Update-AzRecoveryServicesVault

Updates MSIdentity to the recovery services vault.

Syntax

Update-AzRecoveryServicesVault
      [-ResourceGroupName] <String>
      [-Name] <String>
      [-IdentityId <String[]>]
      [-RemoveUserAssigned]
      [-RemoveSystemAssigned]
      [-DisableClassicAlerts <Boolean>]
      [-DisableAzureMonitorAlertsForJobFailure <Boolean>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-AzRecoveryServicesVault
      [-ResourceGroupName] <String>
      [-Name] <String>
      -IdentityType <MSIdentity>
      [-IdentityId <String[]>]
      [-DisableClassicAlerts <Boolean>]
      [-DisableAzureMonitorAlertsForJobFailure <Boolean>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

This cmdlet is used to add or remove the MSI from the recovery services vault. Use -IdentityType param to add a SystemAssigned/UserAssigned identity to the RSVault. Use RemoveSystemAssigned/RemoveUserAssigned switch to remove the MSI from the vault.

Examples

Example 1: Add SystemAssigned identity to the recovery services vault

Update-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName" -IdentityType SystemAssigned

This cmdlet is used to add a SystemAssigned identity to a recovery services vault.

Example 2: Add UserAssigned identity to the recovery services vault

$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$identity1 = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroupName" -Name "UserIdentity1"
$identity2 = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroupName" -Name "UserIdentity2"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -IdentityType UserAssigned -IdentityId $identity1.Id, $identity2.Id
$updatedVault.Identity | Format-List

PrincipalId            :
TenantId               : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Type                   : UserAssigned
UserAssignedIdentities : {[/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserIdentity1,
                         Microsoft.Azure.Management.RecoveryServices.Models.UserIdentity],
                         [/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserIdentity2,
                         Microsoft.Azure.Management.RecoveryServices.Models.UserIdentity]}

The first cmdlet fetches the recovery services vault. The second and third cmdlet fetches the user created MSIs. The fourth cmdlet adds the user MSIs to the vault. The fifth cmdlet shows the Identities added to the vault.

Example 3: Remove SystemAssigned and UserAssigned identities from the vault

$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -RemoveSystemAssigned
$AllUserIdentities =  $vault.Identity.UserAssignedIdentities.Keys | ForEach-Object {$_} 
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -RemoveUserAssigned -IdentityId $AllUserIdentities
$updatedVault.Identity | Format-List

PrincipalId            :
TenantId               :
Type                   : None
UserAssignedIdentities :

The first cmdlet fetches the recovery services vault. The second cmdlet removes the SystemAssigned identity from the vault. The third cmdlet fetches all the user MSIs as a list from the vault. The fourth cmdlet removes all the user MSIs from the vault. In case you want, you can provide selected user identities to be removed as comma separated, like in previous example. The fifth cmdlet shows the identities in the vault, as we removed all the identites, Type is displayed as None.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-DisableAzureMonitorAlertsForJobFailure

Boolean paramter to specify whether built-in Azure Monitor alerts should be received for every job failure.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-DisableClassicAlerts

Boolean paramter to specify whether backup alerts from the classic solution should be disabled or enabled.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-IdentityId

ARM Ids of the UserAssigned Identity to be added/removed. This is a comma separated list of Identity Ids.

Type:String[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-IdentityType

The MSI type assigned to Recovery Services Vault.

Type:MSIdentity
Accepted values:SystemAssigned, None, UserAssigned
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name of the recovery services vault to update.

Type:String
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-RemoveSystemAssigned

Provide this switch to remove SystemAssigned Identity from the vault.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-RemoveUserAssigned

Provide this switch to remove UserAssigned Identity from the vault. Also, provide IdenityId parameter along with this switch.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of the Azure resource group where recovery services vault is present.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

Vault