Set-AzRecoveryServicesVaultProperty
Updates properties of a Vault.
Syntax
Set-AzRecoveryServicesVaultProperty
[-SoftDeleteFeatureState <String>]
[-DisableHybridBackupSecurityFeature <Boolean>]
[-VaultId <String>]
[-DefaultProfile <IAzureContextContainer>]
[-Token <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzRecoveryServicesVaultProperty
[-VaultId <String>]
[-DefaultProfile <IAzureContextContainer>]
-EncryptionKeyId <String>
[-KeyVaultSubscriptionId <String>]
[-InfrastructureEncryption]
[-UseSystemAssignedIdentity <Boolean>]
[-UserAssignedIdentity <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Set-AzRecoveryServicesVaultProperty cmdlet updates properties of a Recovery services vault. This cmdlet can be used to Enable/Disable/AlwaysON soft delete or set CMK encryption for a vault with two different parameter sets. SoftDeleteFeatureState property of a vault can be disabled only if there are no registered containers in the vault. InfrastructurEncryption can only be set the first time a user updates the CMK vault.
Examples
Example 1: Update SoftDeleteFeatureState of a vault
$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$props = Set-AzRecoveryServicesVaultProperty -VaultId $vault.Id -SoftDeleteFeatureState EnableThe first command gets a Vault object and then stores it in the $vault variable. The second command Updates the SoftDeleteFeatureState property of the vault to "Enabled" state. Allowed values for SoftDeleteFeatureState are Disable, Enable, AlwaysON.
Example 2: Update CMK encryption of a vault to use SystemAssigned MSIdentity
$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$keyVault = Get-AzKeyVault -VaultName "keyVaultName" -ResourceGroupName "RGName"
$key = Get-AzKeyVaultKey -VaultName "keyVaultName" -Name "keyName"
Set-AzRecoveryServicesVaultProperty -EncryptionKeyId $key.ID -InfrastructureEncryption -VaultId $vault.ID -UseSystemAssignedIdentity $trueFirst cmdlet gets the RSVault to update encryption properties. Second cmdlet gets the azure key vault. Third cmdlet gets the key from the key vault. Fourth cmdlet updates the customer managed encryption key within the RSVault to be accessed via SystemAssigned identity. Use -InfrastructureEncryption param to enable infrastructure encryption for the first time update.
Example 3: Update CMK encryption of a vault to use userAssigned MSIdentity
$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$keyVault = Get-AzKeyVault -VaultName "keyVaultName" -ResourceGroupName "RGName"
$key = Get-AzKeyVaultKey -VaultName "keyVaultName" -Name "keyName"
Set-AzRecoveryServicesVaultProperty -EncryptionKeyId $key.ID -VaultId $vault.ID -UseSystemAssignedIdentity $false -UserAssignedIdentity $vault.Identity.UserAssignedIdentities.Keys[0]First cmdlet gets the RSVault to update encryption properties. Second cmdlet gets the azure key vault. Third cmdlet gets the key from the key vault. Fourth cmdlet updates the customer managed encryption key within the RSVault to be accessed via UserAssigned identity.
Example 4: Update HybridBackupSecurityFeature of a vault
$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$prop = Set-AzRecoveryServicesVaultProperty -VaultId $vault.Id -DisableHybridBackupSecurityFeature $falseThe first command gets a Vault object and then stores it in the $vault variable. The second command disables the HybridBackupSecurityFeature of the vault, set $true to enable it again.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableHybridBackupSecurityFeature
Optional flag ($true/$false) to disable/enable security setting for hybrid backups against accidental deletes and add additional layer of authentication for critical operations. Provide $false to enable the security.
| Type: | Nullable<T>[Boolean] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EncryptionKeyId
KeyId of the encryption key to be used for CMK.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InfrastructureEncryption
Enables infrastructure encryption on this vault. Infrastructure encryption must be enabled when configuring encryption.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyVaultSubscriptionId
Subscription Id of the Key Vault.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SoftDeleteFeatureState
SoftDeleteFeatureState of the Recovery Services Vault. Allowed values are Disable, Enable, AlwaysON.
| Type: | String |
| Accepted values: | Enable, Disable, AlwaysON |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Token
Auxiliary access token for authenticating critical operation to resource guard subscription
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserAssignedIdentity
ARM Id of UserAssigned Identity to be used for CMK encryption. Provide this parameter if UseSystemAssignedIdentity is $false.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UseSystemAssignedIdentity
Boolean flag to indicate if SystemAssigned Identity will be used for CMK encryption. Accepted Vaules: $true, $false
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VaultId
ARM ID of the Recovery Services Vault.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Azure.Commands.RecoveryServices.Backup.Cmdlets.Models.VaultSoftDeleteFeatureState
Outputs
BackupResourceVaultConfigResource
Related Links
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for