Set-AzStorageAccount

Set-AzStorageAccount
    [-ResourceGroupName] <String>
    [-Name] <String>
    [-Force]
    [-SkuName <String>]
    [-AccessTier <String>]
    [-CustomDomainName <String>]
    [-UseSubDomain <Boolean>]
    [-Tag <Hashtable>]
    [-EnableHttpsTrafficOnly <Boolean>]
    [-StorageEncryption]
    [-AssignIdentity]
    [-UserAssignedIdentityId <String>]
    [-KeyVaultUserAssignedIdentityId <String>]
    [-KeyVaultFederatedClientId <String>]
    [-IdentityType <String>]
    [-NetworkRuleSet <PSNetworkRuleSet>]
    [-UpgradeToStorageV2]
    [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
    [-EnableLargeFileShare]
    [-PublishMicrosoftEndpoint <Boolean>]
    [-PublishInternetEndpoint <Boolean>]
    [-EnableSmbOAuth <Boolean>]
    [-AllowBlobPublicAccess <Boolean>]
    [-MinimumTlsVersion <String>]
    [-AllowSharedKeyAccess <Boolean>]
    [-SasExpirationPeriod <TimeSpan>]
    [-SasExpirationAction <String>]
    [-KeyExpirationPeriodInDay <Int32>]
    [-AllowCrossTenantReplication <Boolean>]
    [-DefaultSharePermission <String>]
    [-PublicNetworkAccess <String>]
    [-ImmutabilityPeriod <Int32>]
    [-ImmutabilityPolicyState <String>]
    [-EnableSftp <Boolean>]
    [-EnableLocalUser <Boolean>]
    [-AllowedCopyScope <String>]
    [-Zone <String[]>]
    [-ZonePlacementPolicy <String>]
    [-EnableBlobGeoPriorityReplication <Boolean>]
    [-AsJob]
    [-DefaultProfile <IAzureContextContainer>]
    [-RoutingChoice <String>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzStorageAccount
    [-ResourceGroupName] <String>
    [-Name] <String>
    -KeyName <String>
    -KeyVaultUri <String>
    [-Force]
    [-SkuName <String>]
    [-AccessTier <String>]
    [-CustomDomainName <String>]
    [-UseSubDomain <Boolean>]
    [-Tag <Hashtable>]
    [-EnableHttpsTrafficOnly <Boolean>]
    [-KeyvaultEncryption]
    [-KeyVersion <String>]
    [-AssignIdentity]
    [-UserAssignedIdentityId <String>]
    [-KeyVaultUserAssignedIdentityId <String>]
    [-KeyVaultFederatedClientId <String>]
    [-IdentityType <String>]
    [-NetworkRuleSet <PSNetworkRuleSet>]
    [-UpgradeToStorageV2]
    [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
    [-EnableLargeFileShare]
    [-PublishMicrosoftEndpoint <Boolean>]
    [-PublishInternetEndpoint <Boolean>]
    [-EnableSmbOAuth <Boolean>]
    [-AllowBlobPublicAccess <Boolean>]
    [-MinimumTlsVersion <String>]
    [-AllowSharedKeyAccess <Boolean>]
    [-SasExpirationPeriod <TimeSpan>]
    [-SasExpirationAction <String>]
    [-KeyExpirationPeriodInDay <Int32>]
    [-AllowCrossTenantReplication <Boolean>]
    [-DefaultSharePermission <String>]
    [-PublicNetworkAccess <String>]
    [-ImmutabilityPeriod <Int32>]
    [-ImmutabilityPolicyState <String>]
    [-EnableSftp <Boolean>]
    [-EnableLocalUser <Boolean>]
    [-AllowedCopyScope <String>]
    [-Zone <String[]>]
    [-ZonePlacementPolicy <String>]
    [-EnableBlobGeoPriorityReplication <Boolean>]
    [-AsJob]
    [-DefaultProfile <IAzureContextContainer>]
    [-RoutingChoice <String>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzStorageAccount
    [-ResourceGroupName] <String>
    [-Name] <String>
    [-Force]
    [-SkuName <String>]
    [-AccessTier <String>]
