Set-AzStorageAccount

Modifies a Storage account.

Syntax

Set-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-Force]
   [-SkuName <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-StorageEncryption]
   [-AssignIdentity]
   [-UserAssignedIdentityId <String>]
   [-KeyVaultUserAssignedIdentityId <String>]
   [-IdentityType <String>]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-UpgradeToStorageV2]
   [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
   [-EnableLargeFileShare]
   [-PublishMicrosoftEndpoint <Boolean>]
   [-PublishInternetEndpoint <Boolean>]
   [-AllowBlobPublicAccess <Boolean>]
   [-MinimumTlsVersion <String>]
   [-AllowSharedKeyAccess <Boolean>]
   [-SasExpirationPeriod <TimeSpan>]
   [-KeyExpirationPeriodInDay <Int32>]
   [-AllowCrossTenantReplication <Boolean>]
   [-DefaultSharePermission <String>]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-RoutingChoice <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-Force]
   [-SkuName <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-KeyvaultEncryption]
   -KeyName <String>
   [-KeyVersion <String>]
   -KeyVaultUri <String>
   [-AssignIdentity]
   [-UserAssignedIdentityId <String>]
   [-KeyVaultUserAssignedIdentityId <String>]
   [-IdentityType <String>]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-UpgradeToStorageV2]
   [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
   [-EnableLargeFileShare]
   [-PublishMicrosoftEndpoint <Boolean>]
   [-PublishInternetEndpoint <Boolean>]
   [-AllowBlobPublicAccess <Boolean>]
   [-MinimumTlsVersion <String>]
   [-AllowSharedKeyAccess <Boolean>]
   [-SasExpirationPeriod <TimeSpan>]
   [-KeyExpirationPeriodInDay <Int32>]
   [-AllowCrossTenantReplication <Boolean>]
   [-DefaultSharePermission <String>]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-RoutingChoice <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzStorageAccount
   [-ResourceGroupName] <String>
   [-Name] <String>
   [-Force]
   [-SkuName <String>]
   [-AccessTier <String>]
   [-CustomDomainName <String>]
   [-UseSubDomain <Boolean>]
   [-Tag <Hashtable>]
   [-EnableHttpsTrafficOnly <Boolean>]
   [-AssignIdentity]
   [-UserAssignedIdentityId <String>]
   [-KeyVaultUserAssignedIdentityId <String>]
   [-IdentityType <String>]
   [-NetworkRuleSet <PSNetworkRuleSet>]
   [-UpgradeToStorageV2]
   [-EnableLargeFileShare]
   [-PublishMicrosoftEndpoint <Boolean>]
   [-PublishInternetEndpoint <Boolean>]
   -EnableActiveDirectoryDomainServicesForFile <Boolean>
   [-ActiveDirectoryDomainName <String>]
   [-ActiveDirectoryNetBiosDomainName <String>]
   [-ActiveDirectoryForestName <String>]
   [-ActiveDirectoryDomainGuid <String>]
   [-ActiveDirectoryDomainSid <String>]
   [-ActiveDirectoryAzureStorageSid <String>]
   [-AllowBlobPublicAccess <Boolean>]
   [-MinimumTlsVersion <String>]
   [-AllowSharedKeyAccess <Boolean>]
   [-SasExpirationPeriod <TimeSpan>]
   [-KeyExpirationPeriodInDay <Int32>]
   [-AllowCrossTenantReplication <Boolean>]
   [-DefaultSharePermission <String>]
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-RoutingChoice <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzStorageAccount cmdlet modifies an Azure Storage account. You can use this cmdlet to modify the account type, update a customer domain, or set tags on a Storage account.

Examples

Example 1: Set the Storage account type

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Type "Standard_RAGRS"

This command sets the Storage account type to Standard_RAGRS.

Example 2: Set a custom domain for a Storage account

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -CustomDomainName "www.contoso.com" -UseSubDomain $True

This command sets a custom domain for a Storage account.

Example 3: Set the access tier value

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -AccessTier Cool

The command sets the Access Tier value to be cool.

Example 4: Set the custom domain and tags

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -CustomDomainName "www.domainname.com" -UseSubDomain $true -Tag @{tag0="value0";tag1="value1";tag2="value2"}

The command sets the custom domain and tags for a Storage account.

Example 5: Set Encryption KeySource to Keyvault

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -AssignIdentity
PS C:\>$account = Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount"

PS C:\>$keyVault = New-AzKeyVault -VaultName "MyKeyVault" -ResourceGroupName "MyResourceGroup" -Location "EastUS2"
PS C:\>$key = Add-AzKeyVaultKey -VaultName "MyKeyVault" -Name "MyKey" -Destination 'Software'
PS C:\>Set-AzKeyVaultAccessPolicy -VaultName "MyKeyVault" -ObjectId $account.Identity.PrincipalId -PermissionsToKeys wrapkey,unwrapkey,get

# In case to enable key auto rotation, don't set KeyVersion
PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion $key.Version -KeyVaultUri $keyVault.VaultUri

# In case to enable key auto rotation after set keyvault proeprites with KeyVersion, can update account by set KeyVersion to empty
PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion "" -KeyVaultUri $keyVault.VaultUri

This command set Encryption KeySource with a new created Keyvault. If want to enable key auto rotation, don't set keyversion when set Keyvault properties for the first time, or clean up it by set keyvault properties again with keyversion as empty.

Example 6: Set Encryption KeySource to "Microsoft.Storage"

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -StorageEncryption

This command set Encryption KeySource to "Microsoft.Storage"

Example 7: Set NetworkRuleSet property of a Storage account with JSON

PS C:\>Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -NetworkRuleSet (@{bypass="Logging,Metrics";
    ipRules=(@{IPAddressOrRange="20.11.0.0/16";Action="allow"},
            @{IPAddressOrRange="10.0.0.0/7";Action="allow"});
    virtualNetworkRules=(@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1";Action="allow"},
                        @{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2";Action="allow"});
    defaultAction="allow"})

This command sets NetworkRuleSet property of a Storage account with JSON

Example 8: Get NetworkRuleSet property from a Storage account, and set it to another Storage account

PS C:\> $networkRuleSet = (Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount").NetworkRuleSet 
PS C:\> Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount2" -NetworkRuleSet $networkRuleSet

This first command gets NetworkRuleSet property from a Storage account, and the second command sets it to another Storage account

Example 9: Upgrade a Storage account with Kind "Storage" or "BlobStorage" to "StorageV2" kind Storage account

PS C:\> Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -UpgradeToStorageV2

The command upgrade a Storage account with Kind "Storage" or "BlobStorage" to "StorageV2" kind Storage account.

Example 10: Update a Storage account by enable Azure Files AAD DS Authentication and set DefaultSharePermission.

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -EnableAzureActiveDirectoryDomainServicesForFile $true -DefaultSharePermission StorageFileDataSmbShareOwner

PS C:\> $account.AzureFilesIdentityBasedAuth

DirectoryServiceOptions ActiveDirectoryProperties                                                      DefaultSharePermission      
----------------------- -------------------------                                                      ----------------------      
AADDS                   Microsoft.Azure.Commands.Management.Storage.Models.PSActiveDirectoryProperties StorageFileDataSmbShareOwner

The command update a Storage account by enable Azure Files AAD DS Authentication.

Example 11: Update a Storage account by enable Files Active Directory Domain Service Authentication, and then show the File Identity Based authentication setting

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -EnableActiveDirectoryDomainServicesForFile $true `
        -ActiveDirectoryDomainName "mydomain.com" `
        -ActiveDirectoryNetBiosDomainName "mydomain.com" `
        -ActiveDirectoryForestName "mydomain.com" `
        -ActiveDirectoryDomainGuid "12345678-1234-1234-1234-123456789012" `
        -ActiveDirectoryDomainSid "S-1-5-21-1234567890-1234567890-1234567890" `
        -ActiveDirectoryAzureStorageSid "S-1-5-21-1234567890-1234567890-1234567890-1234"
		
PS C:\> $account.AzureFilesIdentityBasedAuth.DirectoryServiceOptions
AD

PS C:\> $account.AzureFilesIdentityBasedAuth.ActiveDirectoryProperties

DomainName        : mydomain.com
NetBiosDomainName : mydomain.com
ForestName        : mydomain.com
DomainGuid        : 12345678-1234-1234-1234-123456789012
DomainSid         : S-1-5-21-1234567890-1234567890-1234567890
AzureStorageSid   : S-1-5-21-1234567890-1234567890-1234567890-1234

