external help file	Module Name	online version	schema
Az.DataProtection-help.xml	Az.DataProtection	https://learn.microsoft.com/powershell/module/az.dataprotection/new-azdataprotectionbackupvault	2.0.0

New-AzDataProtectionBackupVault

SYNOPSIS

Creates or updates a BackupVault resource belonging to a resource group.

SYNTAX

New-AzDataProtectionBackupVault -ResourceGroupName <String> -VaultName <String> -Location <String>
 -StorageSetting <IStorageSetting[]> [-SubscriptionId <String>] [-ETag <String>] [-IdentityType <String>]
 [-AzureMonitorAlertsForAllJobFailure <AlertsState>] [-ImmutabilityState <ImmutabilityState>]
 [-CrossRegionRestoreState <CrossRegionRestoreState>]
 [-CrossSubscriptionRestoreState <CrossSubscriptionRestoreState>] [-SoftDeleteRetentionDurationInDay <Double>]
 [-SoftDeleteState <SoftDeleteState>] [-Tag <Hashtable>] [-IdentityUserAssignedIdentity <Hashtable>]
 [-CmkEncryptionState <EncryptionState>] [-CmkInfrastructureEncryption <InfrastructureEncryptionState>]
 [-CmkIdentityType <IdentityType>] [-CmkUserAssignedIdentityId <String>] [-CmkEncryptionKeyUri <String>]
 [-DefaultProfile <PSObject>] [-AsJob] [-NoWait] [-WhatIf] [-Confirm]
 [<CommonParameters>]

DESCRIPTION

Creates or updates a BackupVault resource belonging to a resource group.

EXAMPLES

Example 1: Create a new backup vault

$sub = "xxxx-xxxx-xxxxx"
$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
New-AzDataProtectionBackupVault -SubscriptionId $sub -ResourceGroupName sarath-rg -VaultName "MyVault" -StorageSetting $storagesetting -Location westus

ETag IdentityPrincipalId IdentityTenantId IdentityType Location Name    Type
---- ------------------- ---------------- ------------ -------- ----    ----
                                                       westus   MyVault Microsoft.DataProtection/backupVaults

This command creates a new backup vault.

Example 2: Create a new backup vault with ImmutabilityState, CrossSubscriptionRestoreState, soft delete settings

$sub = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
New-AzDataProtectionBackupVault -SubscriptionId $sub -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -Location westus -StorageSetting $storagesetting -CrossSubscriptionRestoreState Enabled -ImmutabilityState Unlocked -SoftDeleteRetentionDurationInDay 100 -SoftDeleteState On

ETag IdentityPrincipalId IdentityTenantId IdentityType Location Name    Type
---- ------------------- ---------------- ------------ -------- ----    ----
                                                       westus   MyVault Microsoft.DataProtection/backupVaults

This command creates a new backup vault while setting Immutability state, cross subscription restore state, soft delete settings of the vault at creation time.

Example 3: Create a Backup Vault with CMK

$storagesetting = New-AzDataProtectionBackupVaultStorageSettingObject -DataStoreType VaultStore -Type LocallyRedundant
$userAssignedIdentity = @{
    "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami" = @{
        clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        principalId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    }
    "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami2" = @{
        clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        principalId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    }
}

$cmkIdentityId = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/samplerg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/sampleuami"

$cmkKeyUri = "https://samplekvazbckp.vault.azure.net/keys/testkey/3cd5235ad6ac4c11b40a6f35444bcbe1"

New-AzDataProtectionBackupVault -SubscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -ResourceGroupName "resourceGroupName" -VaultName "vaultName" -Location "location" -StorageSetting $storagesetting -IdentityType UserAssigned -UserAssignedIdentity $userAssignedIdentity -CmkEncryptionState Enabled -CmkIdentityType UserAssigned -CmkUserAssignedIdentityId $cmkIdentityId -CmkEncryptionKeyUri $cmkKeyUri -CmkInfrastructureEncryption Enabled

Name      Location   IdentityType
--------  --------   ------------
vaultName location   UserAssigned

This command creates a backup vault with CMK encryption enabled

PARAMETERS

-AsJob

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AzureMonitorAlertsForAllJobFailure

Parameter to Enable or Disable built-in azure monitor alerts for job failures. Security alerts cannot be disabled.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.AlertsState
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CmkEncryptionKeyUri

The Key URI of the CMK key to be used for encryption. To enable auto-rotation of keys, exclude the version component from the Key URI.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CmkEncryptionState

Enable CMK encryption state for a Backup Vault.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.EncryptionState
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CmkIdentityType

The identity type to be used for CMK encryption - SystemAssigned or UserAssigned Identity.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.IdentityType
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CmkInfrastructureEncryption

Enable infrastructure encryption with CMK on this vault. Infrastructure encryption must be configured only when creating the vault.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.InfrastructureEncryptionState
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CmkUserAssignedIdentityId

This parameter is required if the identity type is UserAssigned. Add the user assigned managed identity id to be used which has access permissions to the Key Vault.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CrossRegionRestoreState

Cross region restore state of the vault. Allowed values are Disabled, Enabled.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.CrossRegionRestoreState
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CrossSubscriptionRestoreState

Cross subscription restore state of the vault. Allowed values are Disabled, Enabled, PermanentlyDisabled.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.CrossSubscriptionRestoreState
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultProfile

Type: System.Management.Automation.PSObject
Parameter Sets: (All)
Aliases: AzureRMContext, AzureCredential

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ETag

Optional ETag.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IdentityType

The identityType can take values - "SystemAssigned", "UserAssigned", "SystemAssigned,UserAssigned", "None".

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IdentityUserAssignedIdentity

Gets or sets the user assigned identities.

Type: System.Collections.Hashtable
Parameter Sets: (All)
Aliases: UserAssignedIdentity

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ImmutabilityState

Immutability state of the vault. Allowed values are Disabled, Unlocked, Locked.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.ImmutabilityState
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Location

Resource location.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NoWait

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ResourceGroupName

Resource Group Name of the backup vault

Type: System.String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SoftDeleteRetentionDurationInDay

Soft delete retention duration in days

Type: System.Double
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SoftDeleteState

Soft delete state of the vault. Allowed values are Off, On, AlwaysOn

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.SoftDeleteState
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-StorageSetting

Storage Settings of the vault. Use New-AzDataProtectionBackupVaultStorageSetting Cmdlet to Create. To construct, see NOTES section for STORAGESETTING properties and create a hash table.

Type: Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20240401.IStorageSetting[]
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SubscriptionId

Subscription Id of the vault

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Tag

Resource tags.

Type: System.Collections.Hashtable
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-VaultName

Name of the backup vault

Type: System.String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Files

New-AzDataProtectionBackupVault.md

Latest commit

History