    [-CustomDomainName <String>]
    [-UseSubDomain <Boolean>]
    [-Tag <Hashtable>]
    [-EnableHttpsTrafficOnly <Boolean>]
    [-AssignIdentity]
    [-UserAssignedIdentityId <String>]
    [-KeyVaultUserAssignedIdentityId <String>]
    [-KeyVaultFederatedClientId <String>]
    [-IdentityType <String>]
    [-NetworkRuleSet <PSNetworkRuleSet>]
    [-UpgradeToStorageV2]
    [-EnableLargeFileShare]
    [-PublishMicrosoftEndpoint <Boolean>]
    [-PublishInternetEndpoint <Boolean>]
    [-EnableAzureActiveDirectoryKerberosForFile <Boolean>]
    [-ActiveDirectoryDomainName <String>]
    [-ActiveDirectoryDomainGuid <String>]
    [-EnableSmbOAuth <Boolean>]
    [-AllowBlobPublicAccess <Boolean>]
    [-MinimumTlsVersion <String>]
    [-AllowSharedKeyAccess <Boolean>]
    [-SasExpirationPeriod <TimeSpan>]
    [-SasExpirationAction <String>]
    [-KeyExpirationPeriodInDay <Int32>]
    [-AllowCrossTenantReplication <Boolean>]
    [-DefaultSharePermission <String>]
    [-PublicNetworkAccess <String>]
    [-ImmutabilityPeriod <Int32>]
    [-ImmutabilityPolicyState <String>]
    [-EnableSftp <Boolean>]
    [-EnableLocalUser <Boolean>]
    [-AllowedCopyScope <String>]
    [-Zone <String[]>]
    [-ZonePlacementPolicy <String>]
    [-EnableBlobGeoPriorityReplication <Boolean>]
    [-AsJob]
    [-DefaultProfile <IAzureContextContainer>]
    [-RoutingChoice <String>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzStorageAccount
    [-ResourceGroupName] <String>
    [-Name] <String>
    -EnableActiveDirectoryDomainServicesForFile <Boolean>
    [-Force]
    [-SkuName <String>]
    [-AccessTier <String>]
    [-CustomDomainName <String>]
    [-UseSubDomain <Boolean>]
    [-Tag <Hashtable>]
    [-EnableHttpsTrafficOnly <Boolean>]
    [-AssignIdentity]
    [-UserAssignedIdentityId <String>]
    [-KeyVaultUserAssignedIdentityId <String>]
    [-KeyVaultFederatedClientId <String>]
    [-IdentityType <String>]
    [-NetworkRuleSet <PSNetworkRuleSet>]
    [-UpgradeToStorageV2]
    [-EnableLargeFileShare]
    [-PublishMicrosoftEndpoint <Boolean>]
    [-PublishInternetEndpoint <Boolean>]
    [-ActiveDirectoryDomainName <String>]
    [-ActiveDirectoryNetBiosDomainName <String>]
    [-ActiveDirectoryForestName <String>]
    [-ActiveDirectoryDomainGuid <String>]
    [-ActiveDirectoryDomainSid <String>]
    [-ActiveDirectoryAzureStorageSid <String>]
    [-ActiveDirectorySamAccountName <String>]
    [-ActiveDirectoryAccountType <String>]
    [-EnableSmbOAuth <Boolean>]
    [-AllowBlobPublicAccess <Boolean>]
    [-MinimumTlsVersion <String>]
    [-AllowSharedKeyAccess <Boolean>]
    [-SasExpirationPeriod <TimeSpan>]
    [-SasExpirationAction <String>]
    [-KeyExpirationPeriodInDay <Int32>]
    [-AllowCrossTenantReplication <Boolean>]
    [-DefaultSharePermission <String>]
    [-PublicNetworkAccess <String>]
    [-ImmutabilityPeriod <Int32>]
    [-ImmutabilityPolicyState <String>]
    [-EnableSftp <Boolean>]
    [-EnableLocalUser <Boolean>]
    [-AllowedCopyScope <String>]
    [-Zone <String[]>]
    [-ZonePlacementPolicy <String>]
    [-EnableBlobGeoPriorityReplication <Boolean>]
    [-AsJob]
    [-DefaultProfile <IAzureContextContainer>]
    [-RoutingChoice <String>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

O cmdlet Set-AzStorageAccount modifica uma conta de Armazenamento do Azure. Você pode usar esse cmdlet para modificar o tipo de conta, atualizar um domínio do cliente ou definir marcas em uma conta de Armazenamento.

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -SkuName "Standard_RAGRS"

Esse comando define o tipo de conta de armazenamento como Standard_RAGRS.

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -CustomDomainName "www.contoso.com" -UseSubDomain $true

Esse comando define um domínio personalizado para uma conta de Armazenamento.

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -AccessTier Cool

O comando define o valor da Camada de Acesso como esporádico.

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -CustomDomainName "www.domainname.com" -UseSubDomain $true -Tag @{tag0="value0";tag1="value1";tag2="value2"}

O comando define o domínio personalizado e as marcas de uma conta de Armazenamento.

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -AssignIdentity
$account = Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount"

$keyVault = New-AzKeyVault -VaultName "MyKeyVault" -ResourceGroupName "MyResourceGroup" -Location "EastUS2"
$key = Add-AzKeyVaultKey -VaultName "MyKeyVault" -Name "MyKey" -Destination 'Software'
Set-AzKeyVaultAccessPolicy -VaultName "MyKeyVault" -ObjectId $account.Identity.PrincipalId -PermissionsToKeys wrapkey,unwrapkey,get

# In case to enable key auto rotation, don't set KeyVersion
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion $key.Version -KeyVaultUri $keyVault.VaultUri

# In case to enable key auto rotation after set keyvault properties with KeyVersion, can update account by set KeyVersion to empty
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion "" -KeyVaultUri $keyVault.VaultUri

Este comando define o Encryption KeySource com um novo Keyvault criado. Se quiser habilitar a rotação automática de chaves, não defina a keyversion quando definir as propriedades do Keyvault pela primeira vez ou limpe-a definindo as propriedades de keyvault novamente com keyversion como vazias.

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -StorageEncryption

Este comando define o Encryption KeySource como "Microsoft.Storage"

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -NetworkRuleSet (@{bypass="Logging,Metrics";
    ipRules=(@{IPAddressOrRange="20.11.0.0/16";Action="allow"},
            @{IPAddressOrRange="10.0.0.0/7";Action="allow"});
    virtualNetworkRules=(@{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1";Action="allow"},
                        @{VirtualNetworkResourceId="/subscriptions/s1/resourceGroups/g1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/subnet2";Action="allow"});
    defaultAction="allow"})

Este comando define a propriedade NetworkRuleSet de uma conta de armazenamento com JSON

$networkRuleSet = (Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount").NetworkRuleSet
Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount2" -NetworkRuleSet $networkRuleSet

Este primeiro comando obtém a propriedade NetworkRuleSet de uma conta de Armazenamento e o segundo comando a define como outra conta de Armazenamento

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -UpgradeToStorageV2

O comando atualiza uma conta de armazenamento com o tipo "Armazenamento" ou "BlobStorage" para a conta de armazenamento do tipo "StorageV2".

$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -EnableAzureActiveDirectoryDomainServicesForFile $true -DefaultSharePermission StorageFileDataSmbShareContributor

$account.AzureFilesIdentityBasedAuth

DirectoryServiceOptions ActiveDirectoryProperties                                                      DefaultSharePermission
----------------------- -------------------------                                                      ----------------------
AADDS                   Microsoft.Azure.Commands.Management.Storage.Models.PSActiveDirectoryProperties StorageFileDataSmbShareContributor

O comando atualiza uma conta de Armazenamento habilitando a Autenticação do Microsoft Entra Domain Services dos Arquivos do Azure.

$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -EnableActiveDirectoryDomainServicesForFile $true `
        -ActiveDirectoryDomainName "mydomain.com" `
        -ActiveDirectoryNetBiosDomainName "mydomain.com" `
        -ActiveDirectoryForestName "mydomain.com" `
        -ActiveDirectoryDomainGuid "12345678-1234-1234-1234-123456789012" `
        -ActiveDirectoryDomainSid "S-1-5-21-1234567890-1234567890-1234567890" `
        -ActiveDirectoryAzureStorageSid "S-1-5-21-1234567890-1234567890-1234567890-1234" `
        -ActiveDirectorySamAccountName "samaccountname" `
        -ActiveDirectoryAccountType Computer

$account.AzureFilesIdentityBasedAuth.DirectoryServiceOptions
AD

$account.AzureFilesIdentityBasedAuth.ActiveDirectoryProperties

DomainName        : mydomain.com
NetBiosDomainName : mydomain.com
ForestName        : mydomain.com
DomainGuid        : 12345678-1234-1234-1234-123456789012
DomainSid         : S-1-5-21-1234567890-1234567890-1234567890
AzureStorageSid   : S-1-5-21-1234567890-1234567890-1234567890-1234
SamAccountName    : samaccountname
AccountType       : Computer

O comando atualiza uma conta de Armazenamento habilitando a Autenticação do Serviço de Domínio do Active Directory dos Arquivos do Azure e mostra a configuração de autenticação baseada em identidade de arquivo

$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -MinimumTlsVersion TLS1_1 -AllowBlobPublicAccess $false -AllowSharedKeyAccess $true

