New-AzDataProtectionBackupVault

Module:

Az.DataProtection

Creates or updates a BackupVault resource belonging to a resource group.

Syntax

New-AzDataProtectionBackupVault
   -ResourceGroupName <String>
   -VaultName <String>
   -Location <String>
   -StorageSetting <IStorageSetting[]>
   [-SubscriptionId <String>]
   [-ETag <String>]
   [-IdentityType <String>]
   [-AzureMonitorAlertsForAllJobFailure <AlertsState>]
   [-ImmutabilityState <ImmutabilityState>]
   [-CrossRegionRestoreState <CrossRegionRestoreState>]
   [-CrossSubscriptionRestoreState <CrossSubscriptionRestoreState>]
   [-SoftDeleteRetentionDurationInDay <Double>]
   [-SoftDeleteState <SoftDeleteState>]
   [-Tag <Hashtable>]
   [-IdentityUserAssignedIdentity <Hashtable>]
   [-CmkEncryptionState <EncryptionState>]
   [-CmkInfrastructureEncryption <InfrastructureEncryptionState>]
   [-CmkIdentityType <IdentityType>]
   [-CmkUserAssignedIdentityId <String>]
   [-CmkEncryptionKeyUri <String>]
   [-DefaultProfile <PSObject>]
   [-AsJob]
   [-NoWait]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Creates or updates a BackupVault resource belonging to a resource group.

Examples

Example 1: Create a new backup vault

$sub = "xxxx-xxxx-xxxxx"
$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
New-AzDataProtectionBackupVault -SubscriptionId $sub -ResourceGroupName sarath-rg -VaultName "MyVault" -StorageSetting $storagesetting -Location westus

ETag IdentityPrincipalId IdentityTenantId IdentityType Location Name    Type
---- ------------------- ---------------- ------------ -------- ----    ----
                                                       westus   MyVault Microsoft.DataProtection/backupVaults

This command creates a new backup vault.

Example 2: Create a new backup vault with ImmutabilityState, CrossSubscriptionRestoreState, soft delete settings

$sub = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
New-AzDataProtectionBackupVault -SubscriptionId $sub -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -Location westus -StorageSetting $storagesetting -CrossSubscriptionRestoreState Enabled -ImmutabilityState Unlocked -SoftDeleteRetentionDurationInDay 100 -SoftDeleteState On

ETag IdentityPrincipalId IdentityTenantId IdentityType Location Name    Type
---- ------------------- ---------------- ------------ -------- ----    ----
                                                       westus   MyVault Microsoft.DataProtection/backupVaults

This command creates a new backup vault while setting Immutability state, cross subscription restore state, soft delete settings of the vault at creation time.

Example 3: Create a Backup Vault with CMK

$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
$userAssignedIdentity = @{
    "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami" = @{
        clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        principalId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    }
    "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami2" = @{
        clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        principalId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    }
}

$cmkIdentityId = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami"

$cmkKeyUri = "https://samplekvazbckp.vault.azure.net/keys/testkey/3cd5235ad6ac4c11b40a6f35444bcbe1"

New-AzDataProtectionBackupVault -SubscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -Location "location" -StorageSetting $storagesetting -IdentityType UserAssigned -UserAssignedIdentity $userAssignedIdentity -CmkEncryptionState Enabled -CmkIdentityType UserAssigned -CmkUserAssignedIdentityId $cmkIdentityId -CmkEncryptionKeyUri $cmkKeyUri -CmkInfrastructureEncryption Enabled

Name      Location   IdentityType
--------  --------   ------------
vaultName location   UserAssigned

This command creates a backup vault with CMK encryption enabled

Parameters

-AsJob

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-AzureMonitorAlertsForAllJobFailure

Parameter to Enable or Disable built-in azure monitor alerts for job failures. Security alerts cannot be disabled.

Type:	AlertsState
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CmkEncryptionKeyUri

The Key URI of the CMK key to be used for encryption. To enable auto-rotation of keys, exclude the version component from the Key URI.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CmkEncryptionState

Enable CMK encryption state for a Backup Vault.

Type:	EncryptionState
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CmkIdentityType

The identity type to be used for CMK encryption - SystemAssigned or UserAssigned Identity.

Type:	IdentityType
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CmkInfrastructureEncryption

Enable infrastructure encryption with CMK on this vault. Infrastructure encryption must be configured only when creating the vault.

Type:	InfrastructureEncryptionState
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CmkUserAssignedIdentityId

This parameter is required if the identity type is UserAssigned. Add the user assigned managed identity id to be used which has access permissions to the Key Vault.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CrossRegionRestoreState

Cross region restore state of the vault. Allowed values are Disabled, Enabled.

Type:	CrossRegionRestoreState
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CrossSubscriptionRestoreState

Cross subscription restore state of the vault. Allowed values are Disabled, Enabled, PermanentlyDisabled.

Type:	CrossSubscriptionRestoreState
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

Type:	PSObject
Aliases:	AzureRMContext, AzureCredential
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ETag

Optional ETag.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-IdentityType

The identityType can take values - "SystemAssigned", "UserAssigned", "SystemAssigned,UserAssigned", "None".

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-IdentityUserAssignedIdentity

Gets or sets the user assigned identities.

Type:	Hashtable
Aliases:	UserAssignedIdentity
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ImmutabilityState

Immutability state of the vault. Allowed values are Disabled, Unlocked, Locked.

Type:	ImmutabilityState
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Location

Resource location.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-NoWait

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ResourceGroupName

Resource Group Name of the backup vault

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-SoftDeleteRetentionDurationInDay

Soft delete retention duration in days

Type:	Double
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-SoftDeleteState

Soft delete state of the vault. Allowed values are Off, On, AlwaysOn

Type:	SoftDeleteState
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-StorageSetting

Storage Settings of the vault. Use New-AzDataProtectionBackupVaultStorageSetting Cmdlet to Create. To construct, see NOTES section for STORAGESETTING properties and create a hash table.

Type:	IStorageSetting[]
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-SubscriptionId

Subscription Id of the vault

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Tag

Resource tags.

Type:	Hashtable
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-VaultName

Name of the backup vault

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Outputs

PSObject