Set-AzStorageAccount
Modifies a Storage account.
Set-AzStorageAccount
[-ResourceGroupName] <String>
[-Name] <String>
[-Force]
[-SkuName <String>]
[-AccessTier <String>]
[-CustomDomainName <String>]
[-UseSubDomain <Boolean>]
[-Tag <Hashtable>]
[-EnableHttpsTrafficOnly <Boolean>]
[-StorageEncryption]
[-AssignIdentity]
[-UserAssignedIdentityId <String>]
[-KeyVaultUserAssignedIdentityId <String>]
[-KeyVaultFederatedClientId <String>]
[-IdentityType <String>]
[-NetworkRuleSet <PSNetworkRuleSet>]
[-UpgradeToStorageV2]
[-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
[-EnableLargeFileShare]
[-PublishMicrosoftEndpoint <Boolean>]
[-PublishInternetEndpoint <Boolean>]
[-AllowBlobPublicAccess <Boolean>]
[-MinimumTlsVersion <String>]
[-AllowSharedKeyAccess <Boolean>]
[-SasExpirationPeriod <TimeSpan>]
[-KeyExpirationPeriodInDay <Int32>]
[-AllowCrossTenantReplication <Boolean>]
[-DefaultSharePermission <String>]
[-PublicNetworkAccess <String>]
[-ImmutabilityPeriod <Int32>]
[-ImmutabilityPolicyState <String>]
[-EnableSftp <Boolean>]
[-EnableLocalUser <Boolean>]
[-AllowedCopyScope <String>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-RoutingChoice <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzStorageAccount
[-ResourceGroupName] <String>
[-Name] <String>
[-Force]
[-SkuName <String>]
[-AccessTier <String>]
[-CustomDomainName <String>]
[-UseSubDomain <Boolean>]
[-Tag <Hashtable>]
[-EnableHttpsTrafficOnly <Boolean>]
[-KeyvaultEncryption]
-KeyName <String>
[-KeyVersion <String>]
-KeyVaultUri <String>
[-AssignIdentity]
[-UserAssignedIdentityId <String>]
[-KeyVaultUserAssignedIdentityId <String>]
[-KeyVaultFederatedClientId <String>]
[-IdentityType <String>]
[-NetworkRuleSet <PSNetworkRuleSet>]
[-UpgradeToStorageV2]
[-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
[-EnableLargeFileShare]
[-PublishMicrosoftEndpoint <Boolean>]
[-PublishInternetEndpoint <Boolean>]
[-AllowBlobPublicAccess <Boolean>]
[-MinimumTlsVersion <String>]
[-AllowSharedKeyAccess <Boolean>]
[-SasExpirationPeriod <TimeSpan>]
[-KeyExpirationPeriodInDay <Int32>]
[-AllowCrossTenantReplication <Boolean>]
[-DefaultSharePermission <String>]
[-PublicNetworkAccess <String>]
[-ImmutabilityPeriod <Int32>]
[-ImmutabilityPolicyState <String>]
[-EnableSftp <Boolean>]
[-EnableLocalUser <Boolean>]
[-AllowedCopyScope <String>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-RoutingChoice <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzStorageAccount
[-ResourceGroupName] <String>
[-Name] <String>
[-Force]
[-SkuName <String>]
[-AccessTier <String>]
[-CustomDomainName <String>]
[-UseSubDomain <Boolean>]
[-Tag <Hashtable>]
[-EnableHttpsTrafficOnly <Boolean>]
[-AssignIdentity]
[-UserAssignedIdentityId <String>]
[-KeyVaultUserAssignedIdentityId <String>]
[-KeyVaultFederatedClientId <String>]
[-IdentityType <String>]
[-NetworkRuleSet <PSNetworkRuleSet>]
[-UpgradeToStorageV2]
[-EnableLargeFileShare]
[-PublishMicrosoftEndpoint <Boolean>]
[-PublishInternetEndpoint <Boolean>]
[-EnableAzureActiveDirectoryKerberosForFile <Boolean>]
[-ActiveDirectoryDomainName <String>]
[-ActiveDirectoryDomainGuid <String>]
[-AllowBlobPublicAccess <Boolean>]
[-MinimumTlsVersion <String>]
[-AllowSharedKeyAccess <Boolean>]
[-SasExpirationPeriod <TimeSpan>]
[-KeyExpirationPeriodInDay <Int32>]
[-AllowCrossTenantReplication <Boolean>]
[-DefaultSharePermission <String>]
[-PublicNetworkAccess <String>]
[-ImmutabilityPeriod <Int32>]
[-ImmutabilityPolicyState <String>]
[-EnableSftp <Boolean>]
[-EnableLocalUser <Boolean>]
