Set-AzRecoveryServicesVaultProperty

Module:: Az.RecoveryServices Module

Updates properties of a Vault.

Syntax

AzureRSVaultSoftDeleteParameterSet (Default)

Set-AzRecoveryServicesVaultProperty
    [-SoftDeleteFeatureState <String>]
    [-SoftDeleteRetentionPeriodInDays <Int32>]
    [-DisableHybridBackupSecurityFeature <Boolean>]
    [-VaultId <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-Token <String>]
    [-SecureToken <SecureString>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

AzureRSVaultCMKParameterSet

Set-AzRecoveryServicesVaultProperty
    -EncryptionKeyId <String>
    [-VaultId <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-Token <String>]
    [-SecureToken <SecureString>]
    [-KeyVaultSubscriptionId <String>]
    [-InfrastructureEncryption]
    [-UseSystemAssignedIdentity <Boolean>]
    [-UserAssignedIdentity <String>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The Set-AzRecoveryServicesVaultProperty cmdlet updates properties of a Recovery services vault. This cmdlet can be used to Enable/Disable/AlwaysON soft delete or set CMK encryption for a vault with two different parameter sets. SoftDeleteFeatureState property of a vault can be disabled only if there are no registered containers in the vault. InfrastructureEncryption can only be set the first time a user updates the CMK vault.

Examples

Example 1: Update SoftDeleteFeatureState of a vault

$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$props = Set-AzRecoveryServicesVaultProperty -VaultId $vault.Id -SoftDeleteFeatureState Enable

The first command gets a Vault object and then stores it in the $vault variable. The second command Updates the SoftDeleteFeatureState property of the vault to "Enabled" state. Allowed values for SoftDeleteFeatureState are Disable, Enable, AlwaysON.

Example 2: Update CMK encryption of a vault to use SystemAssigned MSIdentity

$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$keyVault = Get-AzKeyVault -VaultName "keyVaultName" -ResourceGroupName "RGName"
$key = Get-AzKeyVaultKey -VaultName "keyVaultName" -Name "keyName"
Set-AzRecoveryServicesVaultProperty -EncryptionKeyId $key.ID -InfrastructureEncryption -VaultId $vault.ID -UseSystemAssignedIdentity $true

First cmdlet gets the RSVault to update encryption properties. Second cmdlet gets the azure key vault. Third cmdlet gets the key from the key vault. Fourth cmdlet updates the customer managed encryption key within the RSVault to be accessed via SystemAssigned identity. Use -InfrastructureEncryption param to enable infrastructure encryption for the first time update.

Example 3: Update CMK encryption of a vault to use userAssigned MSIdentity

$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$keyVault = Get-AzKeyVault -VaultName "keyVaultName" -ResourceGroupName "RGName"
$key = Get-AzKeyVaultKey -VaultName "keyVaultName" -Name "keyName"
Set-AzRecoveryServicesVaultProperty -EncryptionKeyId $key.ID -VaultId $vault.ID -UseSystemAssignedIdentity $false -UserAssignedIdentity $vault.Identity.UserAssignedIdentities.Keys[0]

Example 4: Update HybridBackupSecurityFeature of a vault

$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$prop = Set-AzRecoveryServicesVaultProperty -VaultId $vault.Id -DisableHybridBackupSecurityFeature $false

The first command gets a Vault object and then stores it in the $vault variable. The second command disables the HybridBackupSecurityFeature of the vault, set $true to enable it again.

Example 5: Update SoftDeleteFeatureState and HybridBackupSecurityFeature to AlwaysON

$vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
$prop = Set-AzRecoveryServicesVaultProperty -VaultId $vault.Id -SoftDeleteFeatureState AlwaysON

The first command gets a Vault object and then stores it in the $vault variable. The second command sets the SoftDeleteFeatureState of the vault to "AlwaysON", which will also set the HybridBackupSecurityFeature to AlwaysON. Additionally, the SoftDeleteRetentionPeriodInDays parameter is used to set the soft delete retention period to 16 days.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Parameter properties

Type:	IAzureContextContainer
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisableHybridBackupSecurityFeature

Optional flag ($true/$false) to disable/enable security setting for hybrid backups against accidental deletes and add additional layer of authentication for critical operations. Provide $false to enable the security.

Parameter properties

Type:	Nullable<T>[Boolean]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultSoftDeleteParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-EncryptionKeyId

KeyId of the encryption key to be used for CMK.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultCMKParameterSet

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InfrastructureEncryption

Enables infrastructure encryption on this vault. Infrastructure encryption must be enabled when configuring encryption.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultCMKParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-KeyVaultSubscriptionId

Subscription Id of the Key Vault.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultCMKParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SecureToken

Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").Token to fetch authorization token for different tenant

Parameter properties

Type:	SecureString
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SoftDeleteFeatureState

SoftDeleteFeatureState of the Recovery Services Vault. Allowed values are Disable, Enable, AlwaysON.

Parameter properties

Type:	String
Default value:	None
Accepted values:	Enable, Disable, AlwaysON
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultSoftDeleteParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SoftDeleteRetentionPeriodInDays

Specifies the retention period for soft deleted items in days.

Parameter properties

Type:	Nullable<T>[Int32]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultSoftDeleteParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Token

Auxiliary access token for authenticating critical operation to resource guard subscription

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-UserAssignedIdentity

ARM Id of UserAssigned Identity to be used for CMK encryption. Provide this parameter if UseSystemAssignedIdentity is $false.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultCMKParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-UseSystemAssignedIdentity

Boolean flag to indicate if SystemAssigned Identity will be used for CMK encryption. Accepted Values: $true, $false

Parameter properties

Type:	Boolean
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

AzureRSVaultCMKParameterSet

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-VaultId

ARM ID of the Recovery Services Vault.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Share via

Set-AzRecoveryServicesVaultProperty

Syntax

AzureRSVaultSoftDeleteParameterSet (Default)

AzureRSVaultCMKParameterSet

Description

Examples

Example 1: Update SoftDeleteFeatureState of a vault

Example 2: Update CMK encryption of a vault to use SystemAssigned MSIdentity

Example 3: Update CMK encryption of a vault to use userAssigned MSIdentity

Example 4: Update HybridBackupSecurityFeature of a vault

Example 5: Update SoftDeleteFeatureState and HybridBackupSecurityFeature to AlwaysON

Parameters

-Confirm

Parameter properties

Parameter sets

-DefaultProfile

Parameter properties

Parameter sets

-DisableHybridBackupSecurityFeature

Parameter properties

Parameter sets

-EncryptionKeyId

Parameter properties

Parameter sets

-InfrastructureEncryption

Parameter properties

Parameter sets

-KeyVaultSubscriptionId

Parameter properties

Parameter sets

-SecureToken

Parameter properties

Parameter sets

-SoftDeleteFeatureState

Parameter properties

Parameter sets

-SoftDeleteRetentionPeriodInDays

Parameter properties

Parameter sets

-Token

Parameter properties

Parameter sets

-UserAssignedIdentity

Parameter properties

Parameter sets

-UseSystemAssignedIdentity

Parameter properties

Parameter sets

-VaultId

Parameter properties

Parameter sets

-WhatIf

Parameter properties

Parameter sets

CommonParameters

Inputs

String

Microsoft.Azure.Commands.RecoveryServices.Backup.Cmdlets.Models.VaultSoftDeleteFeatureState

Outputs

BackupResourceVaultConfigResource

Related Links

Feedback