New-AzStorageAccount

Module:
Az.Storage

Creates a Storage account.

Syntax

New-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-SkuName] <String>
   [-Location] <String>
   [-Kind <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-AssignIdentity]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-EnableHierarchicalNamespace <Boolean>]
   [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
   [-EnableLargeFileShare]
   [-PublishMicrosoftEndpoint <Boolean>]
   [-PublishInternetEndpoint <Boolean>]
   [-AsJob]
   [-EncryptionKeyTypeForTable <String>]
   [-EncryptionKeyTypeForQueue <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-RoutingChoice <String>]
   [<CommonParameters>]
New-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-SkuName] <String>
   [-Location] <String>
   [-Kind <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-AssignIdentity]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-EnableHierarchicalNamespace <Boolean>]
   [-EnableLargeFileShare]
   [-PublishMicrosoftEndpoint <Boolean>]
   [-PublishInternetEndpoint <Boolean>]
   [-EnableActiveDirectoryDomainServicesForFile <Boolean>]
   [-ActiveDirectoryDomainName <String>]
   [-ActiveDirectoryNetBiosDomainName <String>]
   [-ActiveDirectoryForestName <String>]
   [-ActiveDirectoryDomainGuid <String>]
   [-ActiveDirectoryDomainSid <String>]
   [-ActiveDirectoryAzureStorageSid <String>]
   [-AsJob]
   [-EncryptionKeyTypeForTable <String>]
   [-EncryptionKeyTypeForQueue <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-RoutingChoice <String>]
   [<CommonParameters>]

Description

The New-AzStorageAccount cmdlet creates an Azure Storage account.

Examples

Example 1: Create a Storage account

PS C:\>New-AzStorageAccount -ResourceGroupName MyResourceGroup -AccountName mystorageaccount -Location westus -SkuName Standard_GRS

This command creates a Storage account for the resource group name MyResourceGroup.

Example 2: Create a Blob Storage account with BlobStorage Kind and hot AccessTier

PS C:\>New-AzStorageAccount -ResourceGroupName MyResourceGroup -AccountName mystorageaccount -Location westus -SkuName Standard_GRS -Kind BlobStorage -AccessTier Hot

This command creates a Blob Storage account that with BlobStorage Kind and hot AccessTier

Example 3: Create a Storage account with Kind StorageV2, and Generate and Assign an Identity for Azure KeyVault.

PS C:\>New-AzStorageAccount -ResourceGroupName MyResourceGroup -AccountName mystorageaccount -Location westus -SkuName Standard_GRS -Kind StorageV2 -AssignIdentity

This command creates a Storage account with Kind StorageV2. It also generates and assigns an identity that can be used to manage account keys through Azure KeyVault.

Example 4: Create a Storage account with NetworkRuleSet from JSON

PS C:\>New-AzStorageAccount -ResourceGroupName MyResourceGroup -AccountName mystorageaccount -Location westus -Type Standard_LRS -NetworkRuleSet (@{bypass="Logging,Metrics";
    ipRules=(@{IPAddressOrRange="20.11.0.0/16";Action="allow"},
            @{IPAddressOrRange="10.0.0.0/7";Action="allow"});
    virtualNetworkRules=(@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1";Action="allow"},
                        @{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2";Action="allow"});
    defaultAction="Deny"})

This command creates a Storage account that has NetworkRuleSet property from JSON

Example 5: Create a Storage account with Hierarchical Namespace enabled.

PS C:\>New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "US West" -SkuName "Standard_GRS" -Kind StorageV2  -EnableHierarchicalNamespace $true

This command creates a Storage account with Hierarchical Namespace enabled.

Example 6: Create a Storage account with Azure Files AAD DS Authentication, and enable large file share.

PS C:\>New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2  -EnableAzureActiveDirectoryDomainServicesForFile $true -EnableLargeFileShare

This command creates a Storage account with Azure Files AAD DS Authentication, and enable large file share.

Example 7: Create a Storage account with enable Files Active Directory Domain Service Authentication.

PS C:\>New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2  -EnableActiveDirectoryDomainServicesForFile $true `
        -ActiveDirectoryDomainName "mydomain.com" `
        -ActiveDirectoryNetBiosDomainName "mydomain.com" `
        -ActiveDirectoryForestName "mydomain.com" `
        -ActiveDirectoryDomainGuid "12345678-1234-1234-1234-123456789012" `
        -ActiveDirectoryDomainSid "S-1-5-21-1234567890-1234567890-1234567890" `
        -ActiveDirectoryAzureStorageSid "S-1-5-21-1234567890-1234567890-1234567890-1234"

This command creates a Storage account withenable Files Active Directory Domain Service Authentication.

