Creates or updates a BackupVault resource belonging to a resource group.
-ResourceGroupName <String>
-VaultName <String>
-Location <String>
-StorageSetting <IStorageSetting[]>
[-SubscriptionId <String>]
[-ETag <String>]
[-IdentityType <String>]
[-AzureMonitorAlertsForAllJobFailure <AlertsState>]
[-ImmutabilityState <ImmutabilityState>]
[-CrossRegionRestoreState <CrossRegionRestoreState>]
[-CrossSubscriptionRestoreState <CrossSubscriptionRestoreState>]
[-SoftDeleteRetentionDurationInDay <Double>]
[-SoftDeleteState <SoftDeleteState>]
[-Tag <Hashtable>]
[-IdentityUserAssignedIdentity <Hashtable>]
[-CmkEncryptionState <EncryptionState>]
[-CmkInfrastructureEncryption <InfrastructureEncryptionState>]
[-CmkIdentityType <IdentityType>]
[-CmkUserAssignedIdentityId <String>]
[-CmkEncryptionKeyUri <String>]
[-DefaultProfile <PSObject>]
Creates or updates a BackupVault resource belonging to a resource group.
Example 1: Create a new backup vault
$sub = "xxxx-xxxx-xxxxx"
$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
New-AzDataProtectionBackupVault -SubscriptionId $sub -ResourceGroupName sarath-rg -VaultName "MyVault" -StorageSetting $storagesetting -Location westus
ETag IdentityPrincipalId IdentityTenantId IdentityType Location Name Type
---- ------------------- ---------------- ------------ -------- ---- ----
westus MyVault Microsoft.DataProtection/backupVaults
This command creates a new backup vault.
Example 2: Create a new backup vault with ImmutabilityState, CrossSubscriptionRestoreState, soft delete settings
$sub = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
New-AzDataProtectionBackupVault -SubscriptionId $sub -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -Location westus -StorageSetting $storagesetting -CrossSubscriptionRestoreState Enabled -ImmutabilityState Unlocked -SoftDeleteRetentionDurationInDay 100 -SoftDeleteState On
ETag IdentityPrincipalId IdentityTenantId IdentityType Location Name Type
---- ------------------- ---------------- ------------ -------- ---- ----
westus MyVault Microsoft.DataProtection/backupVaults
This command creates a new backup vault while setting Immutability state, cross subscription restore state, soft delete settings of the vault at creation time.
Example 3: Create a Backup Vault with CMK
$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
$userAssignedIdentity = @{
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami" = @{
clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
principalId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami2" = @{
clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
principalId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$cmkIdentityId = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami"
$cmkKeyUri = ""
New-AzDataProtectionBackupVault -SubscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -Location "location" -StorageSetting $storagesetting -IdentityType UserAssigned -UserAssignedIdentity $userAssignedIdentity -CmkEncryptionState Enabled -CmkIdentityType UserAssigned -CmkUserAssignedIdentityId $cmkIdentityId -CmkEncryptionKeyUri $cmkKeyUri -CmkInfrastructureEncryption Enabled
Name Location IdentityType
-------- -------- ------------
vaultName location UserAssigned
This command creates a backup vault with CMK encryption enabled
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Parameter to Enable or Disable built-in azure monitor alerts for job failures. Security alerts cannot be disabled.
Type: | AlertsState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The Key URI of the CMK key to be used for encryption. To enable auto-rotation of keys, exclude the version component from the Key URI.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enable CMK encryption state for a Backup Vault.
Type: | EncryptionState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The identity type to be used for CMK encryption - SystemAssigned or UserAssigned Identity.
Type: | IdentityType |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Enable infrastructure encryption with CMK on this vault. Infrastructure encryption must be configured only when creating the vault.
Type: | InfrastructureEncryptionState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
This parameter is required if the identity type is UserAssigned. Add the user assigned managed identity id to be used which has access permissions to the Key Vault.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Cross region restore state of the vault. Allowed values are Disabled, Enabled.
Type: | CrossRegionRestoreState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Cross subscription restore state of the vault. Allowed values are Disabled, Enabled, PermanentlyDisabled.
Type: | CrossSubscriptionRestoreState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Optional ETag.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The identityType can take values - "SystemAssigned", "UserAssigned", "SystemAssigned,UserAssigned", "None".
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Gets or sets the user assigned identities.
Type: | Hashtable |
Aliases: | UserAssignedIdentity, AssignUserIdentity |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Immutability state of the vault. Allowed values are Disabled, Unlocked, Locked.
Type: | ImmutabilityState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Resource location.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Resource Group Name of the backup vault
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Soft delete retention duration in days
Type: | Double |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Soft delete state of the vault. Allowed values are Off, On, AlwaysOn
Type: | SoftDeleteState |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Storage Settings of the vault. Use New-AzDataProtectionBackupVaultStorageSetting Cmdlet to Create. To construct, see NOTES section for STORAGESETTING properties and create a hash table.
Type: | IStorageSetting[] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Subscription Id of the vault
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Resource tags.
Type: | Hashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Name of the backup vault
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |