Update-AzRecoveryServicesVault
Updates MSIdentity to the recovery services vault.
Syntax
AzureRSVaultRemoveMSIdentity (Default)
Update-AzRecoveryServicesVault
[-ResourceGroupName] <String>
[-Name] <String>
[-IdentityId <String[]>]
[-RemoveUserAssigned]
[-RemoveSystemAssigned]
[-DisableClassicAlerts <Boolean>]
[-DisableAzureMonitorAlertsForJobFailure <Boolean>]
[-DisableEmailNotificationsForSiteRecovery <Boolean>]
[-DisableAzureMonitorAlertsForAllReplicationIssue <Boolean>]
[-DisableAzureMonitorAlertsForAllFailoverIssue <Boolean>]
[-PublicNetworkAccess <PublicNetworkAccess>]
[-ImmutabilityState <ImmutabilityState>]
[-CrossSubscriptionRestoreState <CrossSubscriptionRestoreState>]
[-DefaultProfile <IAzureContextContainer>]
[-Token <String>]
[-SecureToken <SecureString>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
AzureRSVaultAddMSIdentity
Update-AzRecoveryServicesVault
[-ResourceGroupName] <String>
[-Name] <String>
-IdentityType <MSIdentity>
[-IdentityId <String[]>]
[-DisableClassicAlerts <Boolean>]
[-DisableAzureMonitorAlertsForJobFailure <Boolean>]
[-DisableEmailNotificationsForSiteRecovery <Boolean>]
[-DisableAzureMonitorAlertsForAllReplicationIssue <Boolean>]
[-DisableAzureMonitorAlertsForAllFailoverIssue <Boolean>]
[-PublicNetworkAccess <PublicNetworkAccess>]
[-ImmutabilityState <ImmutabilityState>]
[-CrossSubscriptionRestoreState <CrossSubscriptionRestoreState>]
[-DefaultProfile <IAzureContextContainer>]
[-Token <String>]
[-SecureToken <SecureString>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
This cmdlet is used to add or remove the MSI from the recovery services vault. Use -IdentityType param to add a SystemAssigned/UserAssigned identity to the RSVault. Use RemoveSystemAssigned/RemoveUserAssigned switch to remove the MSI from the vault.
Examples
Example 1: Add SystemAssigned identity to the recovery services vault
Update-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName" -IdentityType SystemAssigned
This cmdlet is used to add a SystemAssigned identity to a recovery services vault.
Example 2: Add UserAssigned identity to the recovery services vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$identity1 = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroupName" -Name "UserIdentity1"
$identity2 = Get-AzUserAssignedIdentity -ResourceGroupName "resourceGroupName" -Name "UserIdentity2"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -IdentityType UserAssigned -IdentityId $identity1.Id, $identity2.Id
$updatedVault.Identity | Format-List
PrincipalId :
TenantId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Type : UserAssigned
UserAssignedIdentities : {[/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserIdentity1,
Microsoft.Azure.Management.RecoveryServices.Models.UserIdentity],
[/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserIdentity2,
Microsoft.Azure.Management.RecoveryServices.Models.UserIdentity]}
The first cmdlet fetches the recovery services vault.
The second and third cmdlet fetches the user created MSIs.
The fourth cmdlet adds the user MSIs to the vault.
The fifth cmdlet shows the Identities added to the vault.
Example 3: Remove SystemAssigned and UserAssigned identities from the vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -RemoveSystemAssigned
$AllUserIdentities = $vault.Identity.UserAssignedIdentities.Keys | ForEach-Object {$_}
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -RemoveUserAssigned -IdentityId $AllUserIdentities
$updatedVault.Identity | Format-List
PrincipalId :
TenantId :
Type : None
UserAssignedIdentities :
The first cmdlet fetches the recovery services vault.
The second cmdlet removes the SystemAssigned identity from the vault.
The third cmdlet fetches all the user MSIs as a list from the vault.
The fourth cmdlet removes all the user MSIs from the vault. In case you want, you can provide selected user identities to be removed as comma separated, like in previous example.
The fifth cmdlet shows the identities in the vault, as we removed all the identities, Type is displayed as None.
Example 4: Update PublicNetworkAccess, ImmutabilityState of recovery services vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -PublicNetworkAccess "Disabled" -ImmutabilityState "Unlocked"
$updatedVault.Properties.PublicNetworkAccess
$updatedVault.Properties.ImmutabilitySettings.ImmutabilityState
Disabled
Unlocked
The first cmdlet fetches the recovery services vault.
The second cmdlet updates PublicNetworkAccess, ImmutabilityState properties of the recovery services vault.
The third and fourth command are used to fetch the public network access and immutability state of the vault.
Example 5: Enable/Disable CrossSubscriptionRestore for recovery services vault
$vault = Get-AzRecoveryServicesVault -Name "vaultName" -ResourceGroupName "resourceGroupName"
$updatedVault = Update-AzRecoveryServicesVault -ResourceGroupName $vault.ResourceGroupName -Name $vault.Name -CrossSubscriptionRestoreState Disabled
$updatedVault.Properties.RestoreSettings.CrossSubscriptionRestoreSettings.CrossSubscriptionRestoreState
Disabled
The first cmdlet fetches the recovery services vault.
The second cmdlet updates CrossSubscriptionRestoreState of the recovery services vault.
The third command gets the cross subscription restore state of the vault.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CrossSubscriptionRestoreState
Cross subscription restore state of the vault. Allowed values are "Enabled", "Disabled", "PermanentlyDisabled".
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisableAzureMonitorAlertsForAllFailoverIssue
Enables or disables monitor alerts for failover issue in RS vault.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisableAzureMonitorAlertsForAllReplicationIssue
Enables or disables monitor alerts for replication issue in RS vault.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisableAzureMonitorAlertsForJobFailure
Boolean parameter to specify whether built-in Azure Monitor alerts should be received for every job failure.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisableClassicAlerts
Boolean parameter to specify whether backup alerts from the classic solution should be disabled or enabled.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisableEmailNotificationsForSiteRecovery
Enables or disables classic email notifications for Site Recovery in RS vault.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IdentityId
ARM Ids of the UserAssigned Identity to be added/removed. This is a comma separated list of Identity Ids.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IdentityType
The MSI type assigned to Recovery Services Vault.
Parameter properties
Type: MSIdentity
Default value: None Accepted values: SystemAssigned, None, UserAssigned Supports wildcards: False DontShow: False
Parameter sets
AzureRSVaultAddMSIdentity
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ImmutabilityState
Immutability State of the vault. Allowed values are "Disabled", "Unlocked", "Locked".
Unlocked means Enabled and can be changed, Locked means Enabled and can't be changed.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Specifies the name of the recovery services vault to update.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 2 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PublicNetworkAccess
Parameter to Enable/Disable public network access of the vault. This setting is useful with Private Endpoints.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-RemoveSystemAssigned
Provide this switch to remove SystemAssigned Identity from the vault.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
AzureRSVaultRemoveMSIdentity
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-RemoveUserAssigned
Provide this switch to remove UserAssigned Identity from the vault. Also, provide IdentityId parameter along with this switch.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
AzureRSVaultRemoveMSIdentity
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
Specifies the name of the Azure resource group where recovery services vault is present.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SecureToken
Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").Token to fetch authorization token for different tenant
Parameter properties
Type: SecureString
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Token
Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").Token to fetch authorization token for different tenant
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