$account.MinimumTlsVersion
TLS1_1

$account.AllowBlobPublicAccess
False

$a.AllowSharedKeyAccess
True

O comando define MinimumTlsVersion, AllowBlobPublicAccess e AllowSharedKeyAccess e mostra as 3 propriedades da conta

$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -PublishMicrosoftEndpoint $false -PublishInternetEndpoint $true -RoutingChoice InternetRouting

$account.RoutingPreference

RoutingChoice   PublishMicrosoftEndpoints PublishInternetEndpoints
-------------   ------------------------- ------------------------
InternetRouting                     False                     True

$account.PrimaryEndpoints

Blob               : https://mystorageaccount.blob.core.windows.net/
Queue              : https://mystorageaccount.queue.core.windows.net/
Table              : https://mystorageaccount.table.core.windows.net/
File               : https://mystorageaccount.file.core.windows.net/
Web                : https://mystorageaccount.z2.web.core.windows.net/
Dfs                : https://mystorageaccount.dfs.core.windows.net/
MicrosoftEndpoints :
InternetEndpoints  : {"Blob":"https://mystorageaccount-internetrouting.blob.core.windows.net/","File":"https://mystorageaccount-internetrouting.file.core.windows.net/","Web":"https://mystorageaccount-internetrouting.z2.web.core.windows.net/","Dfs":"https://w
                     eirp3-internetrouting.dfs.core.windows.net/"}

Esse comando atualiza uma conta de armazenamento com a configuração RoutingPreference: PublishMicrosoftEndpoint como false, PublishInternetEndpoint como true e RoutingChoice como MicrosoftRouting.

$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -KeyExpirationPeriodInDay 5 -SasExpirationPeriod "1.12:05:06" -SasExpirationAction Log

$account.KeyPolicy.KeyExpirationPeriodInDays
5

$account.SasPolicy.SasExpirationPeriod

SasExpirationPeriod ExpirationAction
------------------- ----------------
1.12:05:06          Log

Esse comando atualiza uma conta de armazenamento com KeyExpirationPeriod e SasExpirationPeriod com SasExpirationAction e, em seguida, mostra as propriedades relacionadas à conta atualizada.

# Create KeyVault (no need if using exist keyvault)
$keyVault = New-AzKeyVault -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -Location eastus2euap -EnablePurgeProtection
$key = Add-AzKeyVaultKey -VaultName $keyvaultName -Name $keyname -Destination 'Software'

# create user assigned identity and grant access to keyvault (no need if using exist user assigned identity)
$userId = New-AzUserAssignedIdentity -ResourceGroupName $resourceGroupName -Name $userIdName
Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ObjectId $userId.PrincipalId -PermissionsToKeys get,wrapkey,unwrapkey -BypassObjectIdValidation
$useridentityId= $userId.Id

# Update Storage account with Keyvault encryption and access Keyvault with user assigned identity, then show properties
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName `
                -IdentityType UserAssigned  -UserAssignedIdentityId $useridentityId  `
                -KeyVaultUri $keyVault.VaultUri -KeyName $keyname -KeyVaultUserAssignedIdentityId $useridentityId

$account.Encryption.EncryptionIdentity.EncryptionUserAssignedIdentity
/subscriptions/{subscription-id}/resourceGroups/myresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myuserid

$account.Encryption.KeyVaultProperties

KeyName                       : wrappingKey
KeyVersion                    :
KeyVaultUri                   : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp      : 4/12/2021 8:17:57 AM

Esse comando primeiro cria um keyvault e uma identidade atribuída pelo usuário e, em seguida, atualiza uma conta de armazenamento com criptografia keyvault, o keyvault de acesso de armazenamento com a identidade atribuída pelo usuário.

# Assign System identity to the account, and give the system assigned identity access to the keyvault
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName  -IdentityType SystemAssignedUserAssigned
Set-AzKeyVaultAccessPolicy -VaultName $keyvaultName -ResourceGroupName $resourceGroupName -ObjectId $account.Identity.PrincipalId -PermissionsToKeys get,wrapkey,unwrapkey -BypassObjectIdValidation

# Update account from access Keyvault with user assigned identity to access Keyvault with system assigned identity
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -IdentityType SystemAssignedUserAssigned -KeyName $keyname -KeyVaultUri $keyvaultUri -KeyVaultUserAssignedIdentityId ""

# EncryptionUserAssignedIdentity is empty, so the account access keyvault with system assigned identity
$account.Encryption.EncryptionIdentity

EncryptionUserAssignedIdentity
------------------------------

$account.Encryption.KeyVaultProperties

KeyName                       : wrappingKey
KeyVersion                    :
KeyVaultUri                   : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp      : 4/12/2021 8:17:57 AM

Esse comando primeiro atribui a identidade do sistema à conta e fornece ao sistema acesso de identidade atribuído ao keyvault; em seguida, atualiza a conta de armazenamento para acessar o Keyvault com a identidade atribuída pelo sistema.