Example 8: Create a Storage account with Queue and Table Service use account-scoped encryption key, and Require Infrastructure Encryption.

PS C:\>New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2  -EncryptionKeyTypeForTable Account -EncryptionKeyTypeForQueue Account -RequireInfrastructureEncryption

PS C:\>$account = get-AzStorageAccount -ResourceGroupName $rgname -StorageAccountName $accountName

PS C:\>$account.Encryption.Services.Queue

Enabled LastEnabledTime     KeyType
------- ---------------     -------
   True 1/9/2020 6:09:11 AM Account

PS C:\>$account.Encryption.Services.Table

Enabled LastEnabledTime     KeyType
------- ---------------     -------
   True 1/9/2020 6:09:11 AM Account

PS C:\> $account.Encryption.RequireInfrastructureEncryption
True

This command creates a Storage account with Queue and Table Service use account-scoped encryption key and Require Infrastructure Encryption, so Queue and Table will use same encryption key with Blob and File service, and the service will apply a secondary layer of encryption with platform managed keys for data at rest. Then get the Storage account properties, and view the encryption keytype of Queue and Table Service, and RequireInfrastructureEncryption value.

Example 9: Create account MinimumTlsVersion and AllowBlobPublicAccess

PS C:\> $account = New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2 -MinimumTlsVersion TLS1_1 -AllowBlobPublicAccess $false

PS C:\> $account.MinimumTlsVersion
TLS1_1

PS C:\> $account.AllowBlobPublicAccess
False

The command create account with MinimumTlsVersion and AllowBlobPublicAccess, and then show the the 2 properties of the created account

Example 10: Create a Storage account with RoutingPreference setting

PS C:\>$account = New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -PublishMicrosoftEndpoint $true -PublishInternetEndpoint $true -RoutingChoice MicrosoftRouting

PS C:\>$account.RoutingPreference

RoutingChoice    PublishMicrosoftEndpoints PublishInternetEndpoints
-------------    ------------------------- ------------------------
MicrosoftRouting                     True                     True

PS C:\>$account.PrimaryEndpoints

Blob               : https://mystorageaccount.blob.core.windows.net/
Queue              : https://mystorageaccount.queue.core.windows.net/
Table              : https://mystorageaccount.table.core.windows.net/
File               : https://mystorageaccount.file.core.windows.net/
Web                : https://mystorageaccount.z2.web.core.windows.net/
Dfs                : https://mystorageaccount.dfs.core.windows.net/
MicrosoftEndpoints : {"Blob":"https://mystorageaccount-microsoftrouting.blob.core.windows.net/","Queue":"https://mystorageaccount-microsoftrouting.queue.core.windows.net/","Table":"https://mystorageaccount-microsoftrouting.table.core.windows.net/","File":"ht
                     tps://mystorageaccount-microsoftrouting.file.core.windows.net/","Web":"https://mystorageaccount-microsoftrouting.z2.web.core.windows.net/","Dfs":"https://mystorageaccount-microsoftrouting.dfs.core.windows.net/"}
InternetEndpoints  : {"Blob":"https://mystorageaccount-internetrouting.blob.core.windows.net/","File":"https://mystorageaccount-internetrouting.file.core.windows.net/","Web":"https://mystorageaccount-internetrouting.z2.web.core.windows.net/","Dfs":"https://w
                     eirp3-internetrouting.dfs.core.windows.net/"}

This command creates a Storage account with RoutingPreference setting: PublishMicrosoftEndpoint and PublishInternetEndpoint as true, and RoutingChoice as MicrosoftRouting.

Parameters

-AccessTier

Specifies the access tier of the Storage account that this cmdlet creates. The acceptable values for this parameter are: Hot and Cool. If you specify a value of BlobStorage for the Kind parameter, you must specify a value for the AccessTier parameter. If you specify a value of Storage for this Kind parameter, do not specify the AccessTier parameter.

