Set-AzStorageAccount

Modifies a Storage account.

Syntax

Set-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-Force]
   [-SkuName <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-StorageEncryption]
   [-AssignIdentity]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-UpgradeToStorageV2]
   [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
   [-EnableLargeFileShare]
   [-AllowBlobPublicAccess <Boolean>]
   [-MinimumTlsVersion <String>]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-Force]
   [-SkuName <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-KeyvaultEncryption]
   -KeyName <String>
   [-KeyVersion <String>]
   -KeyVaultUri <String>
   [-AssignIdentity]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-UpgradeToStorageV2]
   [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
   [-EnableLargeFileShare]
   [-AllowBlobPublicAccess <Boolean>]
   [-MinimumTlsVersion <String>]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-Force]
   [-SkuName <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-AssignIdentity]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-UpgradeToStorageV2]
   [-EnableLargeFileShare]
   -EnableActiveDirectoryDomainServicesForFile <Boolean>
   [-ActiveDirectoryDomainName <String>]
   [-ActiveDirectoryNetBiosDomainName <String>]
   [-ActiveDirectoryForestName <String>]
   [-ActiveDirectoryDomainGuid <String>]
   [-ActiveDirectoryDomainSid <String>]
   [-ActiveDirectoryAzureStorageSid <String>]
   [-AllowBlobPublicAccess <Boolean>]
   [-MinimumTlsVersion <String>]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzStorageAccount cmdlet modifies an Azure Storage account. You can use this cmdlet to modify the account type, update a customer domain, or set tags on a Storage account.

Examples

Example 1: Set the Storage account type

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Type "Standard_RAGRS"

This command sets the Storage account type to Standard_RAGRS.

Example 2: Set a custom domain for a Storage account

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -CustomDomainName "www.contoso.com" -UseSubDomain $True

This command sets a custom domain for a Storage account.

Example 3: Set the access tier value

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -AccessTier Cool

The command sets the Access Tier value to be cool.

Example 4: Set the custom domain and tags

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -CustomDomainName "www.domainname.com" -UseSubDomain $true -Tag @{tag0="value0";tag1="value1";tag2="value2"}

The command sets the custom domain and tags for a Storage account.

Example 5: Set Encryption KeySource to Keyvault

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -AssignIdentity
PS C:\>$account = Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount"

PS C:\>$keyVault = New-AzKeyVault -VaultName "MyKeyVault" -ResourceGroupName "MyResourceGroup" -Location "EastUS2"
PS C:\>$key = Add-AzKeyVaultKey -VaultName "MyKeyVault" -Name "MyKey" -Destination 'Software'
PS C:\>Set-AzKeyVaultAccessPolicy -VaultName "MyKeyVault" -ObjectId $account.Identity.PrincipalId -PermissionsToKeys wrapkey,unwrapkey,get

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion $key.Version -KeyVaultUri $keyVault.VaultUri

This command set Encryption KeySource with a new created Keyvault.

Example 6: Set Encryption KeySource to "Microsoft.Storage"

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -StorageEncryption

This command set Encryption KeySource to "Microsoft.Storage"

Example 7: Set NetworkRuleSet property of a Storage account with JSON

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -NetworkRuleSet (@{bypass="Logging,Metrics";
    ipRules=(@{IPAddressOrRange="20.11.0.0/16";Action="allow"},
            @{IPAddressOrRange="10.0.0.0/7";Action="allow"});
    virtualNetworkRules=(@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1";Action="allow"},
                        @{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2";Action="allow"});
    defaultAction="allow"})

This command sets NetworkRuleSet property of a Storage account with JSON

Example 8: Get NetworkRuleSet property from a Storage account, and set it to another Storage account

PS C:\> $networkRuleSet = (Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount").NetworkRuleSet 
PS C:\> Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount2" -NetworkRuleSet $networkRuleSet

This first command gets NetworkRuleSet property from a Storage account, and the second command sets it to another Storage account

Example 9: Upgrade a Storage account with Kind "Storage" or "BlobStorage" to "StorageV2" kind Storage account

PS C:\> Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -UpgradeToStorageV2

The command upgrade a Storage account with Kind "Storage" or "BlobStorage" to "StorageV2" kind Storage account.

Example 10: Update a Storage account by enable Azure Files AAD DS Authentication.

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -EnableAzureActiveDirectoryDomainServicesForFile $true PS

PS C:\> $account.AzureFilesIdentityBasedAuth.DirectoryServiceOptions
AADDS

The command update a Storage account by enable Azure Files AAD DS Authentication.

Example 11: Update a Storage account by enable Files Active Directory Domain Service Authentication, and then show the File Identity Based authentication setting

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -EnableActiveDirectoryDomainServicesForFile $true `
        -ActiveDirectoryDomainName "mydomain.com" `
        -ActiveDirectoryNetBiosDomainName "mydomain.com" `
        -ActiveDirectoryForestName "mydomain.com" `
        -ActiveDirectoryDomainGuid "12345678-1234-1234-1234-123456789012" `
        -ActiveDirectoryDomainSid "S-1-5-21-1234567890-1234567890-1234567890" `
        -ActiveDirectoryAzureStorageSid "S-1-5-21-1234567890-1234567890-1234567890-1234"
		
PS C:\> $account.AzureFilesIdentityBasedAuth.DirectoryServiceOptions
AD

PS C:\> $account.AzureFilesIdentityBasedAuth.ActiveDirectoryProperties

DomainName        : mydomain.com
NetBiosDomainName : mydomain.com
ForestName        : mydomain.com
DomainGuid        : 12345678-1234-1234-1234-123456789012
DomainSid         : S-1-5-21-1234567890-1234567890-1234567890
AzureStorageSid   : S-1-5-21-1234567890-1234567890-1234567890-1234

The command updates a Storage account by enable Azure Files Active Directory Domain Service Authentication, and then shows the File Identity Based authentication setting

Example 12: Set MinimumTlsVersion and AllowBlobPublicAccess

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -MinimumTlsVersion TLS1_1 -AllowBlobPublicAccess $false

PS C:\> $account.MinimumTlsVersion
TLS1_1

PS C:\> $account.AllowBlobPublicAccess
False

The command sets MinimumTlsVersion and AllowBlobPublicAccess, and then show the the 2 properties of the account

Parameters

-AccessTier

Specifies the access tier of the Storage account that this cmdlet modifies. The acceptable values for this parameter are: Hot and Cool. If you change the access tier, it may result in additional charges. For more information, see Azure Blob Storage: Hot and cool storage tiers. If the Storage account has Kind as StorageV2 or BlobStorage, you can specify the AccessTier parameter. If the Storage account has Kind as Storage, do not specify the AccessTier parameter.

Type:String
Accepted values:Hot, Cool
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryAzureStorageSid

Specifies the security identifier (SID) for Azure Storage. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainGuid

Specifies the domain GUID. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainName

Specifies the primary domain that the AD DNS server is authoritative for. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainSid

Specifies the security identifier (SID). This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryForestName

Specifies the Active Directory forest to get. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryNetBiosDomainName

Specifies the NetBIOS domain name. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowBlobPublicAccess

Allow or disallow public access to all blobs or containers in the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AssignIdentity

Generate and assign a new Storage account Identity for this Storage account for use with key management services like Azure KeyVault.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-CustomDomainName

Specifies the name of the custom domain.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableActiveDirectoryDomainServicesForFile

Enable Azure Files Active Directory Domain Service Authentication for the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableAzureActiveDirectoryDomainServicesForFile

Enable Azure Files Active Directory Domain Service Authentication for the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableHttpsTrafficOnly

Indicates whether or not the Storage account only enables HTTPS traffic.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableLargeFileShare

Indicates whether or not the storage account can support large file shares with more than 5 TiB capacity. Once the account is enabled, the feature cannot be disabled. Currently only supported for LRS and ZRS replication types, hence account conversions to geo-redundant accounts would not be possible. Learn more in https://go.microsoft.com/fwlink/?linkid=2086047

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the change to be written to the Storage account.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyName

If using -KeyvaultEncryption to enable encryption with Key Vault, specify the Keyname property with this option.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyvaultEncryption

Indicates whether or not to use Microsoft KeyVault for the encryption keys when using Storage Service Encryption. If KeyName, KeyVersion, and KeyVaultUri are all set, KeySource will be set to Microsoft.Keyvault whether this parameter is set or not.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyVaultUri

When using Key Vault Encryption by specifying the -KeyvaultEncryption parameter, use this option to specify the URI to the Key Vault.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyVersion

When using Key Vault Encryption by specifying the -KeyvaultEncryption parameter, use this option to specify the URI to the Key Version.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-MinimumTlsVersion

The minimum TLS version to be permitted on requests to storage.

Type:String
Accepted values:TLS1_0, TLS1_1, TLS1_2
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Specifies the name of the Storage account to modify.

Type:String
Aliases:StorageAccountName, AccountName
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-NetworkRuleSet

NetworkRuleSet is used to define a set of configuration rules for firewalls and virtual networks, as well as to set values for network properties such as services allowed to bypass the rules and how to handle requests that don't match any of the defined rules.

Type:PSNetworkRuleSet
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResourceGroupName

Specifies the name of the resource group in which to modify the Storage account.

Type:String
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-SkuName

Specifies the SKU name of the Storage account. The acceptable values for this parameter are:

  • Standard_LRS - Locally-redundant storage.
  • Standard_ZRS - Zone-redundant storage.
  • Standard_GRS - Geo-redundant storage.
  • Standard_RAGRS - Read access geo-redundant storage.
  • Premium_LRS - Premium locally-redundant storage.
  • Standard_GZRS - Geo-redundant zone-redundant storage.
  • Standard_RAGZRS - Read access geo-redundant zone-redundant storage. You cannot change Standard_ZRS and Premium_LRS types to other account types. You cannot change other account types to Standard_ZRS or Premium_LRS.
Type:String
Aliases:StorageAccountType, AccountType, Type
Accepted values:Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS, Standard_GZRS, Standard_RAGZRS
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-StorageEncryption

Indicates whether or not to set the Storage account encryption to use Microsoft-managed keys.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Tag

Key-value pairs in the form of a hash table set as tags on the server. For example: @{key0="value0";key1=$null;key2="value2"}

Type:Hashtable
Aliases:Tags
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-UpgradeToStorageV2

Upgrade Storage account Kind from Storage or BlobStorage to StorageV2.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UseSubDomain

Indicates whether to enable indirect CName validation.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Hashtable

Outputs

PSStorageAccount