# Update to another user assigned identity
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -IdentityType SystemAssignedUserAssigned -UserAssignedIdentityId $useridentity2 -KeyVaultUserAssignedIdentityId $useridentity2

# Update to encrypt with another keyvault
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -KeyVaultUri $keyvaultUri2 -KeyName $keyname2 -KeyVersion $keyversion2

Esse comando primeiro atualiza a identidade atribuída pelo usuário para acessar o keyvault e, em seguida, atualiza o keyvault para criptografia. Para atualizar o Keyvault e a identidade atribuída pelo usuário, precisamos atualizar com as duas etapas acima.

$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -AllowCrossTenantReplication $false -EnableHttpsTrafficOnly $true

$account.AllowCrossTenantReplication

False

Esse comando atualiza uma conta de Armazenamento definindo AllowCrossTenantReplication como false e, em seguida, mostra as propriedades relacionadas à conta atualizada.

$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -PublicNetworkAccess Enabled

$account.PublicNetworkAccess

Enabled

Esse comando atualiza uma conta de Armazenamento definindo PublicNetworkAccess como habilitado.

$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -ImmutabilityPeriod 2 -ImmutabilityPolicyState Unlocked

$account.ImmutableStorageWithVersioning.Enabled
True

$account.ImmutableStorageWithVersioning.ImmutabilityPolicy

ImmutabilityPeriodSinceCreationInDays State
------------------------------------- -----
                                    2 Unlocked

O comando atualiza as propriedades da política de imutabilidade no nível da conta em uma conta de armazenamento existente e mostra o resultado. A conta de armazenamento deve ser criada com a imutabilidade de nível de conta habilitada com controle de versão. A política de imutabilidade no nível da conta será herdada e aplicada a objetos que não possuem uma política de imutabilidade explícita no nível do objeto.

$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount" -EnableSftp $true -EnableLocalUser $true

$account.EnableSftp
True

$account.EnableLocalUser
True

Esse comando atualiza uma conta de Armazenamento habilitando sftp e localuser. Para executar o comando com êxito, a conta de armazenamento já deve habilitar o Namespace Hierárquico.

# create Storage account with Keyvault encryption (access Keyvault with FederatedClientId), then show properties
$account = Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName  `
                -KeyVaultUri $keyVault.VaultUri -KeyName $keyname -KeyVaultUserAssignedIdentityId $useridentityId -KeyVaultFederatedClientId $federatedClientId

$account.Encryption.EncryptionIdentity

EncryptionUserAssignedIdentity                                                                                                      EncryptionFederatedIdentityClientId
------------------------------                                                                                                      -----------------------------------
/subscriptions/{subscription-id}/resourceGroups/myresourcegroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myuserid ********-****-****-****-************

$account.Encryption.KeyVaultProperties

KeyName                       : wrappingKey
KeyVersion                    :
KeyVaultUri                   : https://mykeyvault.vault.azure.net:443
CurrentVersionedKeyIdentifier : https://mykeyvault.vault.azure.net/keys/wrappingKey/8e74036e0d534e58b3bd84b319e31d8f
LastKeyRotationTimestamp      : 3/3/2022 2:07:34 AM

Esse comando atualiza uma conta de armazenamento com Keyvault de outro locatário (acesse Keyvault com FederatedClientId).

$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -EnableSmbOAuth $true

$account.AzureFilesIdentityBasedAuth.SmbOAuthSettings.IsSmbOAuthEnabled

True

Esse comando atualiza uma conta de Armazenamento definindo EnableSmbOAuth como true e, em seguida, mostra as propriedades relacionadas à conta atualizada.

$account = Set-AzStorageAccount -ResourceGroupName "myresourcegroup" -Name "myaccount" -Zone 1 -ZonePlacementPolicy "Any"

Esse comando atualiza uma conta de Armazenamento definindo Zone como 1 e ZonePlacementPolicy como Any e mostra as propriedades relacionadas à conta atualizada.

$account = Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -EnableBlobGeoPriorityReplication $true

$account.GeoPriorityReplicationStatus.IsBlobEnabled

True

Esse comando habilita a Replicação de Prioridade Geográfica de Blob em uma conta de Armazenamento.

Este cmdlet suporta os parâmetros comuns: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction e -WarningVariable. Para obter mais informações, consulte about_CommonParameters.