The command updates a Storage account by enable Azure Files Active Directory Domain Service Authentication, and then shows the File Identity Based authentication setting

Example 12: Set MinimumTlsVersion, AllowBlobPublicAccess and AllowSharedKeyAccess

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -MinimumTlsVersion TLS1_1 -AllowBlobPublicAccess $false -AllowSharedKeyAccess $true

PS C:\> $account.MinimumTlsVersion
TLS1_1

PS C:\> $account.AllowBlobPublicAccess
False

PS C:\> $a.AllowSharedKeyAccess
True

The command sets MinimumTlsVersion, AllowBlobPublicAccess and AllowSharedKeyAccess, and then show the the 3 properties of the account

Example 13: Update a Storage account with RoutingPreference setting

PS C:\>$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -PublishMicrosoftEndpoint $false -PublishInternetEndpoint $true -RoutingChoice InternetRouting

PS C:\>$account.RoutingPreference

RoutingChoice   PublishMicrosoftEndpoints PublishInternetEndpoints
-------------   ------------------------- ------------------------
InternetRouting                     False                     True

PS C:\>$account.PrimaryEndpoints

Blob               : https://mystorageaccount.blob.core.windows.net/
Queue              : https://mystorageaccount.queue.core.windows.net/
Table              : https://mystorageaccount.table.core.windows.net/
File               : https://mystorageaccount.file.core.windows.net/
Web                : https://mystorageaccount.z2.web.core.windows.net/
Dfs                : https://mystorageaccount.dfs.core.windows.net/
MicrosoftEndpoints : 
InternetEndpoints  : {"Blob":"https://mystorageaccount-internetrouting.blob.core.windows.net/","File":"https://mystorageaccount-internetrouting.file.core.windows.net/","Web":"https://mystorageaccount-internetrouting.z2.web.core.windows.net/","Dfs":"https://w
                     eirp3-internetrouting.dfs.core.windows.net/"}

This command updates a Storage account with RoutingPreference setting: PublishMicrosoftEndpoint as false, PublishInternetEndpoint as true, and RoutingChoice as MicrosoftRouting.

Example 14: Update a Storage account with KeyExpirationPeriod and SasExpirationPeriod

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount" -KeyExpirationPeriodInDay 5 -SasExpirationPeriod "1.12:05:06" -EnableHttpsTrafficOnly $true

PS C:\> $$account.KeyPolicy.KeyExpirationPeriodInDays
5

PS C:\> $$account.SasPolicy.SasExpirationPeriod
1.12:05:06

This command updates a Storage account with KeyExpirationPeriod and SasExpirationPeriod, then show the updated account related properties.

Example 15: Update a Storage account to Keyvault encryption, and access Keyvault with user assigned identity

# Create KeyVault (no need if using exist keyvault)
PS C:\> $keyVault = New-AzKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -Location eastus2euap -EnablePurgeProtection
PS C:\> $key = Add-AzKeyVaultKey -VaultName $keyvaultName -Name $keyname -Destination 'Software'

# create user assigned identity and grant access to keyvault (no need if using exist user assigned identity)
PS C:\> $userId = New-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $userIdName
PS C:\> Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ObjectId $userId.PrincipalId -PermissionsToKeys get,wrapkey,unwrapkey -BypassObjectIdValidation
PS C:\> $useridentityId= $userId.Id

# Update Storage account with Keyvault encryption and access Keyvault with user assigned identity, then show properties
PS C:\> $account = Update-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName `
                -IdentityType UserAssigned  -UserAssignedIdentityId $useridentityId  `
                -KeyVaultUri $keyVault.VaultUri -KeyName $keyname -KeyVaultUserAssignedIdentityId $useridentityId

PS C:\> $account.Encryption.EncryptionIdentity.EncryptionUserAssignedIdentity
/subscriptions/{subscription-id}/resourceGroups/myresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myuserid

PS C:\> $account.Encryption.KeyVaultProperties

KeyName                       : wrappingKey
KeyVersion                    : 
KeyVaultUri                   : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp      : 4/12/2021 8:17:57 AM

This command first creates a keyvault and a user assigned identity, then updates a storage account with keyvault encryption, the storage access access keyvault with the user assigned identity.

Example 16: Update a Keyvault encrypted Storage account, from access Keyvault with user assigned identity, to access Keyvault with system assigned identity

# Assign System identity to the account, and give the system assigned identity acces to the keyvault
PS C:\> $account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName  -IdentityType SystemAssignedUserAssigned
PS C:\> Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ObjectId $account.Identity.PrincipalId -PermissionsToKeys get,wrapkey,unwrapkey -BypassObjectIdValidation

# Update account from access Keyvault with user assigned identity to access Keyvault with system assigned identity
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -IdentityType SystemAssignedUserAssigned -KeyName $keyname -KeyVaultUri $keyvaultUri -KeyVaultUserAssignedIdentityId ""

# EncryptionUserAssignedIdentity is empty, so the account access keyvault with system assigned identity
PS C:\> $account.Encryption.EncryptionIdentity

EncryptionUserAssignedIdentity                                                                                                                 
------------------------------ 

PS C:\> $account.Encryption.KeyVaultProperties

KeyName                       : wrappingKey
KeyVersion                    : 
KeyVaultUri                   : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp      : 4/12/2021 8:17:57 AM

This command first assigns System identity to the account, and give the system assigned identity access to the keyvault; then updates the Storage account to access Keyvault with system assigned identity.

Example 17: Update both Keyvault and the user assigned identity to access keyvault

# Update to another user assigned identity
PS C:\> $account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -IdentityType SystemAssignedUserAssigned -UserAssignedIdentityId $useridentity2 -KeyVaultUserAssignedIdentityId $useridentity2

# Update to encrypt with another keyvault
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -KeyVaultUri $keyvaultUri2 -KeyName $keyname2 -KeyVersion $keyversion2

This command first update the user assigned identity to access keyvault, then update the keyvault for encryption. To update both both Keyvault and the user assigned identity, we need update with the above 2 steps.

Example 18: Update a Storage account with AllowCrossTenantReplication

PS C:\> $account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount" -AllowCrossTenantReplication $false -EnableHttpsTrafficOnly $true

PS C:\> $account.AllowCrossTenantReplication
False

This command updates a Storage account by set AllowCrossTenantReplication to false, then show the updated account related properties.

Parameters

-AccessTier

Specifies the access tier of the Storage account that this cmdlet modifies. The acceptable values for this parameter are: Hot and Cool. If you change the access tier, it may result in additional charges. For more information, see Azure Blob Storage: Hot and cool storage tiers. If the Storage account has Kind as StorageV2 or BlobStorage, you can specify the AccessTier parameter. If the Storage account has Kind as Storage, do not specify the AccessTier parameter.

Type:String
Accepted values:Hot, Cool
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryAzureStorageSid

Specifies the security identifier (SID) for Azure Storage. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainGuid

Specifies the domain GUID. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainName

Specifies the primary domain that the AD DNS server is authoritative for. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryDomainSid

Specifies the security identifier (SID). This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryForestName

Specifies the Active Directory forest to get. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ActiveDirectoryNetBiosDomainName

Specifies the NetBIOS domain name. This parameter must be set when -EnableActiveDirectoryDomainServicesForFile is set to true.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowBlobPublicAccess

Allow or disallow public access to all blobs or containers in the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowCrossTenantReplication

Gets or sets allow or disallow cross AAD tenant object replication. The default interpretation is true for this property.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowSharedKeyAccess

Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AssignIdentity

Generate and assign a new Storage account Identity for this Storage account for use with key management services like Azure KeyVault.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-CustomDomainName

Specifies the name of the custom domain.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultSharePermission

Default share permission for users using Kerberos authentication if RBAC role is not assigned.

