Editar

Partilhar via


Set-AzVmssDiskEncryptionExtension

Enables disk encryption on a VM scale set.

Syntax

Set-AzVmssDiskEncryptionExtension
   [-ResourceGroupName] <String>
   [-VMScaleSetName] <String>
   [-DiskEncryptionKeyVaultUrl] <String>
   [-DiskEncryptionKeyVaultId] <String>
   [-KeyEncryptionKeyUrl <String>]
   [-KeyEncryptionKeyVaultId <String>]
   [-KeyEncryptionAlgorithm <String>]
   [-VolumeType <String>]
   [-ForceUpdate]
   [-TypeHandlerVersion <String>]
   [-ExtensionPublisherName <String>]
   [-ExtensionName <String>]
   [-ExtensionType <String>]
   [-EncryptFormatAll]
   [-Passphrase <String>]
   [-Force]
   [-DisableAutoUpgradeMinorVersion]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzVmssDiskEncryptionExtension cmdlet enables encryption on a VM scale set. This cmdlet enables encryption by installing the disk encryption extension on the VM scale set.

For Linux virtual machines, the VolumeType parameter must be present and must be set to "Data"

Examples

Example 1

$RGName = "MyResourceGroup"
$VmssName = "MyTestVmss"
$VaultName= "MyKeyVault"
$KeyVault = Get-AzKeyVault -VaultName $VaultName -ResourceGroupName $RGName
$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
$KeyVaultResourceId = $KeyVault.ResourceId

Set-AzVmssDiskEncryptionExtension -ResourceGroupName $RGName -VMScaleSetName $VmssName -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId

This command enables encryption on all disks of all Windows VMs in a VM scale set.

Example 2

$RGName = "MyResourceGroup"
$VmssName = "MyTestVmss"
$VaultName= "MyKeyVault"
$KeyVault = Get-AzKeyVault -VaultName $VaultName -ResourceGroupName $RGName
$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
$KeyVaultResourceId = $KeyVault.ResourceId
$VolumeType = "Data"

Set-AzVmssDiskEncryptionExtension -ResourceGroupName $RGName -VMScaleSetName $VmssName -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId `
 -VolumeType $volumeType

This command enables encryption on the data disks of all Linux VMs in a VM scale set.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAutoUpgradeMinorVersion

Disable auto-upgrade of minor version

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DiskEncryptionKeyVaultId

ResourceID of the KeyVault where generated encryption key will be placed to

Type:String
Position:3
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DiskEncryptionKeyVaultUrl

URL of the KeyVault where generated encryption key will be placed to

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-EncryptFormatAll

EncryptFormatAll data drives that are not already encrypted

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExtensionName

The extension name. If this parameter is not specified, default values used are AzureDiskEncryption for Windows VMs and AzureDiskEncryptionForLinux for Linux VMs

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ExtensionPublisherName

The extension publisher name. If this parameter is not specified, default value is Microsoft.Azure.Security for Windows VMs and Linux VMs

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ExtensionType

The extension type. Specify this parameter to override its default value of "AzureDiskEncryption" for Windows VMs and "AzureDiskEncryptionForLinux" for Linux VMs.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Force

To force enabling encryption on the virtual machine scale set.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceUpdate

Generate a tag for force update. This should be given to perform repeated encryption operations on the same VM.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-KeyEncryptionAlgorithm

KeyEncryption Algorithm used to encrypt the volume encryption key

Type:String
Accepted values:RSA-OAEP, RSA1_5
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-KeyEncryptionKeyUrl

Versioned KeyVault URL of the KeyEncryptionKey used to encrypt the disk encryption key

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-KeyEncryptionKeyVaultId

ResourceID of the KeyVault containing the KeyEncryptionKey used to encrypt the disk encryption key

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Passphrase

The passphrase specified in parameters. This parameter only works for Linux VM.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

The resource group name to which the VM Scale Set belongs to

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-TypeHandlerVersion

The type handler version.

Type:String
Aliases:HandlerVersion, Version
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VMScaleSetName

Name of the virtual machine scale set

Type:String
Aliases:Name
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-VolumeType

Specifies the type of virtual machine volumes on which to perform encryption operation: OS, Data, or All.

Linux: The VolumeType parameter must be present and must be set to Data.

Windows: The VolumeType parameter, if present, must be set to either All or OS. If the VolumeType parameter is omitted it defaults to "All".

Type:String
Accepted values:OS, Data, All
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

SwitchParameter

Outputs

PSVirtualMachineScaleSetExtension