[-AllowedCopyScope <String>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-RoutingChoice <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzStorageAccount
[-ResourceGroupName] <String>
[-Name] <String>
[-Force]
[-SkuName <String>]
[-AccessTier <String>]
[-CustomDomainName <String>]
[-UseSubDomain <Boolean>]
[-Tag <Hashtable>]
[-EnableHttpsTrafficOnly <Boolean>]
[-AssignIdentity]
[-UserAssignedIdentityId <String>]
[-KeyVaultUserAssignedIdentityId <String>]
[-KeyVaultFederatedClientId <String>]
[-IdentityType <String>]
[-NetworkRuleSet <PSNetworkRuleSet>]
[-UpgradeToStorageV2]
[-EnableLargeFileShare]
[-PublishMicrosoftEndpoint <Boolean>]
[-PublishInternetEndpoint <Boolean>]
-EnableActiveDirectoryDomainServicesForFile <Boolean>
[-ActiveDirectoryDomainName <String>]
[-ActiveDirectoryNetBiosDomainName <String>]
[-ActiveDirectoryForestName <String>]
[-ActiveDirectoryDomainGuid <String>]
[-ActiveDirectoryDomainSid <String>]
[-ActiveDirectoryAzureStorageSid <String>]
[-ActiveDirectorySamAccountName <String>]
[-ActiveDirectoryAccountType <String>]
[-AllowBlobPublicAccess <Boolean>]
[-MinimumTlsVersion <String>]
[-AllowSharedKeyAccess <Boolean>]
[-SasExpirationPeriod <TimeSpan>]
[-KeyExpirationPeriodInDay <Int32>]
[-AllowCrossTenantReplication <Boolean>]
[-DefaultSharePermission <String>]
[-PublicNetworkAccess <String>]
[-ImmutabilityPeriod <Int32>]
[-ImmutabilityPolicyState <String>]
[-EnableSftp <Boolean>]
[-EnableLocalUser <Boolean>]
[-AllowedCopyScope <String>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-RoutingChoice <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
The Set-AzStorageAccount cmdlet modifies an Azure Storage account. You can use this cmdlet to modify the account type, update a customer domain, or set tags on a Storage account.
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -SkuName "Standard_RAGRS"
This command sets the Storage account type to Standard_RAGRS.
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -CustomDomainName "www.contoso.com" -UseSubDomain $true
This command sets a custom domain for a Storage account.
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -AccessTier Cool
The command sets the Access Tier value to be cool.
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -CustomDomainName "www.domainname.com" -UseSubDomain $true -Tag @{tag0="value0";tag1="value1";tag2="value2"}
The command sets the custom domain and tags for a Storage account.
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -AssignIdentity
$account = Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount"
$keyVault = New-AzKeyVault -VaultName "MyKeyVault" -ResourceGroupName "MyResourceGroup" -Location "EastUS2"
$key = Add-AzKeyVaultKey -VaultName "MyKeyVault" -Name "MyKey" -Destination 'Software'
Set-AzKeyVaultAccessPolicy -VaultName "MyKeyVault" -ObjectId $account.Identity.PrincipalId -PermissionsToKeys wrapkey,unwrapkey,get
# In case to enable key auto rotation, don't set KeyVersion
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion $key.Version -KeyVaultUri $keyVault.VaultUri
# In case to enable key auto rotation after set keyvault proeprites with KeyVersion, can update account by set KeyVersion to empty
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion "" -KeyVaultUri $keyVault.VaultUri
This command set Encryption KeySource with a new created Keyvault. If want to enable key auto rotation, don't set keyversion when set Keyvault properties for the first time, or clean up it by set keyvault properties again with keyversion as empty.
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -StorageEncryption
This command set Encryption KeySource to "Microsoft.Storage"
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -NetworkRuleSet (@{bypass="Logging,Metrics";
ipRules=(@{IPAddressOrRange="20.11.0.0/16";Action="allow"},
@{IPAddressOrRange="10.0.0.0/7";Action="allow"});
virtualNetworkRules=(@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1";Action="allow"},
@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2";Action="allow"});
defaultAction="allow"})
This command sets NetworkRuleSet property of a Storage account with JSON
Example 8: Get NetworkRuleSet property from a Storage account, and set it to another Storage account
$networkRuleSet = (Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount").NetworkRuleSet
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount2" -NetworkRuleSet $networkRuleSet
This first command gets NetworkRuleSet property from a Storage account, and the second command sets it to another Storage account
Example 9: Upgrade a Storage account with Kind "Storage" or "BlobStorage" to "StorageV2" kind Storage account
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -UpgradeToStorageV2
The command upgrade a Storage account with Kind "Storage" or "BlobStorage" to "StorageV2" kind Storage account.
Example 10: Update a Storage account by enable Azure Files Microsoft Entra Domain Services Authentication and set DefaultSharePermission.
$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -EnableAzureActiveDirectoryDomainServicesForFile $true -DefaultSharePermission StorageFileDataSmbShareContributor
$account.AzureFilesIdentityBasedAuth
DirectoryServiceOptions ActiveDirectoryProperties DefaultSharePermission
----------------------- ------------------------- ----------------------
AADDS Microsoft.Azure.Commands.Management.Storage.Models.PSActiveDirectoryProperties StorageFileDataSmbShareContributor
The command update a Storage account by enable Azure Files Microsoft Entra Domain Services Authentication.
Example 11: Update a Storage account by enable Files Active Directory Domain Service Authentication, and then show the File Identity Based authentication setting
$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -EnableActiveDirectoryDomainServicesForFile $true `
-ActiveDirectoryDomainName "mydomain.com" `
-ActiveDirectoryNetBiosDomainName "mydomain.com" `
-ActiveDirectoryForestName "mydomain.com" `
-ActiveDirectoryDomainGuid "12345678-1234-1234-1234-123456789012" `
-ActiveDirectoryDomainSid "S-1-5-21-1234567890-1234567890-1234567890" `
-ActiveDirectoryAzureStorageSid "S-1-5-21-1234567890-1234567890-1234567890-1234" `
-ActiveDirectorySamAccountName "samaccountname" `
-ActiveDirectoryAccountType Computer
$account.AzureFilesIdentityBasedAuth.DirectoryServiceOptions
AD
$account.AzureFilesIdentityBasedAuth.ActiveDirectoryProperties
DomainName : mydomain.com
NetBiosDomainName : mydomain.com
ForestName : mydomain.com
DomainGuid : 12345678-1234-1234-1234-123456789012
DomainSid : S-1-5-21-1234567890-1234567890-1234567890
AzureStorageSid : S-1-5-21-1234567890-1234567890-1234567890-1234
SamAccountName : samaccountname
AccountType : Computer
The command updates a Storage account by enable Azure Files Active Directory Domain Service Authentication, and then shows the File Identity Based authentication setting
$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -MinimumTlsVersion TLS1_1 -AllowBlobPublicAccess $false -AllowSharedKeyAccess $true
$account.MinimumTlsVersion
TLS1_1
$account.AllowBlobPublicAccess
False
$a.AllowSharedKeyAccess
True
The command sets MinimumTlsVersion, AllowBlobPublicAccess and AllowSharedKeyAccess, and then show the the 3 properties of the account
$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -PublishMicrosoftEndpoint $false -PublishInternetEndpoint $true -RoutingChoice InternetRouting
$account.RoutingPreference
RoutingChoice PublishMicrosoftEndpoints PublishInternetEndpoints
------------- ------------------------- ------------------------
InternetRouting False True
$account.PrimaryEndpoints
Blob : https://mystorageaccount.blob.core.windows.net/
Queue : https://mystorageaccount.queue.core.windows.net/
Table : https://mystorageaccount.table.core.windows.net/
File : https://mystorageaccount.file.core.windows.net/
Web : https://mystorageaccount.z2.web.core.windows.net/
Dfs : https://mystorageaccount.dfs.core.windows.net/
MicrosoftEndpoints :
InternetEndpoints : {"Blob":"https://mystorageaccount-internetrouting.blob.core.windows.net/","File":"https://mystorageaccount-internetrouting.file.core.windows.net/","Web":"https://mystorageaccount-internetrouting.z2.web.core.windows.net/","Dfs":"https://w
eirp3-internetrouting.dfs.core.windows.net/"}
This command updates a Storage account with RoutingPreference setting: PublishMicrosoftEndpoint as false, PublishInternetEndpoint as true, and RoutingChoice as MicrosoftRouting.
$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -KeyExpirationPeriodInDay 5 -SasExpirationPeriod "1.12:05:06" -EnableHttpsTrafficOnly $true
$account.KeyPolicy.KeyExpirationPeriodInDays
5
$account.SasPolicy.SasExpirationPeriod
1.12:05:06
This command updates a Storage account with KeyExpirationPeriod and SasExpirationPeriod, then show the updated account related properties.
Example 15: Update a Storage account to Keyvault encryption, and access Keyvault with user assigned identity
# Create KeyVault (no need if using exist keyvault)
$keyVault = New-AzKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -Location eastus2euap -EnablePurgeProtection
$key = Add-AzKeyVaultKey -VaultName $keyvaultName -Name $keyname -Destination 'Software'
# create user assigned identity and grant access to keyvault (no need if using exist user assigned identity)
$userId = New-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $userIdName
Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ObjectId $userId.PrincipalId -PermissionsToKeys get,wrapkey,unwrapkey -BypassObjectIdValidation
$useridentityId= $userId.Id
# Update Storage account with Keyvault encryption and access Keyvault with user assigned identity, then show properties
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName `
-IdentityType UserAssigned -UserAssignedIdentityId $useridentityId `
-KeyVaultUri $keyVault.VaultUri -KeyName $keyname -KeyVaultUserAssignedIdentityId $useridentityId
$account.Encryption.EncryptionIdentity.EncryptionUserAssignedIdentity
/subscriptions/{subscription-id}/resourceGroups/myresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myuserid
$account.Encryption.KeyVaultProperties
KeyName : wrappingKey
KeyVersion :
KeyVaultUri : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp : 4/12/2021 8:17:57 AM
This command first creates a keyvault and a user assigned identity, then updates a storage account with keyvault encryption, the storage access access keyvault with the user assigned identity.
Example 16: Update a Keyvault encrypted Storage account, from access Keyvault with user assigned identity, to access Keyvault with system assigned identity
# Assign System identity to the account, and give the system assigned identity acces to the keyvault
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -IdentityType SystemAssignedUserAssigned
Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ObjectId $account.Identity.PrincipalId -PermissionsToKeys get,wrapkey,unwrapkey -BypassObjectIdValidation
# Update account from access Keyvault with user assigned identity to access Keyvault with system assigned identity
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -IdentityType SystemAssignedUserAssigned -KeyName $keyname -KeyVaultUri $keyvaultUri -KeyVaultUserAssignedIdentityId ""
# EncryptionUserAssignedIdentity is empty, so the account access keyvault with system assigned identity
$account.Encryption.EncryptionIdentity
EncryptionUserAssignedIdentity
------------------------------
$account.Encryption.KeyVaultProperties
KeyName : wrappingKey
KeyVersion :
KeyVaultUri : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp : 4/12/2021 8:17:57 AM
This command first assigns System identity to the account, and give the system assigned identity access to the keyvault; then updates the Storage account to access Keyvault with system assigned identity.
# Update to another user assigned identity
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -IdentityType SystemAssignedUserAssigned -UserAssignedIdentityId $useridentity2 -KeyVaultUserAssignedIdentityId $useridentity2
# Update to encrypt with another keyvault
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -KeyVaultUri $keyvaultUri2 -KeyName $keyname2 -KeyVersion $keyversion2
This command first update the user assigned identity to access keyvault, then update the keyvault for encryption. To update both both Keyvault and the user assigned identity, we need update with the above 2 steps.