Type:String
Accepted values:Hot, Cool
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryAzureStorageSid

Specifies the security identifier (SID) for Azure Storage. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainGuid

Specifies the domain GUID. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainName

Specifies the primary domain that the AD DNS server is authoritative for. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainSid

Specifies the security identifier (SID). This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryForestName

Specifies the Active Directory forest to get. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryNetBiosDomainName

Specifies the NetBIOS domain name. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowBlobPublicAccess

Allow public access to all blobs or containers in the storage account. The default interpretation is true for this property.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AssignIdentity

Generate and assign a new Storage account Identity for this Storage account for use with key management services like Azure KeyVault.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CustomDomainName

Specifies the name of the custom domain of the Storage account. The default value is Storage.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableActiveDirectoryDomainServicesForFile

Enable Azure Files Active Directory Domain Service Authentication for the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableAzureActiveDirectoryDomainServicesForFile

Enable Azure Files Azure Active Directory Domain Service Authentication for the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableHierarchicalNamespace

Indicates whether or not the Storage account enables Hierarchical Namespace.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableHttpsTrafficOnly

Indicates whether or not the Storage account only enables HTTPS traffic.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableLargeFileShare

Indicates whether or not the storage account can support large file shares with more than 5 TiB capacity. Once the account is enabled, the feature cannot be disabled. Currently only supported for LRS and ZRS replication types, hence account conversions to geo-redundant accounts would not be possible. Learn more in https://go.microsoft.com/fwlink/?linkid=2086047

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EncryptionKeyTypeForQueue

Set the Encryption KeyType for Queue. The default value is Service. -Account: Queue will be encrypted with account-scoped encryption key. -Service: Queue will always be encrypted with Service-Managed keys.

Type:String
Accepted values:Service, Account
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EncryptionKeyTypeForTable

Set the Encryption KeyType for Table. The default value is Service.

  • Account: Table will be encrypted with account-scoped encryption key.
  • Service: Table will always be encrypted with Service-Managed keys.
Type:String
Accepted values:Service, Account
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Kind

Specifies the kind of Storage account that this cmdlet creates. The acceptable values for this parameter are:

  • Storage. General purpose Storage account that supports storage of Blobs, Tables, Queues, Files and Disks.
  • StorageV2. General Purpose Version 2 (GPv2) Storage account that supports Blobs, Tables, Queues, Files, and Disks, with advanced features like data tiering.
  • BlobStorage. Blob Storage account which supports storage of Blobs only.
  • BlockBlobStorage. Block Blob Storage account which supports storage of Block Blobs only.
  • FileStorage. File Storage account which supports storage of Files only. The default value is StorageV2.
Type:String
Accepted values:Storage, StorageV2, BlobStorage, BlockBlobStorage, FileStorage
Position:Named
Default value:StorageV2
Accept pipeline input:False
Accept wildcard characters:False
-Location

Specifies the location of the Storage account to create.

Type:String
Position:3
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-MinimumTlsVersion

The minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.

Type:String
Accepted values:TLS1_0, TLS1_1, TLS1_2
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Specifies the name of the Storage account to create.

Type:String
Aliases:StorageAccountName, AccountName
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-NetworkRuleSet

NetworkRuleSet is used to define a set of configuration rules for firewalls and virtual networks, as well as to set values for network properties such as services allowed to bypass the rules and how to handle requests that don't match any of the defined rules.

Type:PSNetworkRuleSet
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PublishInternetEndpoint

Indicates whether internet routing storage endpoints are to be published

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PublishMicrosoftEndpoint

Indicates whether microsoft routing storage endpoints are to be published

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResourceGroupName

Specifies the name of the resource group in which to add the Storage account.

Type:String
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-RoutingChoice

Routing Choice defines the kind of network routing opted by the user. Possible values include: 'MicrosoftRouting', 'InternetRouting'

Type:String
Accepted values:MicrosoftRouting, InternetRouting
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SkuName

Specifies the SKU name of the Storage account that this cmdlet creates. The acceptable values for this parameter are:

  • Standard_LRS. Locally-redundant storage.
  • Standard_ZRS. Zone-redundant storage.
  • Standard_GRS. Geo-redundant storage.
  • Standard_RAGRS. Read access geo-redundant storage.
  • Premium_LRS. Premium locally-redundant storage.
  • Premium_ZRS. Premium zone-redundant storage.
  • Standard_GZRS - Geo-redundant zone-redundant storage.
  • Standard_RAGZRS - Read access geo-redundant zone-redundant storage.
Type:String
Aliases:StorageAccountType, AccountType, Type
Accepted values:Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS, Premium_ZRS, Standard_GZRS, Standard_RAGZRS
Position:2
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-Tag

Key-value pairs in the form of a hash table set as tags on the server. For example: @{key0="value0";key1=$null;key2="value2"}

Type:Hashtable
Aliases:Tags
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UseSubDomain

Indicates whether to enable indirect CName validation.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

PSStorageAccount