, On, AlwaysOn.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-StorageSetting
Storage Settings
Parameter properties
Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.IStorageSetting [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateViaIdentityExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubscriptionId
The ID of the target subscription.
The value must be an UUID.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Tag
Resource tags.
Parameter properties
Type: Hashtable
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Token
Parameter deprecate.
Please use SecureToken instead.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-UserAssignedIdentity
The array of user assigned identities associated with the resource.
The elements in array will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.'
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-VaultName
The name of the backup vault.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-XmsDeletedVaultId
The ID of the deleted backup vault to restore from during undelete flow.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateViaIdentityExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.IBackupVaultResource