$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -AllowCrossTenantReplication $false -EnableHttpsTrafficOnly $true
$account.AllowCrossTenantReplication
False
This command updates a Storage account by set AllowCrossTenantReplication to false, then show the updated account related properties.
$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -PublicNetworkAccess Enabled
$account.PublicNetworkAccess
Enabled
This command updates a Storage account by set PublicNetworkAccess as enabled.
$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -ImmutabilityPeriod 2 -ImmutabilityPolicyState Unlocked
$account.ImmutableStorageWithVersioning.Enabled
True
$account.ImmutableStorageWithVersioning.ImmutabilityPolicy
ImmutabilityPeriodSinceCreationInDays State
------------------------------------- -----
2 Unlocked
The command updates account-level immutability policy properties on an existing storage account, and show the result. The storage account must be created with enable account level immutability with versioning. The account-level immutability policy will be inherited and applied to objects that do not possess an explicit immutability policy at the object level.
$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount" -EnableSftp $true -EnableLocalUser $true
$account.EnableSftp
True
$account.EnableLocalUser
True
This command updates a Storage account by enable Sftp and localuser. To run the command succssfully, the Storage account should already enable Hierarchical Namespace.
Example 21: Update a Storage account with Keyvault from another tenant (access Keyvault with FederatedClientId)
# create Storage account with Keyvault encryption (access Keyvault with FederatedClientId), then show properties
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName `
-KeyVaultUri $keyVault.VaultUri -KeyName $keyname -KeyVaultUserAssignedIdentityId $useridentityId -KeyVaultFederatedClientId $federatedClientId
$account.Encryption.EncryptionIdentity
EncryptionUserAssignedIdentity EncryptionFederatedIdentityClientId
------------------------------ -----------------------------------
/subscriptions/{subscription-id}/resourceGroups/myresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myuserid ********-****-****-****-************
$account.Encryption.KeyVaultProperties
KeyName : wrappingKey
KeyVersion :
KeyVaultUri : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp : 3/3/2022 2:07:34 AM
This command updates a storage account with Keyvault from another tenant (access Keyvault with FederatedClientId).
Specifies the access tier of the Storage account that this cmdlet modifies. The acceptable values for this parameter are: Hot and Cool. If you change the access tier, it may result in additional charges. For more information, see Azure Blob Storage: Hot and cool storage tiers. If the Storage account has Kind as StorageV2 or BlobStorage, you can specify the AccessTier parameter. If the Storage account has Kind as Storage, do not specify the AccessTier parameter.
Type: | String |
Accepted values: | Hot, Cool, Cold |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the Active Directory account type for Azure Storage. Possible values include: 'User', 'Computer'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the security identifier (SID) for Azure Storage. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the domain GUID. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the primary domain that the AD DNS server is authoritative for. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the security identifier (SID). This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the Active Directory forest to get. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the NetBIOS domain name. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the Active Directory SAMAccountName for Azure Storage.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Allow or disallow anonymous access to all blobs or containers in the storage account.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Gets or sets allow or disallow cross Microsoft Entra tenant object replication. The default interpretation is true for this property.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Set restrict copy to and from Storage Accounts within a Microsoft Entra tenant or with Private Links to the same VNet. Possible values include: 'PrivateLink', 'AAD'
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Microsoft Entra ID. The default value is null, which is equivalent to true.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Run cmdlet in the background
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Generate and assign a new Storage account Identity for this Storage account for use with key management services like Azure KeyVault.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the name of the custom domain.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Default share permission for users using Kerberos authentication if RBAC role is not assigned.
Type: | String |
Accepted values: | None, StorageFileDataSmbShareContributor, StorageFileDataSmbShareReader, StorageFileDataSmbShareElevatedContributor |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enable Azure Files Active Directory Domain Service Authentication for the storage account.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enable Azure Files Active Directory Domain Service Authentication for the storage account.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enable Azure Files Active Directory Domain Service Kerberos Authentication for the storage account.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates whether or not the Storage account only enables HTTPS traffic.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates whether or not the storage account can support large file shares with more than 5 TiB capacity. Once the account is enabled, the feature cannot be disabled. Currently only supported for LRS and ZRS replication types, hence account conversions to geo-redundant accounts would not be possible. Learn more in https://go.microsoft.com/fwlink/?linkid=2086047
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enable local users feature for the Storage account.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enable Secure File Transfer Protocol for the Storage account.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Forces the change to be written to the Storage account.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Set the new Storage Account Identity type, the idenetity is for use with key management services like Azure KeyVault.