Type:String
Accepted values:None, StorageFileDataSmbShareContributor, StorageFileDataSmbShareReader, StorageFileDataSmbShareElevatedContributor
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableActiveDirectoryDomainServicesForFile

Enable Azure Files Active Directory Domain Service Authentication for the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableAzureActiveDirectoryDomainServicesForFile

Enable Azure Files Active Directory Domain Service Authentication for the storage account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableHttpsTrafficOnly

Indicates whether or not the Storage account only enables HTTPS traffic.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableLargeFileShare

Indicates whether or not the storage account can support large file shares with more than 5 TiB capacity. Once the account is enabled, the feature cannot be disabled. Currently only supported for LRS and ZRS replication types, hence account conversions to geo-redundant accounts would not be possible. Learn more in https://go.microsoft.com/fwlink/?linkid=2086047

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the change to be written to the Storage account.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IdentityType

Set the new Storage Account Identity type, the idenetity is for use with key management services like Azure KeyVault.

Type:String
Accepted values:SystemAssigned, UserAssigned, SystemAssignedUserAssigned, None
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyExpirationPeriodInDay

The Key expiration period of this account, it is accurate to days.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyName

If using -KeyvaultEncryption to enable encryption with Key Vault, specify the Keyname property with this option.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyvaultEncryption

Indicates whether or not to use Microsoft KeyVault for the encryption keys when using Storage Service Encryption. If KeyName, KeyVersion, and KeyVaultUri are all set, KeySource will be set to Microsoft.Keyvault whether this parameter is set or not.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyVaultUri

When using Key Vault Encryption by specifying the -KeyvaultEncryption parameter, use this option to specify the URI to the Key Vault.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyVaultUserAssignedIdentityId

Set resource id for user assigned Identity used to access Azure KeyVault of Storage Account Encryption, the id must in the storage account's UserAssignIdentityId.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyVersion

When using Key Vault Encryption by specifying the -KeyvaultEncryption parameter, use this option to specify the URI to the Key Version.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-MinimumTlsVersion

The minimum TLS version to be permitted on requests to storage.

Type:String
Accepted values:TLS1_0, TLS1_1, TLS1_2
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Specifies the name of the Storage account to modify.

Type:String
Aliases:StorageAccountName, AccountName
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-NetworkRuleSet

NetworkRuleSet is used to define a set of configuration rules for firewalls and virtual networks, as well as to set values for network properties such as services allowed to bypass the rules and how to handle requests that don't match any of the defined rules.

Type:PSNetworkRuleSet
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PublishInternetEndpoint

Indicates whether internet routing storage endpoints are to be published

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PublishMicrosoftEndpoint

Indicates whether microsoft routing storage endpoints are to be published

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResourceGroupName

Specifies the name of the resource group in which to modify the Storage account.

Type:String
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-RoutingChoice

Routing Choice defines the kind of network routing opted by the user. Possible values include: 'MicrosoftRouting', 'InternetRouting'

Type:String
Accepted values:MicrosoftRouting, InternetRouting
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SasExpirationPeriod

The SAS expiration period of this account, it is a timespan and accurate to seconds.

Type:TimeSpan
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SkuName

Specifies the SKU name of the Storage account. The acceptable values for this parameter are:

  • Standard_LRS - Locally-redundant storage.
  • Standard_ZRS - Zone-redundant storage.
  • Standard_GRS - Geo-redundant storage.
  • Standard_RAGRS - Read access geo-redundant storage.
  • Premium_LRS - Premium locally-redundant storage.
  • Standard_GZRS - Geo-redundant zone-redundant storage.
  • Standard_RAGZRS - Read access geo-redundant zone-redundant storage. You cannot change Standard_ZRS and Premium_LRS types to other account types. You cannot change other account types to Standard_ZRS or Premium_LRS.
Type:String
Aliases:StorageAccountType, AccountType, Type
Accepted values:Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS, Standard_GZRS, Standard_RAGZRS
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-StorageEncryption

Indicates whether or not to set the Storage account encryption to use Microsoft-managed keys.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Tag

Key-value pairs in the form of a hash table set as tags on the server. For example: @{key0="value0";key1=$null;key2="value2"}

Type:Hashtable
Aliases:Tags
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-UpgradeToStorageV2

Upgrade Storage account Kind from Storage or BlobStorage to StorageV2.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UserAssignedIdentityId

Set resource ids for the the new Storage Account user assignedd Identity, the identity will be used with key management services like Azure KeyVault.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UseSubDomain

Indicates whether to enable indirect CName validation.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Hashtable

Outputs

PSStorageAccount