Type: | String |
Accepted values: | SystemAssigned, UserAssigned, SystemAssignedUserAssigned, None |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The immutability period for the blobs in the container since the policy creation in days. This property can only be changed when account is created with '-EnableAccountLevelImmutability'.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The mode of the policy. Possible values include: 'Unlocked', 'Locked', 'Disabled. Disabled state disablesthe policy. Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property. Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted. This property can only be changed when account is created with '-EnableAccountLevelImmutability'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The Key expiration period of this account, it is accurate to days.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
If using -KeyvaultEncryption to enable encryption with Key Vault, specify the Keyname property with this option.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates whether or not to use Microsoft KeyVault for the encryption keys when using Storage Service Encryption. If KeyName, KeyVersion, and KeyVaultUri are all set, KeySource will be set to Microsoft.Keyvault whether this parameter is set or not.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Set ClientId of the multi-tenant application to be used in conjunction with the user-assigned identity for cross-tenant customer-managed-keys server-side encryption on the storage account.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
When using Key Vault Encryption by specifying the -KeyvaultEncryption parameter, use this option to specify the URI to the Key Vault.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Set resource id for user assigned Identity used to access Azure KeyVault of Storage Account Encryption, the id must in the storage account's UserAssignIdentityId.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
When using Key Vault Encryption by specifying the -KeyvaultEncryption parameter, use this option to specify the URI to the Key Version.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The minimum TLS version to be permitted on requests to storage.
Type: | String |
Accepted values: | TLS1_0, TLS1_1, TLS1_2, TLS1_3 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the name of the Storage account to modify.
Type: | String |
Aliases: | StorageAccountName, AccountName |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
NetworkRuleSet is used to define a set of configuration rules for firewalls and virtual networks, as well as to set values for network properties such as services allowed to bypass the rules and how to handle requests that don't match any of the defined rules.
Type: | PSNetworkRuleSet |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Allow or disallow public network access to Storage Account.Possible values include: 'Enabled', 'Disabled'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates whether internet routing storage endpoints are to be published
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates whether microsoft routing storage endpoints are to be published
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the name of the resource group in which to modify the Storage account.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Routing Choice defines the kind of network routing opted by the user. Possible values include: 'MicrosoftRouting', 'InternetRouting'
Type: | String |
Accepted values: | MicrosoftRouting, InternetRouting |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The SAS expiration period of this account, it is a timespan and accurate to seconds.
Type: | TimeSpan |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the SKU name of the Storage account. The acceptable values for this parameter are:
- Standard_LRS - Locally-redundant storage.
- Standard_ZRS - Zone-redundant storage.
- Standard_GRS - Geo-redundant storage.
- Standard_RAGRS - Read access geo-redundant storage.
- Premium_LRS - Premium locally-redundant storage.
- Standard_GZRS - Geo-redundant zone-redundant storage.
- Standard_RAGZRS - Read access geo-redundant zone-redundant storage. You cannot change Standard_ZRS and Premium_LRS types to other account types. You cannot change other account types to Standard_ZRS or Premium_LRS.
Type: | String |
Aliases: | StorageAccountType, AccountType, Type |
Accepted values: | Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS, Standard_GZRS, Standard_RAGZRS |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Indicates whether or not to set the Storage account encryption to use Microsoft-managed keys.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Key-value pairs in the form of a hash table set as tags on the server. For example: @{key0="value0";key1=$null;key2="value2"}
Type: | Hashtable |
Aliases: | Tags |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Upgrade Storage account Kind from Storage or BlobStorage to StorageV2.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Set resource ids for the the new Storage Account user assignedd Identity, the identity will be used with key management services like Azure KeyVault.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates whether to enable indirect CName validation.
Type: | Nullable<T>[Boolean] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Azure PowerShell feedback
Azure PowerShell is an open source project. Select a link to provide feedback: