From 65b9a876f9f65cc641d3883cc529f0658f93232c Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Sat, 10 Oct 2020 12:54:16 +0800
Subject: [PATCH 1/8] get managed hsm

---
 src/KeyVault/KeyVault/Az.KeyVault.psd1        |   4 +-
 .../KeyVault/Commands/GetAzureKeyVault.cs     |  64 +------
 .../KeyVault/Commands/GetAzureManagedHsm.cs   |  74 ++++++++
 .../KeyVault/Commands/NewAzureKeyVault.cs     |   7 +-
 .../KeyVault/Commands/NewAzureManagedHsm.cs   | 102 +++++++++++
 .../Commands/UndoAzureKeyVaultRemoval.cs      |   2 +-
 src/KeyVault/KeyVault/KeyVault.format.ps1xml  | 166 ++++++++++++------
 .../Models/KeyVaultManagementCmdletBase.cs    |  20 +--
 src/KeyVault/KeyVault/Models/PSManagedHsm.cs  |  14 +-
 .../Models/VaultCreationParameters.cs         |   2 +-
 .../KeyVault/Models/VaultManagementClient.cs  |  99 +++++++----
 .../KeyVault/Properties/Resources.Designer.cs |   9 +
 .../KeyVault/Properties/Resources.resx        |   3 +
 13 files changed, 391 insertions(+), 175 deletions(-)
 create mode 100644 src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
 create mode 100644 src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs

diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1
index bcca888d0273..0184e66ed698 100644
--- a/src/KeyVault/KeyVault/Az.KeyVault.psd1
+++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1
@@ -88,7 +88,9 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate',
                'Remove-AzKeyVaultCertificateIssuer', 
                'Remove-AzKeyVaultCertificateOperation', 
                'Set-AzKeyVaultCertificateIssuer', 
-               'Set-AzKeyVaultCertificatePolicy', 'Get-AzKeyVault', 'New-AzKeyVault', 
+               'Set-AzKeyVaultCertificatePolicy', 
+               'Get-AzManagedHsm', 
+               'Get-AzKeyVault', 'New-AzKeyVault', 
                'Remove-AzKeyVault', 'Undo-AzKeyVaultRemoval', 
                'Remove-AzKeyVaultAccessPolicy', 'Set-AzKeyVaultAccessPolicy', 
                'Backup-AzKeyVaultKey', 'Get-AzKeyVaultKey', 'Get-AzKeyVaultSecret', 
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
index 56c30558bacf..6a83e09ebc87 100644
--- a/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/GetAzureKeyVault.cs
@@ -85,12 +85,6 @@ public class GetAzureKeyVault : KeyVaultManagementCmdletBase
             HelpMessage = "Specifies whether to show the previously deleted vaults in the output.")]
         public SwitchParameter InRemovedState { get; set; }
 
-        [Parameter(Mandatory = false,
-            ParameterSetName = GetVaultParameterSet,
-            HelpMessage = "Specifies the type of Vault / HSM to be shown. If omitted, both will be listed.")]
-        [Alias("Type")]
-        public ResourceTypeName ResourceType { get; set; }
-
         /// <summary>
         /// Tag value
         /// </summary>
@@ -104,68 +98,22 @@ public class GetAzureKeyVault : KeyVaultManagementCmdletBase
         #endregion
         public override void ExecuteCmdlet()
         {
-            ResourceTypeName? resourceTypeName = null;
-            if (MyInvocation.BoundParameters.ContainsKey(nameof(ResourceType)))
-            {
-                resourceTypeName = this.ResourceType;
-            }
-
             switch (ParameterSetName)
             {
                 case GetVaultParameterSet:
                     ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
-                    ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName, true) : ResourceGroupName;
-
-                    PSKeyVaultIdentityItem vault = null;
 
                     if (ShouldGetByName(ResourceGroupName, VaultName))
                     {
-                        switch (resourceTypeName)
-                        {
-                            case ResourceTypeName.Vault:
-                                vault = KeyVaultManagementClient.GetVault(
-                                                            VaultName,
-                                                            ResourceGroupName,
-                                                            ActiveDirectoryClient);
-                                WriteObject(FilterByTag((PSKeyVault)vault, Tag));
-                                break;
-
-                            case ResourceTypeName.Hsm:
-                                vault = KeyVaultManagementClient.GetManagedHsm(
-                                                            VaultName,
-                                                            ResourceGroupName,
-                                                            ActiveDirectoryClient);
-                                WriteObject(FilterByTag((PSManagedHsm)vault, Tag));
-                                break;
-
-                            default:
-                                // Search both Vaults and ManagedHsms 
-                                vault = KeyVaultManagementClient.GetVault(
-                                                            VaultName,
-                                                            ResourceGroupName,
-                                                            ActiveDirectoryClient);
-                                if (vault == null)
-                                {
-                                    vault = KeyVaultManagementClient.GetManagedHsm(
-                                                            VaultName,
-                                                            ResourceGroupName,
-                                                            ActiveDirectoryClient);
-                                    WriteObject(FilterByTag((PSManagedHsm)vault, Tag));
-                                }
-                                else
-                                {
-                                    WriteObject(FilterByTag((PSKeyVault)vault, Tag));
-                                }
-                                break;
-                        }
+                        PSKeyVault vault = KeyVaultManagementClient.GetVault(
+                                                    VaultName,
+                                                    ResourceGroupName,
+                                                    ActiveDirectoryClient);
+                        WriteObject(FilterByTag(vault, Tag));
                     }
                     else
                     {
-                        WriteObject(
-                            TopLevelWildcardFilter(
-                                ResourceGroupName, VaultName, 
-                                ListVaults(ResourceGroupName, Tag, resourceTypeName)),
-                            true);
+                        WriteObject(TopLevelWildcardFilter(ResourceGroupName, VaultName, ListVaults(ResourceGroupName, Tag)), true);
                     }
                     
                     break;
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
new file mode 100644
index 000000000000..8dd1b745df99
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
@@ -0,0 +1,74 @@
+using System.Collections;
+using System.Collections.Generic;
+using System.Management.Automation;
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands
+{
+    [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm")]
+    [OutputType(typeof(PSManagedHsm), typeof(PSKeyVaultIdentityItem))]
+    public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
+    {
+        #region Input Parameter Definitions
+
+        /// <summary>
+        /// Hsm name
+        /// </summary>
+        [Parameter(Mandatory = false,
+            Position = 0,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a hsm based on the name and currently selected environment.")]
+        [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "ResourceGroupName")]
+        [Alias(Constants.Name)]
+        [ValidateNotNullOrEmpty]
+        [SupportsWildcards]
+        public string HsmName { get; set; }
+
+        /// <summary>
+        /// Resource group name
+        /// </summary>
+        [Parameter(Mandatory = false,
+            Position = 1,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Specifies the name of the resource group associated with the managed hsm being queried.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty]
+        [SupportsWildcards]
+        public string ResourceGroupName { get; set; }
+
+        /// <summary>
+        /// Tag value
+        /// </summary>
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Specifies the key and optional value of the specified tag to filter the list of managed hsms by.")]
+        public Hashtable Tag { get; set; }
+
+        #endregion
+
+        public override void ExecuteCmdlet()
+        {
+            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(HsmName, true) : ResourceGroupName;
+
+            if (ShouldGetByName(ResourceGroupName, HsmName))
+            {
+                PSManagedHsm mhsm = KeyVaultManagementClient.GetManagedHsm(
+                                                HsmName,
+                                                ResourceGroupName,
+                                                ActiveDirectoryClient);
+                WriteObject(FilterByTag(mhsm, Tag));
+            }
+            else
+            {              
+                WriteObject(
+                    TopLevelWildcardFilter(
+                        ResourceGroupName, HsmName,
+                        FilterByTag(
+                            KeyVaultManagementClient.ListManagedHsms(ResourceGroupName, ActiveDirectoryClient), Tag)),
+                    true);
+            }
+        }
+    }
+}
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
index 667bb39cf69b..1b67875200e8 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
@@ -16,12 +16,9 @@
 using Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.KeyVault.Models;
-using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
 using System.Collections;
-using System.Collections.Generic;
-using System.Linq;
 using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.KeyVault
@@ -189,7 +186,7 @@ public override void ExecuteCmdlet()
                 // Set common parameters
                 var vaultCreationParameter = new VaultCreationParameters()
                 {
-                    VaultName = this.Name,
+                    Name = this.Name,
                     ResourceGroupName = this.ResourceGroupName,
                     Location = this.Location,
                     SkuName = this.Sku,
@@ -225,7 +222,7 @@ public override void ExecuteCmdlet()
                     case ManagedHsmParameterSet:
                         vaultCreationParameter.Administrator = this.Administrator;
                         vaultCreationParameter.SkuFamilyName = DefaultManagedHsmSkuFamily;
-                        this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, ActiveDirectoryClient, NetworkRuleSet));
+                        this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, ActiveDirectoryClient));
                         break;
                     default:
                         throw new ArgumentException(Resources.BadParameterSetName);
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
new file mode 100644
index 000000000000..7be304147f80
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
@@ -0,0 +1,102 @@
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Properties;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.KeyVault.Models;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+using System;
+using System.Collections;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands
+{
+    /// <summary>
+    /// Create a new managed hsm.
+    /// </summary>
+    [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm", SupportsShouldProcess = true)]
+    [OutputType(typeof(PSManagedHsm))]
+    public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
+    {
+        #region Input Parameter Definitions
+
+        /// <summary>
+        /// Hsm name
+        /// </summary>
+        [Parameter(Mandatory = true,
+            Position = 0,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage =
+                "Specifies a name of the managed hsm to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique."
+            )]
+        [ValidateNotNullOrEmpty]
+        [Alias("HsmName")]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Resource group name
+        /// </summary>
+        [Parameter(Mandatory = true,
+            Position = 1,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Specifies the name of an existing resource group in which to create the key vault.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty()]
+        public string ResourceGroupName { get; set; }
+
+        /// <summary>
+        /// Location
+        /// </summary>
+        [Parameter(Mandatory = true,
+            Position = 2,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Specifies the Azure region in which to create the key vault. Use the command Get-AzResourceProvider with the ProviderNamespace parameter to see your choices.")]
+        [LocationCompleter("Microsoft.KeyVault/managedHSMs")]
+        [ValidateNotNullOrEmpty()]
+        public string Location { get; set; }
+
+        [Parameter(Mandatory = true,
+            Position = 3,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Array of initial administrators object ids for this managed hsm pool.")]
+        public string[] Administrator { get; set; }
+
+        [Parameter(Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "Specifies the SKU of the managed hsm instance.")]
+        [ValidateSet("StandardB1", "CustomB32")]
+        public string Sku { get; set; }
+
+        [Parameter(Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "A hash table which represents resource tags.")]
+        [Alias(Constants.TagsAlias)]
+        public Hashtable Tag { get; set; }
+
+        #endregion
+
+        public override void ExecuteCmdlet()
+        {
+            if (ShouldProcess(Name, Properties.Resources.CreateKeyVault))
+            {
+                if (VaultExistsInCurrentSubscription(Name, true))
+                {
+                    throw new ArgumentException(Resources.HsmAlreadyExists);
+                }
+
+                var vaultCreationParameter = new VaultCreationParameters()
+                {
+                    Name = this.Name,
+                    ResourceGroupName = this.ResourceGroupName,
+                    Location = this.Location,
+                    SkuName = this.Sku,
+                    TenantId = GetTenantId(),
+                    Tags = this.Tag,
+                    Administrator = this.Administrator,
+                    SkuFamilyName = DefaultManagedHsmSkuFamily
+                };
+
+                this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, ActiveDirectoryClient));
+            }
+        }
+
+    }
+}
diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
index 41d33847087c..aac56181542e 100644
--- a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
+++ b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
@@ -97,7 +97,7 @@ public override void ExecuteCmdlet()
             {
                 var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationParameters()
                 {
-                    VaultName = this.VaultName,
+                    Name = this.VaultName,
                     ResourceGroupName = this.ResourceGroupName,
                     Location = this.Location,
                     Tags = this.Tag,
diff --git a/src/KeyVault/KeyVault/KeyVault.format.ps1xml b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
index d484397a7940..05cb9cd05dff 100644
--- a/src/KeyVault/KeyVault/KeyVault.format.ps1xml
+++ b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
@@ -398,63 +398,119 @@
     <View>
       <Name>Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm</Name>
       <ViewSelectedBy>
-	<TypeName>Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm</TypeName>
+        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm</TypeName>
+      </ViewSelectedBy>
+      <TableControl>
+        <TableHeaders>
+          <TableColumnHeader>
+            <Alignment>Left</Alignment>
+            <Label>Name</Label>
+          </TableColumnHeader>
+          <TableColumnHeader>
+            <Alignment>Left</Alignment>
+            <Label>Resource Group Name</Label>
+          </TableColumnHeader>
+          <TableColumnHeader>
+            <Alignment>Left</Alignment>
+            <Label>Location</Label>
+          </TableColumnHeader>
+          <TableColumnHeader>
+            <Alignment>Left</Alignment>
+            <Label>Administrator</Label>
+          </TableColumnHeader>
+        </TableHeaders>
+        <TableRowEntries>
+          <TableRowEntry>
+            <TableColumnItems>
+              <TableColumnItem>
+                <Alignment>Left</Alignment>
+                <PropertyName>Name</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <Alignment>Left</Alignment>
+                <PropertyName>ResourceGroupName</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <Alignment>Left</Alignment>
+                <PropertyName>Location</PropertyName>
+              </TableColumnItem>
+              <TableColumnItem>
+                <Alignment>Left</Alignment>
+                <PropertyName>InitialAdminObjectIds</PropertyName>
+              </TableColumnItem>
+            </TableColumnItems>
+          </TableRowEntry>
+        </TableRowEntries>
+      </TableControl>
+    </View>
+    <View>
+      <Name>Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm</Name>
+      <ViewSelectedBy>
+        <TypeName>Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm</TypeName>
       </ViewSelectedBy>
       <ListControl>
-	<ListEntries>
-	  <ListEntry>
-	    <ListItems>
-	      <ListItem>
-		<Label>ManagedHsm Name</Label>
-		<PropertyName>VaultName</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Resource Group Name</Label>
-		<PropertyName>ResourceGroupName</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Location</Label>
-		<PropertyName>Location</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Resource ID</Label>
-		<PropertyName>ResourceId</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Hsm Pool URI</Label>
-		<PropertyName>HsmPoolUri</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Tenant ID</Label>
-		<PropertyName>TenantName</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Initial Admin Object Ids</Label>
-		<PropertyName>InitialAdminObjectIds</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>SKU</Label>
-		<PropertyName>Sku</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Soft Delete Enabled?</Label>
-		<PropertyName>EnableSoftDelete</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Enabled Purge Protection?</Label>
-		<PropertyName>EnablePurgeProtection</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Soft Delete Retention Period (days)</Label>
-		<PropertyName>SoftDeleteRetentionInDays</PropertyName>
-	      </ListItem>
-	      <ListItem>
-		<Label>Tags</Label>
-		<PropertyName>TagsTable</PropertyName>
-	      </ListItem>
-	    </ListItems>
-	  </ListEntry>
-	</ListEntries>
+	       <ListEntries>
+	         <ListEntry>
+	           <ListItems>
+	             <ListItem>
+		              <Label>Managed Hsm Name</Label>
+		                <PropertyName>Name</PropertyName>
+	             </ListItem>
+	             <ListItem>
+		              <Label>Resource Group Name</Label>
+		                <PropertyName>ResourceGroupName</PropertyName>
+	             </ListItem>
+	             <ListItem>
+		              <Label>Location</Label>
+		              <PropertyName>Location</PropertyName>
+	             </ListItem>
+	             <ListItem>
+                <Label>Resource ID</Label>
+                <PropertyName>ResourceId</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Hsm Pool URI</Label>
+                <PropertyName>HsmPoolUri</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Tenant ID</Label>
+                <PropertyName>TenantName</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Initial Admin Object Ids</Label>
+                <PropertyName>InitialAdminObjectIds</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>SKU</Label>
+                <PropertyName>Sku</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Soft Delete Enabled?</Label>
+                <PropertyName>EnableSoftDelete</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Enabled Purge Protection?</Label>
+                <PropertyName>EnablePurgeProtection</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Soft Delete Retention Period (days)</Label>
+                <PropertyName>SoftDeleteRetentionInDays</PropertyName>
+              </ListItem>            
+              <ListItem>
+                <Label>Provisioning State</Label>
+                <PropertyName>ProvisioningState</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Status Message</Label>
+                <PropertyName>StatusMessage</PropertyName>
+              </ListItem>  
+              <ListItem>
+                <Label>Tags</Label>
+                <PropertyName>TagsTable</PropertyName>
+              </ListItem>
+            </ListItems>
+          </ListEntry>
+        </ListEntries>
       </ListControl>
     </View>
     <View>
diff --git a/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs b/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs
index 9eec82a93e23..9a0e69fc1fe0 100644
--- a/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs
+++ b/src/KeyVault/KeyVault/Models/KeyVaultManagementCmdletBase.cs
@@ -101,7 +101,7 @@ public ResourceManagementClient ResourceClient
             set { _resourceClient = value; }
         }
 
-        protected List<PSKeyVaultIdentityItem> FilterByTag(List<PSKeyVaultIdentityItem> listResult, Hashtable tag)
+        protected List<T> FilterByTag<T>(List<T> listResult, Hashtable tag) where T : PSKeyVaultIdentityItem
         {
             var tagValuePair = new PSTagValuePair();
             if (tag != null && tag.Count > 0)
@@ -126,30 +126,26 @@ protected List<PSKeyVaultIdentityItem> FilterByTag(List<PSKeyVaultIdentityItem>
             return listResult;
         }
 
-        protected PSKeyVault FilterByTag(PSKeyVault keyVault, Hashtable tag)
+        protected T FilterByTag<T>(T vault, Hashtable tag) where T : PSKeyVaultIdentityItem
         {
-            return (PSKeyVault) FilterByTag(new List<PSKeyVaultIdentityItem> { keyVault }, tag).FirstOrDefault();
+            return FilterByTag(new List<T> { vault }, tag).FirstOrDefault();
         }
 
-        protected PSManagedHsm FilterByTag(PSManagedHsm managedHsm, Hashtable tag)
-        {
-            return (PSManagedHsm)FilterByTag(new List<PSKeyVaultIdentityItem> { managedHsm }, tag).FirstOrDefault();
-        }
-
-        protected List<PSKeyVaultIdentityItem> ListVaults(string resourceGroupName, Hashtable tag, ResourceTypeName? resourceTypeName= ResourceTypeName.Vault)
+        protected List<PSKeyVaultIdentityItem> ListVaults(string resourceGroupName, Hashtable tag, ResourceTypeName? resourceTypeName = ResourceTypeName.Vault)
         {
             var vaults = new List<PSKeyVaultIdentityItem>();
 
             // List all kinds of vault resources
-            if (resourceTypeName == null) {
+            if (resourceTypeName == null)
+            {
                 vaults.AddRange(ListVaults(resourceGroupName, tag, ResourceTypeName.Vault));
                 vaults.AddRange(ListVaults(resourceGroupName, tag, ResourceTypeName.Hsm));
                 return vaults;
             }
 
             IEnumerable<PSKeyVaultIdentityItem> listResult;
-            var resourceType = resourceTypeName.Equals(ResourceTypeName.Hsm)?
-                KeyVaultManagementClient.ManagedHsmResourceType: KeyVaultManagementClient.VaultsResourceType;
+            var resourceType = resourceTypeName.Equals(ResourceTypeName.Hsm) ?
+                KeyVaultManagementClient.ManagedHsmResourceType : KeyVaultManagementClient.VaultsResourceType;
             if (ShouldListByResourceGroup(resourceGroupName, null))
             {
                 listResult = ListByResourceGroup(resourceGroupName,
diff --git a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
index d49695509a9d..e33f46dd1711 100644
--- a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
@@ -9,6 +9,8 @@
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
 using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
 using System.Linq;
+using System.Management.Automation;
+using System.Runtime.CompilerServices;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
@@ -18,7 +20,7 @@ public PSManagedHsm()
         {
         }
 
-        public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
+        public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient = null)
         {
             // PSKeyVaultIdentityItem's properties
             ResourceId = managedHsm.Id;
@@ -27,7 +29,8 @@ public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
             Location = managedHsm.Location;
             Tags = TagsConversionHelper.CreateTagHashtable(managedHsm.Tags);
 
-            // PSManagedHsm's properties
+            // PSManagedHsm's properties, hides type
+            Name = managedHsm.Name;
             Sku = managedHsm.Sku.Name.ToString();
             TenantId = managedHsm.Properties.TenantId.Value;
             TenantName = ModelExtensions.GetDisplayNameForTenant(TenantId, adClient);
@@ -36,11 +39,12 @@ public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
             EnablePurgeProtection = managedHsm.Properties.EnablePurgeProtection;
             EnableSoftDelete = managedHsm.Properties.EnableSoftDelete;
             SoftDeleteRetentionInDays = managedHsm.Properties.SoftDeleteRetentionInDays;
-            // AccessPolicies = vault.Properties.AccessPolicies.Select(s => new PSKeyVaultAccessPolicy(s, adClient)).ToArray();
-            // NetworkAcls = InitNetworkRuleSet(managedHsm.Properties);
+            StatusMessage = managedHsm.Properties.StatusMessage;
+            ProvisioningState = managedHsm.Properties.ProvisioningState;
             OriginalManagedHsm = managedHsm;
         }
 
+        public string Name { get; private set; }
         public string Sku { get; private set; }
         public Guid TenantId { get; private set; }
         public string TenantName { get; private set; }
@@ -49,6 +53,8 @@ public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
         public bool? EnableSoftDelete { get; private set; }
         public int? SoftDeleteRetentionInDays { get; private set; }
         public bool? EnablePurgeProtection { get; private set; }
+        public string StatusMessage { get; private set; }
+        public string ProvisioningState { get; private set; }
         public ManagedHsm OriginalManagedHsm { get; private set; }
 
     }
diff --git a/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs b/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs
index 05b853dd8d9e..acbf4de4d5c4 100644
--- a/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs
+++ b/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs
@@ -20,7 +20,7 @@ namespace Microsoft.Azure.Commands.KeyVault.Models
 {
     public class VaultCreationParameters
     {
-        public string VaultName { get; set; }
+        public string Name { get; set; }
         public string ResourceGroupName { get; set; }
         public string Location { get; set; }
         public Hashtable Tags { get; set; }
diff --git a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
index 8eceb13278e6..00b1966e0526 100644
--- a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
+++ b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
@@ -30,6 +30,7 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Rest.Azure;
 using System.ComponentModel;
+using System.Collections;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
@@ -72,8 +73,8 @@ public PSKeyVault CreateNewVault(VaultCreationParameters parameters, ActiveDirec
         {
             if (parameters == null)
                 throw new ArgumentNullException("parameters");
-            if (string.IsNullOrWhiteSpace(parameters.VaultName))
-                throw new ArgumentNullException("parameters.VaultName");
+            if (string.IsNullOrWhiteSpace(parameters.Name))
+                throw new ArgumentNullException("parameters.Name");
             if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
                 throw new ArgumentNullException("parameters.ResourceGroupName");
             if (string.IsNullOrWhiteSpace(parameters.Location))
@@ -121,7 +122,7 @@ public PSKeyVault CreateNewVault(VaultCreationParameters parameters, ActiveDirec
 
             var response = KeyVaultManagementClient.Vaults.CreateOrUpdate(
                 resourceGroupName: parameters.ResourceGroupName,
-                vaultName: parameters.VaultName,
+                vaultName: parameters.Name,
                 parameters: new VaultCreateOrUpdateParameters
                 {
                     Location = parameters.Location,
@@ -356,12 +357,12 @@ public List<PSDeletedKeyVault> ListDeletedVaults()
         /// <param name="parameters">vault creation parameters</param>
         /// <param name="adClient">the active directory client</param>
         /// <returns></returns>
-        public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null)
+        public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null)
         {
             if (parameters == null)
                 throw new ArgumentNullException("parameters");
-            if (string.IsNullOrWhiteSpace(parameters.VaultName))
-                throw new ArgumentNullException("parameters.VaultName");
+            if (string.IsNullOrWhiteSpace(parameters.Name))
+                throw new ArgumentNullException("parameters.Name");
             if (string.IsNullOrWhiteSpace(parameters.ResourceGroupName))
                 throw new ArgumentNullException("parameters.ResourceGroupName");
             if (string.IsNullOrWhiteSpace(parameters.Location))
@@ -395,17 +396,6 @@ public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, Acti
                 properties.EnableSoftDelete = parameters.EnableSoftDelete;
                 properties.SoftDeleteRetentionInDays = parameters.SoftDeleteRetentionInDays;
                 properties.EnablePurgeProtection = parameters.EnablePurgeProtection;
-                
-                // No sdk available to update this parapmeter
-                // properties.AccessPolicies = (parameters.AccessPolicy != null) ? new[] { parameters.AccessPolicy } : new AccessPolicyEntry[] { };
-
-                // properties.NetworkAcls = parameters.NetworkAcls;
-                /*
-                if (networkRuleSet != null)
-                {
-                    UpdateVaultNetworkRuleSetProperties(properties, networkRuleSet);
-                }
-                */
             }
             else
             {
@@ -414,7 +404,7 @@ public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, Acti
 
             var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate(
                 resourceGroupName: parameters.ResourceGroupName,
-                name: parameters.VaultName,
+                name: parameters.Name,
                 parameters: new ManagedHsm
                 {
                     Location = parameters.Location,
@@ -456,6 +446,58 @@ public PSManagedHsm GetManagedHsm(string managedHsmName, string resourceGroupNam
             }
         }
 
+        /// <summary>
+        /// List all existing Managed HSMs. Returns null if vault is not found.
+        /// </summary>
+        /// <param name="resourceGroupName">resource group name</param>
+        /// <param name="adClient">the active directory client</param>
+        /// <returns>the retrieved Managed HSM</returns>
+        public List<PSManagedHsm> ListManagedHsms(string resourceGroupName, ActiveDirectoryClient adClient = null)
+        {
+            List<PSManagedHsm> managedHsms = new List<PSManagedHsm>(); ;
+            IPage<ManagedHsm> response;
+
+            if (resourceGroupName != null) 
+            {
+                response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupAsync(resourceGroupName).GetAwaiter().GetResult();
+                foreach (var managedHsm in response)
+                {
+                    managedHsms.Add(new PSManagedHsm(managedHsm));
+                }
+
+                while (response?.NextPageLink != null)
+                {
+                    response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupNextAsync(response.NextPageLink).GetAwaiter().GetResult();
+
+                    foreach (var managedHsm in response)
+                    {
+                        managedHsms.Add(new PSManagedHsm(managedHsm));
+                    }
+                }
+            }
+            else
+            {
+                response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionAsync().GetAwaiter().GetResult();
+
+                foreach (var managedHsm in response)
+                {
+                    managedHsms.Add(new PSManagedHsm(managedHsm));
+                }
+
+                while (response?.NextPageLink != null)
+                {
+                    response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionNextAsync(response.NextPageLink).GetAwaiter().GetResult();
+
+                    foreach (var managedHsm in response)
+                    {
+                        managedHsms.Add(new PSManagedHsm(managedHsm));
+                    }
+                }
+            }
+
+            return managedHsms;
+        }
+
         /// <summary>
         /// Update an existing Managed HSM. Only EnablePurgeProtection can be updated currently.
         /// </summary>
@@ -494,28 +536,9 @@ public PSManagedHsm UpdateManagedHsm(
                 && updatedPurgeProtectionSwitch.Value)
                 properties.EnablePurgeProtection = updatedPurgeProtectionSwitch;
 
-            /*  properties.AccessPolicies = (updatedPolicies == null) ?
-                  new List<AccessPolicyEntry>() :
-                  updatedPolicies.Select(a => new AccessPolicyEntry
-                  {
-                      TenantId = a.TenantId,
-                      ObjectId = a.ObjectId,
-                      ApplicationId = a.ApplicationId,
-                      Permissions = new Permissions
-                      {
-                          Keys = a.PermissionsToKeys.ToArray(),
-                          Secrets = a.PermissionsToSecrets.ToArray(),
-                          Certificates = a.PermissionsToCertificates.ToArray(),
-                          Storage = a.PermissionsToStorage.ToArray(),
-                      }
-                  }).ToList();
-
-              UpdateVaultNetworkRuleSetProperties(properties, updatedNetworkAcls);*/
-
-
             var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate(
                 resourceGroupName: existingManagedHsm.ResourceGroupName,
-                name: existingManagedHsm.VaultName,
+                name: existingManagedHsm.Name,
                 parameters: new ManagedHsm
                 {
                     Location = existingManagedHsm.Location,
diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
index 5465a4159c9e..a1f9af18ff38 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
+++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
@@ -342,6 +342,15 @@ internal static string FileOverwriteMessage {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to The specified hsm already exists..
+        /// </summary>
+        internal static string HsmAlreadyExists {
+            get {
+                return ResourceManager.GetString("HsmAlreadyExists", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to BYOK key can not be imported as software key.
         /// </summary>
diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx
index 7b4377973f87..20c7056e502e 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.resx
+++ b/src/KeyVault/KeyVault/Properties/Resources.resx
@@ -282,6 +282,9 @@ You can find the object ID using Azure Active Directory Module for Windows Power
   <data name="VaultAlreadyExists" xml:space="preserve">
     <value>The specified vault already exists.</value>
   </data>
+  <data name="HsmAlreadyExists" xml:space="preserve">
+    <value>The specified hsm already exists.</value>
+  </data>
   <data name="VaultNoAccessPolicyWarning" xml:space="preserve">
     <value>Access policy is not set. No user or application have access permission to use this vault. This can happen if the vault was created by a service principal. Please use Set-AzKeyVaultAccessPolicy to set access policies.</value>
   </data>

From 1831ef91505f7f255aef4161c5cef418a4882ee8 Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Mon, 12 Oct 2020 12:56:12 +0800
Subject: [PATCH 2/8] new managed hsm

---
 .../KeyVault/Commands/NewAzureKeyVault.cs     | 112 ++++++------------
 1 file changed, 33 insertions(+), 79 deletions(-)

diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
index 1b67875200e8..6a8f336e4352 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
@@ -16,9 +16,11 @@
 using Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.KeyVault.Models;
+using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
 using System.Collections;
+using System.Linq;
 using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.KeyVault
@@ -26,14 +28,12 @@ namespace Microsoft.Azure.Commands.KeyVault
     /// <summary>
     /// Create a new key vault.
     /// </summary>
-    [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVault", DefaultParameterSetName = KeyVaultParameterSet, SupportsShouldProcess = true)]
+    [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "KeyVault", SupportsShouldProcess = true)]
     [OutputType(typeof(PSKeyVault))]
     public class NewAzureKeyVault : KeyVaultManagementCmdletBase
     {
-        private const string KeyVaultParameterSet = "KeyVaultParameterSet";
-        private const string ManagedHsmParameterSet = "ManagedHsmParameterSet";
+        #region Input Parameter Definitions
 
-        #region Common Parameter Definitions
         /// <summary>
         /// Vault name
         /// </summary>
@@ -70,21 +70,29 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
         public string Location { get; set; }
 
         [Parameter(Mandatory = false,
-            // Hide out until available
-            ParameterSetName = KeyVaultParameterSet,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "If specified, enables secrets to be retrieved from this key vault by the Microsoft.Compute resource provider when referenced in resource creation.")]
+        public SwitchParameter EnabledForDeployment { get; set; }
+
+        [Parameter(Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Resource Manager when referenced in templates.")]
+        public SwitchParameter EnabledForTemplateDeployment { get; set; }
+
+        [Parameter(Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Disk Encryption.")]
+        public SwitchParameter EnabledForDiskEncryption { get; set; }
+
+        [Parameter(Mandatory = false,
             HelpMessage = "If specified, 'soft delete' functionality is disabled for this key vault.")]
         public SwitchParameter DisableSoftDelete { get; set; }
 
         [Parameter(Mandatory = false,
-            // Hide out until available
-            ParameterSetName = KeyVaultParameterSet,
             HelpMessage = "If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well. Enabling 'purge protection' on a key vault is an irreversible action. Once enabled, it cannot be changed or removed.")]
         public SwitchParameter EnablePurgeProtection { get; set; }
 
-        [Parameter(Mandatory = false,
-            // Hide out until available
-            ParameterSetName = KeyVaultParameterSet,
-            HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
+        [Parameter(Mandatory = false, HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
         [ValidateRange(Constants.MinSoftDeleteRetentionDays, Constants.MaxSoftDeleteRetentionDays)]
         [ValidateNotNullOrEmpty]
         public int SoftDeleteRetentionInDays { get; set; }
@@ -100,55 +108,16 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
         [Alias(Constants.TagsAlias)]
         public Hashtable Tag { get; set; }
 
-        [Parameter(Mandatory = false,
-            // Hide out until available
-            ParameterSetName = KeyVaultParameterSet,
-            HelpMessage = "Specifies the network rule set of the vault. It governs the accessibility of the key vault from specific network locations. Created by `New-AzKeyVaultNetworkRuleSetObject`.")]
+        [Parameter(Mandatory = false, HelpMessage = "Specifies the network rule set of the vault. It governs the accessibility of the key vault from specific network locations. Created by `New-AzKeyVaultNetworkRuleSetObject`.")]
         public PSKeyVaultNetworkRuleSet NetworkRuleSet { get; set; }
 
         #endregion
 
-        #region Keyvault-specified Parameter Definitions
-
-        [Parameter(Mandatory = false,
-            ParameterSetName = KeyVaultParameterSet,
-            ValueFromPipelineByPropertyName = true,
-            HelpMessage = "If specified, enables secrets to be retrieved from this key vault by the Microsoft.Compute resource provider when referenced in resource creation.")]
-        public SwitchParameter EnabledForDeployment { get; set; }
-
-        [Parameter(Mandatory = false,
-            ParameterSetName = KeyVaultParameterSet,
-            ValueFromPipelineByPropertyName = true,
-            HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Resource Manager when referenced in templates.")]
-        public SwitchParameter EnabledForTemplateDeployment { get; set; }
-
-        [Parameter(Mandatory = false,
-            ParameterSetName = KeyVaultParameterSet,
-            ValueFromPipelineByPropertyName = true,
-            HelpMessage = "If specified, enables secrets to be retrieved from this key vault by Azure Disk Encryption.")]
-        public SwitchParameter EnabledForDiskEncryption { get; set; }
-
-        #endregion
-
-        #region Managed HSM-specified Parameter Definitions
-
-        [Parameter(Mandatory = true,
-            ParameterSetName = ManagedHsmParameterSet,
-            HelpMessage = "Array of initial administrators object ids for this managed hsm pool.")]
-        public string[] Administrator { get; set; }
-
-        [Parameter(Mandatory = true,
-            ParameterSetName = ManagedHsmParameterSet,
-            HelpMessage = "Specifies the type of this vault as Managed HSM.")]
-        public SwitchParameter Hsm { get; set; }
-
-        #endregion
-
         public override void ExecuteCmdlet()
         {
             if (ShouldProcess(Name, Properties.Resources.CreateKeyVault))
             {
-                if (VaultExistsInCurrentSubscription(Name, Hsm.IsPresent))
+                if (VaultExistsInCurrentSubscription(Name))
                 {
                     throw new ArgumentException(Resources.VaultAlreadyExists);
                 }
@@ -183,14 +152,15 @@ public override void ExecuteCmdlet()
                     };
                 }
 
-                // Set common parameters
-                var vaultCreationParameter = new VaultCreationParameters()
+                var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationParameters()
                 {
                     Name = this.Name,
                     ResourceGroupName = this.ResourceGroupName,
                     Location = this.Location,
-                    SkuName = this.Sku,
-                    EnableSoftDelete = !this.DisableSoftDelete.IsPresent,
+                    EnabledForDeployment = this.EnabledForDeployment.IsPresent,
+                    EnabledForTemplateDeployment = EnabledForTemplateDeployment.IsPresent,
+                    EnabledForDiskEncryption = EnabledForDiskEncryption.IsPresent,
+                    EnableSoftDelete = !DisableSoftDelete.IsPresent,
                     EnablePurgeProtection = EnablePurgeProtection.IsPresent ? true : (bool?)null, // false is not accepted
                     /*
                      * If soft delete is enabled, but retention days is not specified, use the default value,
@@ -202,33 +172,17 @@ public override void ExecuteCmdlet()
                         : (this.IsParameterBound(c => c.SoftDeleteRetentionInDays)
                             ? SoftDeleteRetentionInDays
                             : Constants.DefaultSoftDeleteRetentionDays),
-
+                    SkuFamilyName = DefaultSkuFamily,
+                    SkuName = this.Sku,
                     TenantId = GetTenantId(),
                     AccessPolicy = accessPolicy,
                     NetworkAcls = new NetworkRuleSet(),     // New key-vault takes in default network rule set
                     Tags = this.Tag
-                };
-
-                switch (ParameterSetName)
-                {
-                    case KeyVaultParameterSet:
-                        vaultCreationParameter.EnabledForDeployment = this.EnabledForDeployment.IsPresent;
-                        vaultCreationParameter.EnabledForTemplateDeployment = EnabledForTemplateDeployment.IsPresent;
-                        vaultCreationParameter.EnabledForDiskEncryption = EnabledForDiskEncryption.IsPresent;
-                        vaultCreationParameter.SkuFamilyName = DefaultSkuFamily;
-                        this.WriteObject(KeyVaultManagementClient.CreateNewVault(vaultCreationParameter, ActiveDirectoryClient, NetworkRuleSet));
-                        break;
-
-                    case ManagedHsmParameterSet:
-                        vaultCreationParameter.Administrator = this.Administrator;
-                        vaultCreationParameter.SkuFamilyName = DefaultManagedHsmSkuFamily;
-                        this.WriteObject(KeyVaultManagementClient.CreateNewManagedHsm(vaultCreationParameter, ActiveDirectoryClient));
-                        break;
-                    default:
-                        throw new ArgumentException(Resources.BadParameterSetName);
-                }
+                },
+                    ActiveDirectoryClient,
+                    NetworkRuleSet);
 
-          
+                this.WriteObject(newVault);
 
                 if (accessPolicy == null)
                 {

From dacef85f7fc73d7baa7b68de69dd074f5e93a23d Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Mon, 12 Oct 2020 14:15:52 +0800
Subject: [PATCH 3/8] remove managed hsm

---
 .../ManagedHsmManagementTests.ps1             |  28 ++--
 src/KeyVault/KeyVault/Az.KeyVault.psd1        |   3 +-
 .../KeyVault/Commands/NewAzureKeyVault.cs     |   1 +
 .../KeyVault/Commands/RemoveAzureKeyVault.cs  |  31 +---
 .../Commands/RemoveAzureManagedHsm.cs         | 143 ++++++++++++++++++
 .../KeyVault/Commands/UpdateAzureKeyVault.cs  |  47 +++---
 src/KeyVault/KeyVault/KeyVault.format.ps1xml  |   4 +-
 .../KeyVault/Properties/Resources.Designer.cs |  27 ++++
 .../KeyVault/Properties/Resources.resx        |   9 ++
 src/KeyVault/KeyVault/help/Get-AzKeyVault.md  |  42 +----
 src/KeyVault/KeyVault/help/New-AzKeyVault.md  |  87 ++---------
 .../KeyVault/help/Remove-AzKeyVault.md        |  33 +---
 .../KeyVault/help/Update-AzKeyVault.md        |  18 +--
 13 files changed, 253 insertions(+), 220 deletions(-)
 create mode 100644 src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs

diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
index f62ca9f6d72a..79f9f457c393 100644
--- a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
+++ b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
@@ -18,16 +18,16 @@ Tests CRUD for Managed Hsm.
 #>
 function Test-ManagedHsmCRUD {
     $rgName = getAssetName
-    $rgLocation = Get-Location "Microsoft.Resources" "resourceGroups" "West US"
+    $rgLocation = Get-Location "Microsoft.Resources" "resourceGroups" "eastus2euap"
     $hsmName = getAssetName
-    $hsmLocation = Get-Location "Microsoft.KeyVault" "managedHSMs" "East US 2"
+    $hsmLocation = Get-Location "Microsoft.KeyVault" "managedHSMs" "eastus2euap"
     $administrator = "c1be1392-39b8-4521-aafc-819a47008545"
     New-AzResourceGroup -Name $rgName -Location $rgLocation
 
     try {
-        # Test create a default Managed HSM
-        $hsm = New-AzKeyVault -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator -Hsm
-        Assert-AreEqual $hsmName $hsm.VaultName
+        # Test create a default managed hsm
+        $hsm = New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
+        Assert-AreEqual $hsmName $hsm.Name
         Assert-AreEqual $rgName $hsm.ResourceGroupName
         Assert-AreEqual $hsmLocation $hsm.Location
         Assert-AreEqual 1  $hsm.InitialAdminObjectIds.Count
@@ -37,23 +37,23 @@ function Test-ManagedHsmCRUD {
         # Default retention days
         Assert-AreEqual 90 $hsm.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
 
-        # Test get Managed HSM
-        $got = Get-AzKeyVault -Name $hsmName -ResourceType Hsm           
+        # Test get managed hsm
+        $got = Get-AzManagedHsm -Name $hsmName    
         Assert-NotNull $got
-        Assert-AreEqual $hsmName $got.VaultName
+        Assert-AreEqual $hsmName $got.Name
         Assert-AreEqual $rgName $got.ResourceGroupName
         Assert-AreEqual $hsmLocation $got.Location
         
-        # Test throws for existing vault
-        Assert-Throws { New-AzKeyVault -VaultName $hsmName -ResourceGroupName $rgname -Location $vaultLocation -Administrator $administrator -Hsm}
+        # Test throws for existing managed hsm
+        Assert-Throws { New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
 
-        # Test remove Managed HSM
-        Remove-AzKeyVault -InputObject $got -Hsm -Force
-        $deletedMhsm = Get-AzKeyVault -VaultName $hsmName -ResourceGroupName $rgName
+        # Test remove managed hsm
+        Remove-AzManagedHsm -InputObject $got -Force
+        $deletedMhsm = Get-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName
         Assert-Null $deletedMhsm
 
         # Test throws for resourcegroup nonexistent
-        Assert-Throws { New-AzKeyVault -VaultName (getAssetName) -ResourceGroupName (getAssetName) -Location $vaultLocation -Administrator $administrator -Hsm}
+        Assert-Throws {  New-AzManagedHsm -Name (getAssetName) -ResourceGroupName (getAssetName) -Location $hsmLocation -Administrator $administrator }
     }
 
     finally {
diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1
index 0184e66ed698..57fa2b795ae8 100644
--- a/src/KeyVault/KeyVault/Az.KeyVault.psd1
+++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1
@@ -89,7 +89,8 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate',
                'Remove-AzKeyVaultCertificateOperation', 
                'Set-AzKeyVaultCertificateIssuer', 
                'Set-AzKeyVaultCertificatePolicy', 
-               'Get-AzManagedHsm', 
+               'Get-AzManagedHsm', 'New-AzManagedHsm', 
+               'Remove-AzManagedHsm', 
                'Get-AzKeyVault', 'New-AzKeyVault', 
                'Remove-AzKeyVault', 'Undo-AzKeyVaultRemoval', 
                'Remove-AzKeyVaultAccessPolicy', 'Set-AzKeyVaultAccessPolicy', 
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
index 6a8f336e4352..1d6462065a77 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
@@ -100,6 +100,7 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
         [Parameter(Mandatory = false,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).")]
+        [ValidateSet("Standard", "Premium")]
         public string Sku { get; set; }
 
         [Parameter(Mandatory = false,
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
index c4bfdd0ec616..c0f8a744f636 100644
--- a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
@@ -71,7 +71,7 @@ public class RemoveAzureKeyVault : KeyVaultManagementCmdletBase
             ValueFromPipeline = true,
             HelpMessage = "Key Vault object to be deleted.")]
         [ValidateNotNullOrEmpty]
-        public PSKeyVaultIdentityItem InputObject { get; set; }
+        public PSKeyVault InputObject { get; set; }
 
         /// <summary>
         /// Vault object
@@ -134,17 +134,6 @@ public class RemoveAzureKeyVault : KeyVaultManagementCmdletBase
             HelpMessage = "Remove the previously deleted vault permanently.")]
         public SwitchParameter InRemovedState { get; set; }
 
-        [Parameter(Mandatory = false,
-            ParameterSetName = RemoveVaultParameterSet,
-            HelpMessage = "Specifies the type of vault as Managed HSM.")]
-        [Parameter(Mandatory = false,
-            ParameterSetName = InputObjectRemoveVaultParameterSet,
-            HelpMessage = "Specifies the type of vault as Managed HSM.")]
-        [Parameter(Mandatory = false,
-            ParameterSetName = ResourceIdRemoveVaultParameterSet,
-            HelpMessage = "Specifies the type of vault as Managed HSM.")]
-        public SwitchParameter Hsm { get; set; }
-
         /// <summary>
         /// If present, do not ask for confirmation
         /// </summary>
@@ -203,8 +192,7 @@ public override void ExecuteCmdlet()
             }
             else
             {
-                // Get resource group name for keyvault or ManagedHsm
-                ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName,Hsm.IsPresent) : ResourceGroupName;
+                ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(VaultName) : ResourceGroupName;
                 if (string.IsNullOrWhiteSpace(ResourceGroupName))
                     throw new ArgumentException(string.Format(Resources.VaultNotFound, VaultName, ResourceGroupName));
                 ConfirmAction(
@@ -220,18 +208,9 @@ public override void ExecuteCmdlet()
                     VaultName,
                     () =>
                     {
-                        if (Hsm.IsPresent)
-                        {
-                            KeyVaultManagementClient.DeleteManagedHsm(
-                                managedHsm:VaultName,
-                                resourceGroupName: ResourceGroupName);
-                        }
-                        else
-                        {
-                            KeyVaultManagementClient.DeleteVault(
-                                vaultName: VaultName,
-                                resourceGroupName: ResourceGroupName);
-                        }
+                        KeyVaultManagementClient.DeleteVault(
+                    vaultName: VaultName,
+                    resourceGroupName: this.ResourceGroupName);
 
                         if (PassThru)
                         {
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
new file mode 100644
index 000000000000..e82a6651eb97
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
@@ -0,0 +1,143 @@
+
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Properties;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using System;
+using System.Globalization;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.KeyVault
+{
+    [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm", SupportsShouldProcess = true, DefaultParameterSetName = RemoveManagedHsmByNameParameterSet)]
+    [OutputType(typeof(bool))]
+    public class RemoveAzureManagedHsm : KeyVaultManagementCmdletBase
+    {
+        #region Parameter Set Names
+
+        private const string RemoveManagedHsmByNameParameterSet = "RemoveManagedHsmByName";
+        private const string RemoveManagedHsmByInputObjectParameterSet = "RemoveManagedHsmByInputObject";
+        private const string RemoveManagedHsmByResourceIdParameterSet = "RemoveManagedHsmByResourceId";
+
+        #endregion
+
+        #region Input Parameter Definitions
+
+        /// <summary>
+        /// Hsm name
+        /// </summary>
+        [Parameter(Mandatory = true,
+            Position = 0,
+            ParameterSetName = RemoveManagedHsmByNameParameterSet,
+            HelpMessage = "Specifies the name of the managed hsm to remove.")]
+        [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "ResourceGroupName")]
+        [ValidateNotNullOrEmpty]
+        [Alias("Name")]
+        public string HsmName { get; set; }
+
+        /// <summary>
+        /// Hsm object
+        /// </summary>
+        [Parameter(Mandatory = true,
+            Position = 0,
+            ParameterSetName = RemoveManagedHsmByInputObjectParameterSet,
+            ValueFromPipeline = true,
+            HelpMessage = "Managed hsm object to be deleted.")]
+        [ValidateNotNullOrEmpty]
+        public PSManagedHsm InputObject { get; set; }
+
+        /// <summary>
+        /// Vault object
+        /// </summary>
+        [Parameter(Mandatory = true,
+            Position = 0,
+            ParameterSetName = RemoveManagedHsmByResourceIdParameterSet,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "ManagedHsm Resource Id.")]
+        [ValidateNotNullOrEmpty]
+        public string ResourceId { get; set; }
+
+        /// <summary>
+        /// Resource group to which the vault belongs.
+        /// </summary>
+        [Parameter(Mandatory = false,
+            Position = 1,
+            ParameterSetName = RemoveManagedHsmByNameParameterSet,
+            HelpMessage = "Specifies the name of resource group for Azure managed hsm to remove.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty()]
+        public string ResourceGroupName { get; set; }
+
+        [Parameter(Mandatory = false,
+            Position = 2,
+            ParameterSetName = RemoveManagedHsmByNameParameterSet,
+            HelpMessage = "The location of the managed hsm to be deleted.")]
+        [Parameter(Mandatory = false,
+            Position = 1,
+            ParameterSetName = RemoveManagedHsmByResourceIdParameterSet,
+            HelpMessage = "The location of the managed hsm to be deleted.")]
+        [LocationCompleter("Microsoft.KeyVault/managedHSMs")]
+        [ValidateNotNullOrEmpty()]
+        public string Location { get; set; }
+
+        /// <summary>
+        /// If present, do not ask for confirmation
+        /// </summary>
+        [Parameter(Mandatory = false,
+           HelpMessage = "Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the managed hsm.")]
+        public SwitchParameter Force { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
+        public SwitchParameter AsJob { get; set; }
+
+        [Parameter(Mandatory = false,
+           HelpMessage = "This Cmdlet does not return an object by default. If this switch is specified, it returns true if successful.")]
+        public SwitchParameter PassThru { get; set; }
+
+        #endregion
+
+        public override void ExecuteCmdlet()
+        {
+            if (InputObject != null)
+            {
+                HsmName = InputObject.Name;
+                ResourceGroupName = InputObject.ResourceGroupName;
+                Location = InputObject.Location;
+            }
+            else if (ResourceId != null)
+            {
+                var resourceIdentifier = new ResourceIdentifier(ResourceId);
+                HsmName = resourceIdentifier.ResourceName;
+                ResourceGroupName = resourceIdentifier.ResourceGroupName;
+            }
+
+            // Get resource group name for ManagedHsm
+            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(HsmName, true) : ResourceGroupName;
+            if (string.IsNullOrWhiteSpace(ResourceGroupName))
+                throw new ArgumentException(string.Format(Resources.HsmNotFound, HsmName, ResourceGroupName));
+
+            ConfirmAction(
+                Force.IsPresent,
+                string.Format(
+                    CultureInfo.InvariantCulture,
+                    Resources.RemoveHsmWarning,
+                    HsmName),
+                string.Format(
+                    CultureInfo.InvariantCulture,
+                    Resources.RemoveHsmWhatIfMessage,
+                    HsmName),
+                HsmName,
+                () =>
+                {
+                    KeyVaultManagementClient.DeleteManagedHsm(
+                        managedHsm: HsmName,
+                        resourceGroupName: ResourceGroupName);
+
+                    if (PassThru)
+                    {
+                        WriteObject(true);
+                    }
+                });
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs
index da1002989b13..9c1718e2e0c6 100644
--- a/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/UpdateAzureKeyVault.cs
@@ -23,43 +23,39 @@
 
 namespace Microsoft.Azure.Commands.KeyVault
 {
-    [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVault", DefaultParameterSetName = UpdateKeyVault + ByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSKeyVault))]
+    [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVault", DefaultParameterSetName = UpdateByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSKeyVault))]
     public class UpdateTopLevelResourceCommand : KeyVaultManagementCmdletBase
     {
-        private const string UpdateKeyVault = "UpdateKeyVault";
-        private const string ByNameParameterSet = "ByNameParameterSet";
-        private const string ByInputObjectParameterSet = "ByInputObjectParameterSet";
-        private const string ByResourceIdParameterSet = "ByResourceIdParameterSet";
+        private const string UpdateByNameParameterSet = "UpdateByNameParameterSet";
+        private const string UpdateByInputObjectParameterSet = "UpdateByInputObjectParameterSet";
+        private const string UpdateByResourceIdParameterSet = "UpdateByResourceIdParameterSet";
 
-        [Parameter(Mandatory = true, ParameterSetName = UpdateKeyVault + ByNameParameterSet, HelpMessage = "Name of the resource group.")]
+        [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the resource group.")]
         [ResourceGroupCompleter]
         [ValidateNotNullOrEmpty]
         public string ResourceGroupName { get; set; }
 
-        [Parameter(Mandatory = true, ParameterSetName = UpdateKeyVault + ByNameParameterSet, HelpMessage = "Name of the key vault.")]
+        [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the key vault.")]
         [ResourceNameCompleter("Microsoft.KeyVault/vaults", nameof(ResourceGroupName))]
         [ValidateNotNullOrEmpty]
         [Alias("Name")]
         public string VaultName { get; set; }
 
-        [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = UpdateKeyVault + ByInputObjectParameterSet, HelpMessage = "Key vault object.")]
+        [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = UpdateByInputObjectParameterSet, HelpMessage = "Key vault object.")]
         [ValidateNotNull]
-        public PSKeyVaultIdentityItem InputObject { get; set; }
+        public PSKeyVault InputObject { get; set; }
 
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = UpdateKeyVault + ByResourceIdParameterSet, HelpMessage = "Resource ID of the key vault.")]
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = UpdateByResourceIdParameterSet, HelpMessage = "Resource ID of the key vault.")]
         [ValidateNotNullOrEmpty]
         public string ResourceId { get; set; }
 
-        [Parameter(Mandatory = false,
-            HelpMessage = "Enable the soft-delete functionality for this key vault. Once enabled it cannot be disabled.")]
+        [Parameter(Mandatory = false, HelpMessage = "Enable the soft-delete functionality for this key vault. Once enabled it cannot be disabled.")]
         public SwitchParameter EnableSoftDelete { get; set; }
 
-        [Parameter(Mandatory = false,
-            HelpMessage = "Enable the purge protection functionality for this key vault. Once enabled it cannot be disabled. It requires soft-delete to be turned on.")]
+        [Parameter(Mandatory = false, HelpMessage = "Enable the purge protection functionality for this key vault. Once enabled it cannot be disabled. It requires soft-delete to be turned on.")]
         public SwitchParameter EnablePurgeProtection { get; set; }
 
-        [Parameter(Mandatory = false, 
-            HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]   
+        [Parameter(Mandatory = false, HelpMessage = "Specifies how long deleted resources are retained, and how long until a vault or an object in the deleted state can be purged. The default is " + Constants.DefaultSoftDeleteRetentionDaysString + " days.")]
         [ValidateRange(Constants.MinSoftDeleteRetentionDays, Constants.MaxSoftDeleteRetentionDays)]
         [ValidateNotNullOrEmpty]
         public int SoftDeleteRetentionInDays { get; set; }
@@ -79,7 +75,7 @@ public override void ExecuteCmdlet()
                 this.VaultName = resourceIdentifier.ResourceName;
             }
 
-            PSKeyVaultIdentityItem existingResource = null;
+            PSKeyVault existingResource = null;
             try
             {
                 existingResource = KeyVaultManagementClient.GetVault(this.VaultName, this.ResourceGroupName);
@@ -91,23 +87,22 @@ public override void ExecuteCmdlet()
 
             if (existingResource == null)
             {
-                new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
+                throw new Exception(string.Format("A key vault with name '{0}' in resource group '{1}' does not exist. Please use New-AzKeyVault to create a key vault with these properties.", this.VaultName, this.ResourceGroupName));
             }
 
             if (this.ShouldProcess(this.VaultName, string.Format("Updating key vault '{0}' in resource group '{1}'.", this.VaultName, this.ResourceGroupName)))
             {
-                var existingKeyVaultResource = (PSKeyVault)existingResource;
-                var result = KeyVaultManagementClient.UpdateVault(existingKeyVaultResource,
-                    existingKeyVaultResource.AccessPolicies,
-                    existingKeyVaultResource.EnabledForDeployment,
-                    existingKeyVaultResource.EnabledForTemplateDeployment,
-                    existingKeyVaultResource.EnabledForDiskEncryption,
+                var result = KeyVaultManagementClient.UpdateVault(existingResource,
+                    existingResource.AccessPolicies,
+                    existingResource.EnabledForDeployment,
+                    existingResource.EnabledForTemplateDeployment,
+                    existingResource.EnabledForDiskEncryption,
                     EnableSoftDelete.IsPresent ? (true as bool?) : null,
                     EnablePurgeProtection.IsPresent ? (true as bool?) : null,
                     this.IsParameterBound(c => c.SoftDeleteRetentionInDays)
                         ? (SoftDeleteRetentionInDays as int?)
-                        : (existingKeyVaultResource.SoftDeleteRetentionInDays ?? Constants.DefaultSoftDeleteRetentionDays),
-                    existingKeyVaultResource.NetworkAcls
+                        : (existingResource.SoftDeleteRetentionInDays ?? Constants.DefaultSoftDeleteRetentionDays),
+                    existingResource.NetworkAcls
                 );
                 WriteObject(result);
             }
diff --git a/src/KeyVault/KeyVault/KeyVault.format.ps1xml b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
index 05cb9cd05dff..ab0bd8ca0258 100644
--- a/src/KeyVault/KeyVault/KeyVault.format.ps1xml
+++ b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
@@ -416,7 +416,7 @@
           </TableColumnHeader>
           <TableColumnHeader>
             <Alignment>Left</Alignment>
-            <Label>Administrator</Label>
+            <Label>SKU</Label>
           </TableColumnHeader>
         </TableHeaders>
         <TableRowEntries>
@@ -436,7 +436,7 @@
               </TableColumnItem>
               <TableColumnItem>
                 <Alignment>Left</Alignment>
-                <PropertyName>InitialAdminObjectIds</PropertyName>
+                <PropertyName>Sku</PropertyName>
               </TableColumnItem>
             </TableColumnItems>
           </TableRowEntry>
diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
index a1f9af18ff38..697a1fcdb753 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
+++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
@@ -351,6 +351,15 @@ internal static string HsmAlreadyExists {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Cannot find hsm &apos;{0}&apos; in resource group &apos;{1}&apos;..
+        /// </summary>
+        internal static string HsmNotFound {
+            get {
+                return ResourceManager.GetString("HsmNotFound", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to BYOK key can not be imported as software key.
         /// </summary>
@@ -891,6 +900,24 @@ internal static string RemoveDeletedSecretWhatIfMessage {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Are you sure you want to remove hsm &apos;{0}&apos;..
+        /// </summary>
+        internal static string RemoveHsmWarning {
+            get {
+                return ResourceManager.GetString("RemoveHsmWarning", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Remove hsm.
+        /// </summary>
+        internal static string RemoveHsmWhatIfMessage {
+            get {
+                return ResourceManager.GetString("RemoveHsmWhatIfMessage", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Are you sure you want to remove key &apos;{0}&apos;..
         /// </summary>
diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx
index 20c7056e502e..48361a08fe13 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.resx
+++ b/src/KeyVault/KeyVault/Properties/Resources.resx
@@ -501,4 +501,13 @@ You can find the object ID using Azure Active Directory Module for Windows Power
   <data name="KeyOpsImportIsExclusive" xml:space="preserve">
     <value>The "import" operation is exclusive, it cannot be combined with any other value(s).</value>
   </data>
+  <data name="HsmNotFound" xml:space="preserve">
+    <value>Cannot find hsm '{0}' in resource group '{1}'.</value>
+  </data>
+  <data name="RemoveHsmWarning" xml:space="preserve">
+    <value>Are you sure you want to remove hsm '{0}'.</value>
+  </data>
+  <data name="RemoveHsmWhatIfMessage" xml:space="preserve">
+    <value>Remove hsm</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVault.md b/src/KeyVault/KeyVault/help/Get-AzKeyVault.md
index 2bd2cdd46b76..663f7be76cfb 100644
--- a/src/KeyVault/KeyVault/help/Get-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/Get-AzKeyVault.md
@@ -15,8 +15,8 @@ Gets key vaults.
 
 ### GetVaultByName (Default)
 ```
-Get-AzKeyVault [[-VaultName] <String>] [[-ResourceGroupName] <String>] [-ResourceType <ResourceTypeName>]
- [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+Get-AzKeyVault [[-VaultName] <String>] [[-ResourceGroupName] <String>] [-Tag <Hashtable>]
+ [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ### ByDeletedVault
@@ -181,28 +181,6 @@ Tags                :
 
 This command gets all the key vaults in the subscription that start with "myvault".
 
-### Example 7: Get a specific managed hsm
-```powershell
-PS C:\> Get-AzKeyVault -Name 'TestManagedHsm' -ResourceType Hsm
-
-ManagedHsm Name                     : TestManagedHsm
-Resource Group Name                 : testGroup9
-Location                            : eastus2
-Resource ID                         : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testGroup9/pro
-                                      viders/Microsoft.KeyVault/managedHSMs/TestManagedHsm
-Hsm Pool URI                        :
-Tenant ID                           : xxxxxxxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
-Security Domain ID                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-Initial Admin Object Ids            : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
-SKU                                 : StandardB1
-Soft Delete Enabled?                : True
-Enabled Purge Protection?           :
-Soft Delete Retention Period (days) : 90
-Tags                                :
-```
-
-This command gets the managed hsm named TestManagedHsm in your current subscription.
-
 ## PARAMETERS
 
 ### -DefaultProfile
@@ -265,22 +243,6 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
-### -ResourceType
-Specifies the type of Vault / HSM to be shown. If omitted, both will be listed.
-
-```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.ResourceTypeName
-Parameter Sets: GetVaultByName
-Aliases: Type
-Accepted values: Vault, Hsm
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -Tag
 Key-value pairs in the form of a hash table. For example:
 @{key0="value0";key1=$null;key2="value2"}
diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVault.md b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
index 6b7c3b9ffc84..b8c0d1d65612 100644
--- a/src/KeyVault/KeyVault/help/New-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
@@ -13,22 +13,14 @@ Creates a key vault.
 
 ## SYNTAX
 
-### KeyVaultParameterSet
 ```
-New-AzKeyVault [-Name] <String> [-ResourceGroupName] <String> [-Location] <String> [-DisableSoftDelete]
- [-EnablePurgeProtection] [-SoftDeleteRetentionInDays <Int32>] [-Sku <String>] [-Tag <Hashtable>]
- [-NetworkRuleSet <PSKeyVaultNetworkRuleSet>] [-EnabledForDeployment] [-EnabledForTemplateDeployment]
- [-EnabledForDiskEncryption] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+New-AzKeyVault [-Name] <String> [-ResourceGroupName] <String> [-Location] <String> [-EnabledForDeployment]
+ [-EnabledForTemplateDeployment] [-EnabledForDiskEncryption] [-DisableSoftDelete] [-EnablePurgeProtection]
+ [-SoftDeleteRetentionInDays <Int32>] [-Sku <SkuName>] [-Tag <Hashtable>]
+ [-NetworkRuleSet <PSKeyVaultNetworkRuleSet>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
 
-### ManagedHsmParameterSet
-```
-New-AzKeyVault [-Name] <String> [-ResourceGroupName] <String> [-Location] <String> [-Sku <String>]
- [-Tag <Hashtable>] -Administrator <String[]> [-Hsm] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
- [-Confirm] [<CommonParameters>]
-```
-
 ## DESCRIPTION
 The **New-AzKeyVault** cmdlet creates a key vault in the specified resource group. This cmdlet
 also grants permissions to the currently logged on user to add, remove, or list keys and secrets in
@@ -126,47 +118,8 @@ PS C:\> New-AzKeyVault -ResourceGroupName "myRg" -VaultName "myVault" -NetworkRu
 
 Creating a key vault and specifies network rules to allow access to the specified IP address from the virtual network identified by $myNetworkResId. See `New-AzKeyVaultNetworkRuleSetObject` for more information.
 
-### Example 4: Create a StandardB1 managed hsm
-```powershell
-PS C:\> New-AzKeyVault -Name 'TestManagedHsm' -ResourceGroupName 'testGroup9' -Location 'eastus2' -Administrator "xxxxxxxxxxxxxxxxxx-xxxx-xxxxxxxxxxxx" -Hsm
-
-ManagedHsm Name                     : TestManagedHsm
-Resource Group Name                 : testGroup9
-Location                            : eastus2
-Resource ID                         : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testGroup9/pro
-                                      viders/Microsoft.KeyVault/managedHSMs/TestManagedHsm
-Hsm Pool URI                        :
-Tenant ID                           : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-Security Domain ID                  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-Initial Admin Object Ids            : {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
-SKU                                 : StandardB1
-Soft Delete Enabled?                : True
-Enabled Purge Protection?           :
-Soft Delete Retention Period (days) : 90
-Tags
-```
-
-This command creates a managed hsm named TestManagedHsm, in the Azure region East US 2. The command
-adds the managed hsm to the resource group named testGroup9. Because the command does not specify a
-value for the *SKU* parameter, it creates a StandardB1 key vault.
-
 ## PARAMETERS
 
-### -Administrator
-Array of initial administrators object ids for this managed hsm pool.
-
-```yaml
-Type: System.String[]
-Parameter Sets: ManagedHsmParameterSet
-Aliases:
-
-Required: True
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -DefaultProfile
 The credentials, account, tenant, and subscription used for communication with azure
 
@@ -187,7 +140,7 @@ If specified, 'soft delete' functionality is disabled for this key vault.
 
 ```yaml
 Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -203,7 +156,7 @@ key vault is referenced in resource creation, for example when creating a virtua
 
 ```yaml
 Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -218,7 +171,7 @@ Enables the Azure disk encryption service to get secrets and unwrap keys from th
 
 ```yaml
 Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -233,7 +186,7 @@ Enables Azure Resource Manager to get secrets from this key vault when this key
 
 ```yaml
 Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -248,7 +201,7 @@ If specified, protection against immediate deletion is enabled for this vault; r
 
 ```yaml
 Type: System.Management.Automation.SwitchParameter
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -258,21 +211,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -Hsm
-Specifies the type of this vault as managed hsm.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: ManagedHsmParameterSet
-Aliases:
-
-Required: True
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -Location
 Specifies the Azure region in which to create the key vault. Use the command [Get-AzLocation](https://docs.microsoft.com/powershell/module/Azure/Get-AzLocation) to see your choices.
 
@@ -308,7 +246,7 @@ Specifies the network rule set of the vault. It governs the accessibility of the
 
 ```yaml
 Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultNetworkRuleSet
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -337,9 +275,10 @@ Accept wildcard characters: False
 Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (https://go.microsoft.com/fwlink/?linkid=512521).
 
 ```yaml
-Type: System.String
+Type: Microsoft.Azure.Management.KeyVault.Models.SkuName
 Parameter Sets: (All)
 Aliases:
+Accepted values: Standard, Premium
 
 Required: False
 Position: Named
@@ -353,7 +292,7 @@ Specifies how long deleted resources are retained, and how long until a vault or
 
 ```yaml
 Type: System.Int32
-Parameter Sets: KeyVaultParameterSet
+Parameter Sets: (All)
 Aliases:
 
 Required: False
diff --git a/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md b/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md
index a6e64beac041..45acf6bc7803 100644
--- a/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/Remove-AzKeyVault.md
@@ -15,7 +15,7 @@ Deletes a key vault.
 
 ### ByAvailableVault (Default)
 ```
-Remove-AzKeyVault [-VaultName] <String> [[-ResourceGroupName] <String>] [[-Location] <String>] [-Hsm] [-Force]
+Remove-AzKeyVault [-VaultName] <String> [[-ResourceGroupName] <String>] [[-Location] <String>] [-Force]
  [-AsJob] [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -27,19 +27,19 @@ Remove-AzKeyVault [-VaultName] <String> [-Location] <String> [-InRemovedState] [
 
 ### InputObjectByAvailableVault
 ```
-Remove-AzKeyVault [-InputObject] <PSKeyVaultIdentityItem> [-Hsm] [-Force] [-AsJob] [-PassThru]
+Remove-AzKeyVault [-InputObject] <PSKeyVault> [-Force] [-AsJob] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### InputObjectByDeletedVault
 ```
-Remove-AzKeyVault [-InputObject] <PSKeyVaultIdentityItem> [-InRemovedState] [-Force] [-AsJob] [-PassThru]
+Remove-AzKeyVault [-InputObject] <PSKeyVault> [-InRemovedState] [-Force] [-AsJob] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### ResourceIdByAvailableVault
 ```
-Remove-AzKeyVault [-ResourceId] <String> [[-Location] <String>] [-Hsm] [-Force] [-AsJob] [-PassThru]
+Remove-AzKeyVault [-ResourceId] <String> [[-Location] <String>] [-Force] [-AsJob] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -75,14 +75,6 @@ True
 This command removes the key vault named Contoso03Vault from the named resource group.
 If you do not specify the resource group name, the cmdlet searches for the named key vault to delete in your current subscription.
 
-### Example 3: Remove a managed hsm
-```powershell
-PS C:\>  Remove-AzKeyVault -Name "testManagedHsm" -Hsm -PassThru
-
-True
-```
-This command removes the managed hsm named testManagedHsm from your current subscription.
-
 ## PARAMETERS
 
 ### -AsJob
@@ -131,26 +123,11 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -Hsm
-Specifies the type of vault as managed hsm.
-
-```yaml
-Type: System.Management.Automation.SwitchParameter
-Parameter Sets: ByAvailableVault, InputObjectByAvailableVault, ResourceIdByAvailableVault
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -InputObject
 Key Vault object to be deleted.
 
 ```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultIdentityItem
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault
 Parameter Sets: InputObjectByAvailableVault, InputObjectByDeletedVault
 Aliases:
 
diff --git a/src/KeyVault/KeyVault/help/Update-AzKeyVault.md b/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
index 2b564f5fceaf..903820f6f2fc 100644
--- a/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
@@ -12,21 +12,21 @@ Update the state of an Azure key vault.
 
 ## SYNTAX
 
-### UpdateKeyVaultByNameParameterSet (Default)
+### UpdateByNameParameterSet (Default)
 ```
 Update-AzKeyVault -ResourceGroupName <String> -VaultName <String> [-EnableSoftDelete] [-EnablePurgeProtection]
  [-SoftDeleteRetentionInDays <Int32>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
 
-### UpdateKeyVaultByInputObjectParameterSet
+### UpdateByInputObjectParameterSet
 ```
-Update-AzKeyVault -InputObject <PSKeyVaultIdentityItem> [-EnableSoftDelete] [-EnablePurgeProtection]
+Update-AzKeyVault -InputObject <PSKeyVault> [-EnableSoftDelete] [-EnablePurgeProtection]
  [-SoftDeleteRetentionInDays <Int32>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
 
-### UpdateKeyVaultByResourceIdParameterSet
+### UpdateByResourceIdParameterSet
 ```
 Update-AzKeyVault -ResourceId <String> [-EnableSoftDelete] [-EnablePurgeProtection]
  [-SoftDeleteRetentionInDays <Int32>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
@@ -107,8 +107,8 @@ Accept wildcard characters: False
 Key vault object.
 
 ```yaml
-Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultIdentityItem
-Parameter Sets: UpdateKeyVaultByInputObjectParameterSet
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault
+Parameter Sets: UpdateByInputObjectParameterSet
 Aliases:
 
 Required: True
@@ -123,7 +123,7 @@ Name of the resource group.
 
 ```yaml
 Type: System.String
-Parameter Sets: UpdateKeyVaultByNameParameterSet
+Parameter Sets: UpdateByNameParameterSet
 Aliases:
 
 Required: True
@@ -138,7 +138,7 @@ Resource ID of the key vault.
 
 ```yaml
 Type: System.String
-Parameter Sets: UpdateKeyVaultByResourceIdParameterSet
+Parameter Sets: UpdateByResourceIdParameterSet
 Aliases:
 
 Required: True
@@ -168,7 +168,7 @@ Name of the key vault.
 
 ```yaml
 Type: System.String
-Parameter Sets: UpdateKeyVaultByNameParameterSet
+Parameter Sets: UpdateByNameParameterSet
 Aliases: Name
 
 Required: True

From 88c720ebec50b34bccf68d93045e1c895a31fc1c Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Mon, 12 Oct 2020 17:39:46 +0800
Subject: [PATCH 4/8] update help.md

---
 src/KeyVault/KeyVault/KeyVault.format.ps1xml  |  32 +--
 .../KeyVault/help/Get-AzManagedHsm.md         | 157 +++++++++++
 src/KeyVault/KeyVault/help/New-AzKeyVault.md  |   4 +-
 .../KeyVault/help/New-AzManagedHsm.md         | 217 +++++++++++++++
 .../KeyVault/help/Remove-AzManagedHsm.md      | 249 ++++++++++++++++++
 5 files changed, 641 insertions(+), 18 deletions(-)
 create mode 100644 src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
 create mode 100644 src/KeyVault/KeyVault/help/New-AzManagedHsm.md
 create mode 100644 src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md

diff --git a/src/KeyVault/KeyVault/KeyVault.format.ps1xml b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
index ab0bd8ca0258..6b58c3bc3390 100644
--- a/src/KeyVault/KeyVault/KeyVault.format.ps1xml
+++ b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
@@ -449,22 +449,22 @@
         <TypeName>Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm</TypeName>
       </ViewSelectedBy>
       <ListControl>
-	       <ListEntries>
-	         <ListEntry>
-	           <ListItems>
-	             <ListItem>
-		              <Label>Managed Hsm Name</Label>
-		                <PropertyName>Name</PropertyName>
-	             </ListItem>
-	             <ListItem>
-		              <Label>Resource Group Name</Label>
-		                <PropertyName>ResourceGroupName</PropertyName>
-	             </ListItem>
-	             <ListItem>
-		              <Label>Location</Label>
-		              <PropertyName>Location</PropertyName>
-	             </ListItem>
-	             <ListItem>
+        <ListEntries>
+          <ListEntry>
+            <ListItems>
+              <ListItem>
+                <Label>Managed Hsm Name</Label>
+                <PropertyName>Name</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Resource Group Name</Label>
+                <PropertyName>ResourceGroupName</PropertyName>
+              </ListItem>
+              <ListItem>
+                <Label>Location</Label>
+                <PropertyName>Location</PropertyName>
+              </ListItem>
+              <ListItem>
                 <Label>Resource ID</Label>
                 <PropertyName>ResourceId</PropertyName>
               </ListItem>
diff --git a/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
new file mode 100644
index 000000000000..217d783a7103
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
@@ -0,0 +1,157 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version:
+schema: 2.0.0
+---
+
+# Get-AzManagedHsm
+
+## SYNOPSIS
+Get managed hsms.
+## SYNTAX
+
+```
+Get-AzManagedHsm [[-HsmName] <String>] [[-ResourceGroupName] <String>] [-Tag <Hashtable>]
+ [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+The **Get-AzManagedHsm** cmdlet gets information about the managed hsms in a subscription. You can
+view all managed hsms instances in a subscription, or filter your results by a resource group or a
+particular managed hsm.
+Note that although specifying the resource group is optional for this cmdlet when you get a single
+managed hsm, you should do so for better performance.
+
+### Example 1: Get all managed hsms in your current subscription
+```powershell
+PS C:\> Get-AzManagedHsm
+
+Name  Resource Group Name Location    SKU
+----  ------------------- --------    ---
+myhsm myrg1               eastus2euap StandardB1
+```
+
+This command gets all managed hsms in your current subscription.
+
+### Example 2: Get a specific managed hsm
+```powershell
+PS C:\> Get-AzManagedHsm -Name 'myhsm'
+
+Name  Resource Group Name Location    SKU
+----  ------------------- --------    ---
+myhsm myrg1               eastus2euap StandardB1
+```
+
+This command gets the managed hsm named myhsm in your current subscription.
+
+### Example 3: Get managed hsms in a resource group
+```powershell
+PS C:\> Get-AzManagedHsm -ResourceGroupName 'myrg1'
+
+Name  Resource Group Name Location    SKU
+----  ------------------- --------    ---
+myhsm myrg1               eastus2euap StandardB1
+```
+
+This command gets all managed hsms in the resource group named myrg1.
+
+### Example 4: Get managed hsms using filtering
+```powershell
+PS C:\> Get-AzManagedHsm -Name 'myhsm*'
+
+Name  Resource Group Name Location    SKU
+----  ------------------- --------    ---
+myhsm myrg1               eastus2euap StandardB1
+```
+
+This command gets all managed hsms in the subscription that start with "myhsm".
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmName
+Hsm name.
+Cmdlet constructs the FQDN of a hsm based on the name and currently selected environment.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases: Name
+
+Required: False
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Specifies the name of the resource group associated with the managed hsm being queried.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Tag
+Specifies the key and optional value of the specified tag to filter the list of managed hsms by.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.String
+
+### System.Collections.Hashtable
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultIdentityItem
+
+## NOTES
+
+## RELATED LINKS
+
+[New-AzManagedHsm](./New-AzManagedHsm.md)
+
+[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVault.md b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
index b8c0d1d65612..e50ccf60924f 100644
--- a/src/KeyVault/KeyVault/help/New-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
@@ -16,7 +16,7 @@ Creates a key vault.
 ```
 New-AzKeyVault [-Name] <String> [-ResourceGroupName] <String> [-Location] <String> [-EnabledForDeployment]
  [-EnabledForTemplateDeployment] [-EnabledForDiskEncryption] [-DisableSoftDelete] [-EnablePurgeProtection]
- [-SoftDeleteRetentionInDays <Int32>] [-Sku <SkuName>] [-Tag <Hashtable>]
+ [-SoftDeleteRetentionInDays <Int32>] [-Sku <String>] [-Tag <Hashtable>]
  [-NetworkRuleSet <PSKeyVaultNetworkRuleSet>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
@@ -275,7 +275,7 @@ Accept wildcard characters: False
 Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (https://go.microsoft.com/fwlink/?linkid=512521).
 
 ```yaml
-Type: Microsoft.Azure.Management.KeyVault.Models.SkuName
+Type: System.String
 Parameter Sets: (All)
 Aliases:
 Accepted values: Standard, Premium
diff --git a/src/KeyVault/KeyVault/help/New-AzManagedHsm.md b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
new file mode 100644
index 000000000000..30b5736ed1bf
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
@@ -0,0 +1,217 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version:
+schema: 2.0.0
+---
+
+# New-AzManagedHsm
+
+## SYNOPSIS
+Creates a managed hsm.
+
+## SYNTAX
+
+```
+New-AzManagedHsm [-Name] <String> [-ResourceGroupName] <String> [-Location] <String>
+ [-Administrator] <String[]> [-Sku <String>] [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>]
+ [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+## DESCRIPTION
+The **New-AzManagedHsm** cmdlet creates a managed hsm in the specified resource group. To add, 
+remove, or list keys in the managed hsm, user should grant permissions by adding uid to 
+Administrator.
+
+## EXAMPLES
+
+### Example 1: Create a StandardB1 managed hsm
+```powershell
+PS C:\> New-AzManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+
+Name  Resource Group Name Location    SKU
+----  ------------------- --------    ---
+myhsm myrg1               eastus2euap StandardB1
+```
+
+This command creates a managed hsm named myhsm in the location eastus2euap. The command
+adds the managed hsm to the resource group named myrg1. Because the command does not specify a
+value for the *SKU* parameter, it creates a Standard_B1 managed hsm.
+
+### Example 2: Create a CustomB32 managed hsm
+```powershell
+PS C:\>New-AzManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Sku 'CustomB32'
+Name  Resource Group Name Location    SKU
+
+----  ------------------- --------    ---
+myhsm myrg1               eastus2euap CustomB32
+```                      
+
+This command creates a managed hsm, just like the previous example. However, it specifies a value of
+CustomB32 for the *SKU* parameter to create a CustomB32 managed hsm.
+
+## PARAMETERS
+
+### -Administrator
+Array of initial administrators object ids for this managed hsm pool.
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 3
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Location
+Specifies the Azure region in which to create the key vault.
+Use the command Get-AzResourceProvider with the ProviderNamespace parameter to see your choices.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Name
+Specifies a name of the managed hsm to create.
+The name can be any combination of letters, digits, or hyphens.
+The name must start and end with a letter or digit.
+The name must be universally unique.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases: HsmName
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Specifies the name of an existing resource group in which to create the key vault.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Sku
+Specifies the SKU of the managed hsm instance.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+Accepted values: StandardB1, CustomB32
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Tag
+A hash table which represents resource tags.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases: Tags
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.String
+
+### System.String[]
+
+### System.Collections.Hashtable
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+## NOTES
+
+## RELATED LINKS
+
+[Get-AzManagedHsm](./Get-AzManagedHsm.md)
+
+[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
diff --git a/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
new file mode 100644
index 000000000000..47ac90ea3818
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
@@ -0,0 +1,249 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version:
+schema: 2.0.0
+---
+
+# Remove-AzManagedHsm
+
+## SYNOPSIS
+Deletes a managed hsm.
+
+## SYNTAX
+
+### RemoveManagedHsmByName (Default)
+```
+Remove-AzManagedHsm [-HsmName] <String> [[-ResourceGroupName] <String>] [[-Location] <String>] [-Force]
+ [-AsJob] [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+### RemoveManagedHsmByInputObject
+```
+Remove-AzManagedHsm [-InputObject] <PSManagedHsm> [-Force] [-AsJob] [-PassThru]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+### RemoveManagedHsmByResourceId
+```
+Remove-AzManagedHsm [-ResourceId] <String> [[-Location] <String>] [-Force] [-AsJob] [-PassThru]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+## DESCRIPTION
+The **Remove-AzManagedHsm** cmdlet deletes the specified managed hsm.
+It also deletes all keys contained in that instance.
+Note that although specifying the resource group is optional for this cmdlet, you should so for better performance.
+
+
+## EXAMPLES
+
+### Example 1: Remove a managed hsm
+```powershell
+PS C:\> Remove-AzManagedHsm -HsmName 'myhsm' -Force
+
+True
+```
+
+This command removes the managed hsm named myhsm from your current subscription.
+
+### Example 2: Remove a managed hsm from a specified resource group
+```powershell
+PS C:\> Remove-AzManagedHsm -HsmName 'myhsm' -ResourceGroupName "myrg1" -PassThru
+
+True
+```
+
+This command removes the managed hsm named myhsm from the resource group named myrg1.
+If you do not specify the resource group name, the cmdlet searches for the named managed hsm to delete in your current subscription.
+
+## PARAMETERS
+
+### -AsJob
+Run cmdlet in the background
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Force
+Indicates that the cmdlet does not prompt you for confirmation.
+By default, this cmdlet prompts you to confirm that you want to delete the managed hsm.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmName
+Specifies the name of the managed hsm to remove.
+
+```yaml
+Type: System.String
+Parameter Sets: RemoveManagedHsmByName
+Aliases: Name
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -InputObject
+Managed hsm object to be deleted.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: RemoveManagedHsmByInputObject
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Location
+The location of the managed hsm to be deleted.
+
+```yaml
+Type: System.String
+Parameter Sets: RemoveManagedHsmByName, RemoveManagedHsmByResourceId
+Aliases:
+
+Required: False
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PassThru
+This Cmdlet does not return an object by default.
+If this switch is specified, it returns true if successful.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Specifies the name of resource group for Azure managed hsm to remove.
+
+```yaml
+Type: System.String
+Parameter Sets: RemoveManagedHsmByName
+Aliases:
+
+Required: False
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceId
+ManagedHsm Resource Id.
+
+```yaml
+Type: System.String
+Parameter Sets: RemoveManagedHsmByResourceId
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+### System.String
+
+## OUTPUTS
+
+### System.Boolean
+
+## NOTES
+
+## RELATED LINKS
+
+[Get-AzManagedHsm](./Get-AzManagedHsm.md)
+
+[New-AzManagedHsm](./New-AzManagedHsm.md)
\ No newline at end of file

From e9461687a698c9dd38f35ddb3897e52ef9fce9aa Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Tue, 13 Oct 2020 16:32:35 +0800
Subject: [PATCH 5/8] update managed hsm

---
 .../ManagedHsmManagementTests.ps1             |   8 +-
 src/KeyVault/KeyVault/Az.KeyVault.psd1        |   2 +-
 .../KeyVault/Commands/GetAzureManagedHsm.cs   |  27 ++-
 .../KeyVault/Commands/NewAzureKeyVault.cs     |   4 +-
 .../KeyVault/Commands/NewAzureManagedHsm.cs   |  19 +-
 .../KeyVault/Commands/RemoveAzureKeyVault.cs  |   2 +-
 .../Commands/RemoveAzureManagedHsm.cs         |  53 ++---
 .../Commands/UndoAzureKeyVaultRemoval.cs      |   2 +-
 .../Commands/UpdateAzureManagedHsm.cs         |  85 +++++++
 src/KeyVault/KeyVault/KeyVault.format.ps1xml  |   4 +-
 src/KeyVault/KeyVault/Models/PSManagedHsm.cs  |   3 -
 ....cs => VaultCreationOrUpdateParameters.cs} |   2 +-
 .../KeyVault/Models/VaultManagementClient.cs  |  45 ++--
 .../KeyVault/Properties/Resources.Designer.cs |  16 +-
 .../KeyVault/Properties/Resources.resx        |  16 +-
 .../KeyVault/help/Get-AzManagedHsm.md         |  47 ++--
 .../KeyVault/help/New-AzManagedHsm.md         |  52 +++--
 .../KeyVault/help/Remove-AzManagedHsm.md      |  52 ++---
 .../KeyVault/help/Update-AzKeyVault.md        |   2 +-
 .../KeyVault/help/Update-AzManagedHsm.md      | 218 ++++++++++++++++++
 20 files changed, 466 insertions(+), 193 deletions(-)
 create mode 100644 src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
 rename src/KeyVault/KeyVault/Models/{VaultCreationParameters.cs => VaultCreationOrUpdateParameters.cs} (97%)
 create mode 100644 src/KeyVault/KeyVault/help/Update-AzManagedHsm.md

diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
index 79f9f457c393..1127f0f6f774 100644
--- a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
+++ b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
@@ -25,7 +25,7 @@ function Test-ManagedHsmCRUD {
     New-AzResourceGroup -Name $rgName -Location $rgLocation
 
     try {
-        # Test create a default managed hsm
+        # Test create a default managed HSM
         $hsm = New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator
         Assert-AreEqual $hsmName $hsm.Name
         Assert-AreEqual $rgName $hsm.ResourceGroupName
@@ -37,17 +37,17 @@ function Test-ManagedHsmCRUD {
         # Default retention days
         Assert-AreEqual 90 $hsm.SoftDeleteRetentionInDays "By default SoftDeleteRetentionInDays should be 90"
 
-        # Test get managed hsm
+        # Test get managed HSM
         $got = Get-AzManagedHsm -Name $hsmName    
         Assert-NotNull $got
         Assert-AreEqual $hsmName $got.Name
         Assert-AreEqual $rgName $got.ResourceGroupName
         Assert-AreEqual $hsmLocation $got.Location
         
-        # Test throws for existing managed hsm
+        # Test throws for existing managed HSM
         Assert-Throws { New-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $administrator }
 
-        # Test remove managed hsm
+        # Test remove managed HSM
         Remove-AzManagedHsm -InputObject $got -Force
         $deletedMhsm = Get-AzManagedHsm -Name $hsmName -ResourceGroupName $rgName
         Assert-Null $deletedMhsm
diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1
index 57fa2b795ae8..e3a3a5ef57c1 100644
--- a/src/KeyVault/KeyVault/Az.KeyVault.psd1
+++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1
@@ -90,7 +90,7 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate',
                'Set-AzKeyVaultCertificateIssuer', 
                'Set-AzKeyVaultCertificatePolicy', 
                'Get-AzManagedHsm', 'New-AzManagedHsm', 
-               'Remove-AzManagedHsm', 
+               'Remove-AzManagedHsm', 'Update-AzManagedHsm',
                'Get-AzKeyVault', 'New-AzKeyVault', 
                'Remove-AzKeyVault', 'Undo-AzKeyVaultRemoval', 
                'Remove-AzKeyVaultAccessPolicy', 'Set-AzKeyVaultAccessPolicy', 
diff --git a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
index 8dd1b745df99..522ecac856ad 100644
--- a/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/GetAzureManagedHsm.cs
@@ -1,8 +1,7 @@
-using System.Collections;
-using System.Collections.Generic;
-using System.Management.Automation;
-using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using System.Collections;
+using System.Management.Automation;
 
 namespace Microsoft.Azure.Commands.KeyVault.Commands
 {
@@ -13,17 +12,17 @@ public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
         #region Input Parameter Definitions
 
         /// <summary>
-        /// Hsm name
+        /// HSM name
         /// </summary>
         [Parameter(Mandatory = false,
             Position = 0,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Hsm name. Cmdlet constructs the FQDN of a hsm based on the name and currently selected environment.")]
+            HelpMessage = "HSM name. Cmdlet constructs the FQDN of a HSM based on the name and currently selected environment.")]
         [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "ResourceGroupName")]
-        [Alias(Constants.Name)]
+        [Alias("HsmName")]
         [ValidateNotNullOrEmpty]
         [SupportsWildcards]
-        public string HsmName { get; set; }
+        public string Name { get; set; }
 
         /// <summary>
         /// Resource group name
@@ -31,7 +30,7 @@ public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
         [Parameter(Mandatory = false,
             Position = 1,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Specifies the name of the resource group associated with the managed hsm being queried.")]
+            HelpMessage = "Specifies the name of the resource group associated with the managed HSM being queried.")]
         [ResourceGroupCompleter]
         [ValidateNotNullOrEmpty]
         [SupportsWildcards]
@@ -43,19 +42,19 @@ public class GetAzureManagedHsm : KeyVaultManagementCmdletBase
         [Parameter(
             Mandatory = false,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Specifies the key and optional value of the specified tag to filter the list of managed hsms by.")]
+            HelpMessage = "Specifies the key and optional value of the specified tag to filter the list of managed HSMs by.")]
         public Hashtable Tag { get; set; }
 
         #endregion
 
         public override void ExecuteCmdlet()
         {
-            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(HsmName, true) : ResourceGroupName;
+            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(Name, true) : ResourceGroupName;
 
-            if (ShouldGetByName(ResourceGroupName, HsmName))
+            if (ShouldGetByName(ResourceGroupName, Name))
             {
                 PSManagedHsm mhsm = KeyVaultManagementClient.GetManagedHsm(
-                                                HsmName,
+                                                Name,
                                                 ResourceGroupName,
                                                 ActiveDirectoryClient);
                 WriteObject(FilterByTag(mhsm, Tag));
@@ -64,7 +63,7 @@ public override void ExecuteCmdlet()
             {              
                 WriteObject(
                     TopLevelWildcardFilter(
-                        ResourceGroupName, HsmName,
+                        ResourceGroupName, Name,
                         FilterByTag(
                             KeyVaultManagementClient.ListManagedHsms(ResourceGroupName, ActiveDirectoryClient), Tag)),
                     true);
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
index 1d6462065a77..c63e765df4f7 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureKeyVault.cs
@@ -100,7 +100,7 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
         [Parameter(Mandatory = false,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).")]
-        [ValidateSet("Standard", "Premium")]
+        [PSArgumentCompleter("Standard", "Premium")]
         public string Sku { get; set; }
 
         [Parameter(Mandatory = false,
@@ -153,7 +153,7 @@ public override void ExecuteCmdlet()
                     };
                 }
 
-                var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationParameters()
+                var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationOrUpdateParameters()
                 {
                     Name = this.Name,
                     ResourceGroupName = this.ResourceGroupName,
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
index 7be304147f80..904cf5600079 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureManagedHsm.cs
@@ -1,8 +1,6 @@
 using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
-using Microsoft.Azure.Management.KeyVault.Models;
-using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using System;
 using System.Collections;
 using System.Management.Automation;
@@ -10,7 +8,7 @@
 namespace Microsoft.Azure.Commands.KeyVault.Commands
 {
     /// <summary>
-    /// Create a new managed hsm.
+    /// Create a new managed HSM.
     /// </summary>
     [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "ManagedHsm", SupportsShouldProcess = true)]
     [OutputType(typeof(PSManagedHsm))]
@@ -19,13 +17,13 @@ public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
         #region Input Parameter Definitions
 
         /// <summary>
-        /// Hsm name
+        /// HSM name
         /// </summary>
         [Parameter(Mandatory = true,
             Position = 0,
             ValueFromPipelineByPropertyName = true,
             HelpMessage =
-                "Specifies a name of the managed hsm to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique."
+                "Specifies a name of the managed HSM to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique."
             )]
         [ValidateNotNullOrEmpty]
         [Alias("HsmName")]
@@ -56,13 +54,13 @@ public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
         [Parameter(Mandatory = true,
             Position = 3,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Array of initial administrators object ids for this managed hsm pool.")]
+            HelpMessage = "Initial administrator object id for this managed HSM pool.")]
         public string[] Administrator { get; set; }
 
         [Parameter(Mandatory = false,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Specifies the SKU of the managed hsm instance.")]
-        [ValidateSet("StandardB1", "CustomB32")]
+            HelpMessage = "Specifies the SKU of the managed HSM instance.")]
+        [PSArgumentCompleter("StandardB1", "CustomB32")]
         public string Sku { get; set; }
 
         [Parameter(Mandatory = false,
@@ -71,6 +69,9 @@ public class NewAzureManagedHsm : KeyVaultManagementCmdletBase
         [Alias(Constants.TagsAlias)]
         public Hashtable Tag { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
+        public SwitchParameter AsJob { get; set; }
+
         #endregion
 
         public override void ExecuteCmdlet()
@@ -82,7 +83,7 @@ public override void ExecuteCmdlet()
                     throw new ArgumentException(Resources.HsmAlreadyExists);
                 }
 
-                var vaultCreationParameter = new VaultCreationParameters()
+                var vaultCreationParameter = new VaultCreationOrUpdateParameters()
                 {
                     Name = this.Name,
                     ResourceGroupName = this.ResourceGroupName,
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
index c0f8a744f636..d675318357bc 100644
--- a/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureKeyVault.cs
@@ -74,7 +74,7 @@ public class RemoveAzureKeyVault : KeyVaultManagementCmdletBase
         public PSKeyVault InputObject { get; set; }
 
         /// <summary>
-        /// Vault object
+        /// Vault Resource Id
         /// </summary>
         [Parameter(Mandatory = true,
             Position = 0,
diff --git a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
index e82a6651eb97..5c196e9cca0a 100644
--- a/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Commands/RemoveAzureManagedHsm.cs
@@ -24,67 +24,55 @@ public class RemoveAzureManagedHsm : KeyVaultManagementCmdletBase
         #region Input Parameter Definitions
 
         /// <summary>
-        /// Hsm name
+        /// HSM name
         /// </summary>
         [Parameter(Mandatory = true,
             Position = 0,
             ParameterSetName = RemoveManagedHsmByNameParameterSet,
-            HelpMessage = "Specifies the name of the managed hsm to remove.")]
+            HelpMessage = "Specifies the name of the managed HSM to remove.")]
         [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "ResourceGroupName")]
         [ValidateNotNullOrEmpty]
-        [Alias("Name")]
-        public string HsmName { get; set; }
+        [Alias("HsmName")]
+        public string Name { get; set; }
 
         /// <summary>
-        /// Hsm object
+        /// HSM object
         /// </summary>
         [Parameter(Mandatory = true,
             Position = 0,
             ParameterSetName = RemoveManagedHsmByInputObjectParameterSet,
             ValueFromPipeline = true,
-            HelpMessage = "Managed hsm object to be deleted.")]
+            HelpMessage = "Managed HSM object to be deleted.")]
         [ValidateNotNullOrEmpty]
         public PSManagedHsm InputObject { get; set; }
 
         /// <summary>
-        /// Vault object
+        /// HSM Resource Id
         /// </summary>
         [Parameter(Mandatory = true,
             Position = 0,
             ParameterSetName = RemoveManagedHsmByResourceIdParameterSet,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "ManagedHsm Resource Id.")]
+            HelpMessage = "Managed HSM Resource Id.")]
         [ValidateNotNullOrEmpty]
         public string ResourceId { get; set; }
 
         /// <summary>
-        /// Resource group to which the vault belongs.
+        /// Resource group to which the managed HSM belongs.
         /// </summary>
         [Parameter(Mandatory = false,
             Position = 1,
             ParameterSetName = RemoveManagedHsmByNameParameterSet,
-            HelpMessage = "Specifies the name of resource group for Azure managed hsm to remove.")]
+            HelpMessage = "Specifies the name of resource group for Azure managed HSM to remove.")]
         [ResourceGroupCompleter]
         [ValidateNotNullOrEmpty()]
         public string ResourceGroupName { get; set; }
 
-        [Parameter(Mandatory = false,
-            Position = 2,
-            ParameterSetName = RemoveManagedHsmByNameParameterSet,
-            HelpMessage = "The location of the managed hsm to be deleted.")]
-        [Parameter(Mandatory = false,
-            Position = 1,
-            ParameterSetName = RemoveManagedHsmByResourceIdParameterSet,
-            HelpMessage = "The location of the managed hsm to be deleted.")]
-        [LocationCompleter("Microsoft.KeyVault/managedHSMs")]
-        [ValidateNotNullOrEmpty()]
-        public string Location { get; set; }
-
         /// <summary>
         /// If present, do not ask for confirmation
         /// </summary>
         [Parameter(Mandatory = false,
-           HelpMessage = "Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the managed hsm.")]
+           HelpMessage = "Indicates that the cmdlet does not prompt you for confirmation. By default, this cmdlet prompts you to confirm that you want to delete the managed HSM.")]
         public SwitchParameter Force { get; set; }
 
         [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
@@ -100,37 +88,36 @@ public override void ExecuteCmdlet()
         {
             if (InputObject != null)
             {
-                HsmName = InputObject.Name;
+                Name = InputObject.Name;
                 ResourceGroupName = InputObject.ResourceGroupName;
-                Location = InputObject.Location;
             }
             else if (ResourceId != null)
             {
                 var resourceIdentifier = new ResourceIdentifier(ResourceId);
-                HsmName = resourceIdentifier.ResourceName;
+                Name = resourceIdentifier.ResourceName;
                 ResourceGroupName = resourceIdentifier.ResourceGroupName;
             }
 
-            // Get resource group name for ManagedHsm
-            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(HsmName, true) : ResourceGroupName;
+            // Get resource group name for Managed HSM
+            ResourceGroupName = string.IsNullOrWhiteSpace(ResourceGroupName) ? GetResourceGroupName(Name, true) : ResourceGroupName;
             if (string.IsNullOrWhiteSpace(ResourceGroupName))
-                throw new ArgumentException(string.Format(Resources.HsmNotFound, HsmName, ResourceGroupName));
+                throw new ArgumentException(string.Format(Resources.HsmNotFound, Name, ResourceGroupName));
 
             ConfirmAction(
                 Force.IsPresent,
                 string.Format(
                     CultureInfo.InvariantCulture,
                     Resources.RemoveHsmWarning,
-                    HsmName),
+                    Name),
                 string.Format(
                     CultureInfo.InvariantCulture,
                     Resources.RemoveHsmWhatIfMessage,
-                    HsmName),
-                HsmName,
+                    Name),
+                Name,
                 () =>
                 {
                     KeyVaultManagementClient.DeleteManagedHsm(
-                        managedHsm: HsmName,
+                        managedHsm: Name,
                         resourceGroupName: ResourceGroupName);
 
                     if (PassThru)
diff --git a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
index aac56181542e..81816b476b19 100644
--- a/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
+++ b/src/KeyVault/KeyVault/Commands/UndoAzureKeyVaultRemoval.cs
@@ -95,7 +95,7 @@ public override void ExecuteCmdlet()
 
             if (ShouldProcess(VaultName, Properties.Resources.RecoverVault))
             {
-                var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationParameters()
+                var newVault = KeyVaultManagementClient.CreateNewVault(new VaultCreationOrUpdateParameters()
                 {
                     Name = this.VaultName,
                     ResourceGroupName = this.ResourceGroupName,
diff --git a/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
new file mode 100644
index 000000000000..2651ca6e5bc1
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/UpdateAzureManagedHsm.cs
@@ -0,0 +1,85 @@
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+using System;
+using System.Collections;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands
+{
+    [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "ManagedHsm", DefaultParameterSetName = UpdateByNameParameterSet, SupportsShouldProcess = true), OutputType(typeof(PSManagedHsm))]
+    public class UpdateAzureManagedHsm : KeyVaultManagementCmdletBase
+    {
+        private const string UpdateByNameParameterSet = "UpdateByNameParameterSet";
+        private const string UpdateByInputObjectParameterSet = "UpdateByInputObjectParameterSet";
+        private const string UpdateByResourceIdParameterSet = "UpdateByResourceIdParameterSet";
+
+        [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the managed HSM.")]
+        [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", nameof(ResourceGroupName))]
+        [ValidateNotNullOrEmpty]
+        [Alias("HsmName")]
+        public string Name { get; set; }
+
+        [Parameter(Mandatory = true, ParameterSetName = UpdateByNameParameterSet, HelpMessage = "Name of the resource group.")]
+        [ResourceGroupCompleter]
+        [ValidateNotNullOrEmpty]
+        public string ResourceGroupName { get; set; }
+
+        [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = UpdateByInputObjectParameterSet, HelpMessage = "Managed HSM object.")]
+        [ValidateNotNull]
+        public PSManagedHsm InputObject { get; set; }
+
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = UpdateByResourceIdParameterSet, HelpMessage = "Resource ID of the managed HSM.")]
+        [ValidateNotNullOrEmpty]
+        public string ResourceId { get; set; }
+
+
+        [Parameter(Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "A hash table which represents resource tags.")]
+        [Alias(Constants.TagsAlias)]
+        public Hashtable Tag { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            if (this.IsParameterBound(c => c.InputObject))
+            {
+                this.ResourceGroupName = this.InputObject.ResourceGroupName;
+                this.Name = this.InputObject.Name;
+            }
+
+            if (this.IsParameterBound(c => c.ResourceId))
+            {
+                var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
+                this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
+                this.Name = resourceIdentifier.ResourceName;
+            }
+
+            PSManagedHsm existingResource = null;
+            try
+            {
+                existingResource = KeyVaultManagementClient.GetManagedHsm(this.Name, this.ResourceGroupName);
+            }
+            catch
+            {
+                existingResource = null;
+            }
+
+            if (existingResource == null)
+            {
+                throw new Exception(string.Format("A managed HSM with name '{0}' in resource group '{1}' does not exist. Please use New-AzManagedHsm to create a managed HSM with these properties.", this.Name, this.ResourceGroupName));
+            }
+
+            if (this.ShouldProcess(this.Name, string.Format("Updating managed HSM '{0}' in resource group '{1}'.", this.Name, this.ResourceGroupName)))
+            {
+                var result = KeyVaultManagementClient.UpdateManagedHsm(existingResource, 
+                    new VaultCreationOrUpdateParameters 
+                    { 
+                        Tags = Tag
+                    }, null);
+                WriteObject(result);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/KeyVault.format.ps1xml b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
index 6b58c3bc3390..3ffc2848e14f 100644
--- a/src/KeyVault/KeyVault/KeyVault.format.ps1xml
+++ b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
@@ -453,7 +453,7 @@
           <ListEntry>
             <ListItems>
               <ListItem>
-                <Label>Managed Hsm Name</Label>
+                <Label>Managed HSM Name</Label>
                 <PropertyName>Name</PropertyName>
               </ListItem>
               <ListItem>
@@ -469,7 +469,7 @@
                 <PropertyName>ResourceId</PropertyName>
               </ListItem>
               <ListItem>
-                <Label>Hsm Pool URI</Label>
+                <Label>HSM Pool URI</Label>
                 <PropertyName>HsmPoolUri</PropertyName>
               </ListItem>
               <ListItem>
diff --git a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
index e33f46dd1711..b8458f8ad8b5 100644
--- a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
@@ -4,13 +4,10 @@
 using Microsoft.Azure.ActiveDirectory.GraphClient;
 #endif
 using System;
-using System.Collections.Generic;
 using Microsoft.Azure.Management.KeyVault.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
 using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
 using System.Linq;
-using System.Management.Automation;
-using System.Runtime.CompilerServices;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
diff --git a/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs b/src/KeyVault/KeyVault/Models/VaultCreationOrUpdateParameters.cs
similarity index 97%
rename from src/KeyVault/KeyVault/Models/VaultCreationParameters.cs
rename to src/KeyVault/KeyVault/Models/VaultCreationOrUpdateParameters.cs
index acbf4de4d5c4..8a79bc93d5ac 100644
--- a/src/KeyVault/KeyVault/Models/VaultCreationParameters.cs
+++ b/src/KeyVault/KeyVault/Models/VaultCreationOrUpdateParameters.cs
@@ -18,7 +18,7 @@
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
-    public class VaultCreationParameters
+    public class VaultCreationOrUpdateParameters
     {
         public string Name { get; set; }
         public string ResourceGroupName { get; set; }
diff --git a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
index 00b1966e0526..57e152ca9444 100644
--- a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
+++ b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
@@ -30,7 +30,6 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Rest.Azure;
 using System.ComponentModel;
-using System.Collections;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
@@ -69,7 +68,7 @@ private IKeyVaultManagementClient KeyVaultManagementClient
         /// <param name="parameters">vault creation parameters</param>
         /// <param name="adClient">the active directory client</param>
         /// <returns></returns>
-        public PSKeyVault CreateNewVault(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null)
+        public PSKeyVault CreateNewVault(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null, PSKeyVaultNetworkRuleSet networkRuleSet = null)
         {
             if (parameters == null)
                 throw new ArgumentNullException("parameters");
@@ -357,7 +356,7 @@ public List<PSDeletedKeyVault> ListDeletedVaults()
         /// <param name="parameters">vault creation parameters</param>
         /// <param name="adClient">the active directory client</param>
         /// <returns></returns>
-        public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, ActiveDirectoryClient adClient = null)
+        public PSManagedHsm CreateNewManagedHsm(VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null)
         {
             if (parameters == null)
                 throw new ArgumentNullException("parameters");
@@ -419,7 +418,7 @@ public PSManagedHsm CreateNewManagedHsm(VaultCreationParameters parameters, Acti
         /// <summary>
         /// Get an existing Managed HSM. Returns null if vault is not found.
         /// </summary>
-        /// <param name="managedHsmName">managed hsm name</param>
+        /// <param name="managedHsmName">managed HSM name</param>
         /// <param name="resourceGroupName">resource group name</param>
         /// <param name="adClient">the active directory client</param>
         /// <returns>the retrieved Managed HSM</returns>
@@ -499,20 +498,13 @@ public List<PSManagedHsm> ListManagedHsms(string resourceGroupName, ActiveDirect
         }
 
         /// <summary>
-        /// Update an existing Managed HSM. Only EnablePurgeProtection can be updated currently.
+        /// Update an existing Managed HSM. Only Tags can be updated currently.
         /// </summary>
-        /// <param name="existingManagedHsm">the existing Managed HSM</param>
-        /// <param name="updatedPurgeProtectionSwitch">enable purge protection</param>
+        /// <param name="existingManagedHsm">existing Managed HSM</param>
+        /// <param name="parameters">HSM update parameters</param>
         /// <param name="adClient">the active directory client</param>
         /// <returns>the updated Managed HSM</returns>
-        public PSManagedHsm UpdateManagedHsm(
-          PSManagedHsm existingManagedHsm,
-//          PSKeyVaultAccessPolicy[] updatedPolicies,
-          bool? updatedSoftDeleteSwitch,
-          bool? updatedPurgeProtectionSwitch,
-          int? softDeleteRetentionInDays,
-//          PSKeyVaultNetworkRuleSet updatedNetworkAcls,
-          ActiveDirectoryClient adClient = null)
+        public PSManagedHsm UpdateManagedHsm(PSManagedHsm existingManagedHsm, VaultCreationOrUpdateParameters parameters, ActiveDirectoryClient adClient = null)
         {
             if (existingManagedHsm == null)
                 throw new ArgumentNullException("existingManagedHsm");
@@ -520,23 +512,12 @@ public PSManagedHsm UpdateManagedHsm(
                 throw new ArgumentNullException("existingManagedHsm.OriginalManagedHsm");
 
             //Update the vault properties in the object received from server
-            //Only access policies and EnabledForDeployment can be changed
             var properties = existingManagedHsm.OriginalManagedHsm.Properties;
-            properties.SoftDeleteRetentionInDays = softDeleteRetentionInDays;
 
-            // soft delete flags can only be applied if they enable their respective behaviors
-            // and if different from the current corresponding properties on the vault.
-            if (!(properties.EnableSoftDelete.HasValue && properties.EnableSoftDelete.Value)
-                && updatedSoftDeleteSwitch.HasValue
-                && updatedSoftDeleteSwitch.Value)
-                properties.EnableSoftDelete = updatedSoftDeleteSwitch;
+            // None property is allowed to be updated currently,
+            // Can be added here in the furture
 
-            if (!(properties.EnablePurgeProtection.HasValue && properties.EnablePurgeProtection.Value)
-                && updatedPurgeProtectionSwitch.HasValue
-                && updatedPurgeProtectionSwitch.Value)
-                properties.EnablePurgeProtection = updatedPurgeProtectionSwitch;
-
-            var response = KeyVaultManagementClient.ManagedHsms.CreateOrUpdate(
+            var response = KeyVaultManagementClient.ManagedHsms.Update(
                 resourceGroupName: existingManagedHsm.ResourceGroupName,
                 name: existingManagedHsm.Name,
                 parameters: new ManagedHsm
@@ -546,7 +527,7 @@ public PSManagedHsm UpdateManagedHsm(
                     {
                         Name = (ManagedHsmSkuName)Enum.Parse(typeof(ManagedHsmSkuName), existingManagedHsm.Sku)
                     },
-                    Tags = TagsConversionHelper.CreateTagDictionary(existingManagedHsm.Tags, validate: true),
+                    Tags = TagsConversionHelper.CreateTagDictionary(parameters.Tags, validate: true),
                     Properties = properties
                 });
 
@@ -556,12 +537,12 @@ public PSManagedHsm UpdateManagedHsm(
         /// <summary>
         /// Delete an existing Managed HSM. Throws if vault is not found.
         /// </summary>
-        /// <param name="vaultName"></param>
+        /// <param name="managedHsm"></param>
         /// <param name="resourceGroupName"></param>
         public void DeleteManagedHsm(string managedHsm, string resourceGroupName)
         {
             if (string.IsNullOrWhiteSpace(managedHsm))
-                throw new ArgumentNullException("vaultName");
+                throw new ArgumentNullException("managedHsm");
             if (string.IsNullOrWhiteSpace(resourceGroupName))
                 throw new ArgumentNullException("resourceGroupName");
 
diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
index 697a1fcdb753..2767fff28a1f 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
+++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
@@ -343,7 +343,7 @@ internal static string FileOverwriteMessage {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to The specified hsm already exists..
+        ///   Looks up a localized string similar to The specified HSM already exists..
         /// </summary>
         internal static string HsmAlreadyExists {
             get {
@@ -352,7 +352,7 @@ internal static string HsmAlreadyExists {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Cannot find hsm &apos;{0}&apos; in resource group &apos;{1}&apos;..
+        ///   Looks up a localized string similar to Cannot find HSM &apos;{0}&apos; in resource group &apos;{1}&apos;..
         /// </summary>
         internal static string HsmNotFound {
             get {
@@ -811,7 +811,7 @@ internal static string RemoveCertificateOperation {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Are you sure you want to remove certificate &apos;{0}&apos;..
+        ///   Looks up a localized string similar to Are you sure you want to remove certificate &apos;{0}&apos;?.
         /// </summary>
         internal static string RemoveCertWarning {
             get {
@@ -901,7 +901,7 @@ internal static string RemoveDeletedSecretWhatIfMessage {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Are you sure you want to remove hsm &apos;{0}&apos;..
+        ///   Looks up a localized string similar to Are you sure you want to remove HSM &apos;{0}&apos;?.
         /// </summary>
         internal static string RemoveHsmWarning {
             get {
@@ -910,7 +910,7 @@ internal static string RemoveHsmWarning {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Remove hsm.
+        ///   Looks up a localized string similar to Remove HSM.
         /// </summary>
         internal static string RemoveHsmWhatIfMessage {
             get {
@@ -919,7 +919,7 @@ internal static string RemoveHsmWhatIfMessage {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Are you sure you want to remove key &apos;{0}&apos;..
+        ///   Looks up a localized string similar to Are you sure you want to remove key &apos;{0}&apos;?.
         /// </summary>
         internal static string RemoveKeyWarning {
             get {
@@ -937,7 +937,7 @@ internal static string RemoveKeyWhatIfMessage {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Are you sure you want to remove managed storage account &apos;{0}&apos;.
+        ///   Looks up a localized string similar to Are you sure you want to remove managed storage account &apos;{0}&apos;?.
         /// </summary>
         internal static string RemoveManagedStorageAccountWarning {
             get {
@@ -982,7 +982,7 @@ internal static string RemoveNetworkRule {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Are you sure you want to remove secret &apos;{0}&apos;.
+        ///   Looks up a localized string similar to Are you sure you want to remove secret &apos;{0}&apos;?.
         /// </summary>
         internal static string RemoveSecretWarning {
             get {
diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx
index 48361a08fe13..11ce63688439 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.resx
+++ b/src/KeyVault/KeyVault/Properties/Resources.resx
@@ -232,25 +232,25 @@ You can find the object ID using Azure Active Directory Module for Windows Power
     <value>At least one permission should be selected for key access or secret access.</value>
   </data>
   <data name="RemoveCertWarning" xml:space="preserve">
-    <value>Are you sure you want to remove certificate '{0}'.</value>
+    <value>Are you sure you want to remove certificate '{0}'?</value>
   </data>
   <data name="RemoveCertWhatIfMessage" xml:space="preserve">
     <value>Remove certificate</value>
   </data>
   <data name="RemoveKeyWarning" xml:space="preserve">
-    <value>Are you sure you want to remove key '{0}'.</value>
+    <value>Are you sure you want to remove key '{0}'?</value>
   </data>
   <data name="RemoveKeyWhatIfMessage" xml:space="preserve">
     <value>Remove key</value>
   </data>
   <data name="RemoveSecretWarning" xml:space="preserve">
-    <value>Are you sure you want to remove secret '{0}'</value>
+    <value>Are you sure you want to remove secret '{0}'?</value>
   </data>
   <data name="RemoveSecretWhatIfMessage" xml:space="preserve">
     <value>Remove secret</value>
   </data>
   <data name="RemoveManagedStorageAccountWarning" xml:space="preserve">
-    <value>Are you sure you want to remove managed storage account '{0}'</value>
+    <value>Are you sure you want to remove managed storage account '{0}'?</value>
   </data>
   <data name="RemoveManagedStorageAccountWhatIfMessage" xml:space="preserve">
     <value>Remove managed storage account</value>
@@ -283,7 +283,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power
     <value>The specified vault already exists.</value>
   </data>
   <data name="HsmAlreadyExists" xml:space="preserve">
-    <value>The specified hsm already exists.</value>
+    <value>The specified HSM already exists.</value>
   </data>
   <data name="VaultNoAccessPolicyWarning" xml:space="preserve">
     <value>Access policy is not set. No user or application have access permission to use this vault. This can happen if the vault was created by a service principal. Please use Set-AzKeyVaultAccessPolicy to set access policies.</value>
@@ -502,12 +502,12 @@ You can find the object ID using Azure Active Directory Module for Windows Power
     <value>The "import" operation is exclusive, it cannot be combined with any other value(s).</value>
   </data>
   <data name="HsmNotFound" xml:space="preserve">
-    <value>Cannot find hsm '{0}' in resource group '{1}'.</value>
+    <value>Cannot find HSM '{0}' in resource group '{1}'.</value>
   </data>
   <data name="RemoveHsmWarning" xml:space="preserve">
-    <value>Are you sure you want to remove hsm '{0}'.</value>
+    <value>Are you sure you want to remove HSM '{0}'?</value>
   </data>
   <data name="RemoveHsmWhatIfMessage" xml:space="preserve">
-    <value>Remove hsm</value>
+    <value>Remove HSM</value>
   </data>
 </root>
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
index 217d783a7103..90fcd29b4360 100644
--- a/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
@@ -8,25 +8,25 @@ schema: 2.0.0
 # Get-AzManagedHsm
 
 ## SYNOPSIS
-Get managed hsms.
+Get managed HSMs.
+
 ## SYNTAX
 
 ```
-Get-AzManagedHsm [[-HsmName] <String>] [[-ResourceGroupName] <String>] [-Tag <Hashtable>]
+Get-AzManagedHsm [[-Name] <String>] [[-ResourceGroupName] <String>] [-Tag <Hashtable>]
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+The **Get-AzManagedHsm** cmdlet gets information about the managed HSMs in a subscription. You can
+view all managed HSMs instances in a subscription, or filter your results by a resource group or a
+particular managed HSM.
+Note that although specifying the resource group is optional for this cmdlet when you get a single
+managed HSM, you should do so for better performance.
 
 ## EXAMPLES
-The **Get-AzManagedHsm** cmdlet gets information about the managed hsms in a subscription. You can
-view all managed hsms instances in a subscription, or filter your results by a resource group or a
-particular managed hsm.
-Note that although specifying the resource group is optional for this cmdlet when you get a single
-managed hsm, you should do so for better performance.
 
-### Example 1: Get all managed hsms in your current subscription
+### Example 1: Get all managed HSMs in your current subscription
 ```powershell
 PS C:\> Get-AzManagedHsm
 
@@ -35,9 +35,9 @@ Name  Resource Group Name Location    SKU
 myhsm myrg1               eastus2euap StandardB1
 ```
 
-This command gets all managed hsms in your current subscription.
+This command gets all managed HSMs in your current subscription.
 
-### Example 2: Get a specific managed hsm
+### Example 2: Get a specific managed HSM
 ```powershell
 PS C:\> Get-AzManagedHsm -Name 'myhsm'
 
@@ -46,9 +46,9 @@ Name  Resource Group Name Location    SKU
 myhsm myrg1               eastus2euap StandardB1
 ```
 
-This command gets the managed hsm named myhsm in your current subscription.
+This command gets the managed HSM named myhsm in your current subscription.
 
-### Example 3: Get managed hsms in a resource group
+### Example 3: Get managed HSMs in a resource group
 ```powershell
 PS C:\> Get-AzManagedHsm -ResourceGroupName 'myrg1'
 
@@ -57,9 +57,9 @@ Name  Resource Group Name Location    SKU
 myhsm myrg1               eastus2euap StandardB1
 ```
 
-This command gets all managed hsms in the resource group named myrg1.
+This command gets all managed HSMs in the resource group named myrg1.
 
-### Example 4: Get managed hsms using filtering
+### Example 4: Get managed HSMs using filtering
 ```powershell
 PS C:\> Get-AzManagedHsm -Name 'myhsm*'
 
@@ -68,7 +68,7 @@ Name  Resource Group Name Location    SKU
 myhsm myrg1               eastus2euap StandardB1
 ```
 
-This command gets all managed hsms in the subscription that start with "myhsm".
+This command gets all managed HSMs in the subscription that start with "myhsm".
 
 ## PARAMETERS
 
@@ -87,14 +87,13 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -HsmName
-Hsm name.
-Cmdlet constructs the FQDN of a hsm based on the name and currently selected environment.
+### -Name
+HSM name. Cmdlet constructs the FQDN of a HSM based on the name and currently selected environment.
 
 ```yaml
 Type: System.String
 Parameter Sets: (All)
-Aliases: Name
+Aliases: HsmName
 
 Required: False
 Position: 0
@@ -104,7 +103,7 @@ Accept wildcard characters: False
 ```
 
 ### -ResourceGroupName
-Specifies the name of the resource group associated with the managed hsm being queried.
+Specifies the name of the resource group associated with the managed HSM being queried.
 
 ```yaml
 Type: System.String
@@ -119,7 +118,7 @@ Accept wildcard characters: False
 ```
 
 ### -Tag
-Specifies the key and optional value of the specified tag to filter the list of managed hsms by.
+Specifies the key and optional value of the specified tag to filter the list of managed HSMs by.
 
 ```yaml
 Type: System.Collections.Hashtable
@@ -154,4 +153,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 [New-AzManagedHsm](./New-AzManagedHsm.md)
 
-[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
\ No newline at end of file
+[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
+
+[Update-AzManagedHsm](./Update-AzManagedHsm.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/New-AzManagedHsm.md b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
index 30b5736ed1bf..144789efd3e1 100644
--- a/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
@@ -8,24 +8,24 @@ schema: 2.0.0
 # New-AzManagedHsm
 
 ## SYNOPSIS
-Creates a managed hsm.
+Creates a managed HSM.
 
 ## SYNTAX
 
 ```
 New-AzManagedHsm [-Name] <String> [-ResourceGroupName] <String> [-Location] <String>
- [-Administrator] <String[]> [-Sku <String>] [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>]
- [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-Administrator] <String[]> [-Sku <String>] [-Tag <Hashtable>] [-AsJob]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-The **New-AzManagedHsm** cmdlet creates a managed hsm in the specified resource group. To add, 
-remove, or list keys in the managed hsm, user should grant permissions by adding uid to 
+The **New-AzManagedHsm** cmdlet creates a managed HSM in the specified resource group. To add, 
+remove, or list keys in the managed HSM, user should grant permissions by adding user ID to 
 Administrator.
 
 ## EXAMPLES
 
-### Example 1: Create a StandardB1 managed hsm
+### Example 1: Create a StandardB1 managed HSM
 ```powershell
 PS C:\> New-AzManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
 
@@ -34,26 +34,28 @@ Name  Resource Group Name Location    SKU
 myhsm myrg1               eastus2euap StandardB1
 ```
 
-This command creates a managed hsm named myhsm in the location eastus2euap. The command
-adds the managed hsm to the resource group named myrg1. Because the command does not specify a
-value for the *SKU* parameter, it creates a Standard_B1 managed hsm.
+This command creates a managed HSM named myhsm in the location eastus2euap. The command
+adds the managed HSM to the resource group named myrg1. Because the command does not specify a
+value for the *SKU* parameter, it creates a Standard_B1 managed HSM.
 
-### Example 2: Create a CustomB32 managed hsm
+### Example 2: Create a CustomB32 managed HSM
 ```powershell
 PS C:\>New-AzManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Sku 'CustomB32'
 Name  Resource Group Name Location    SKU
 
 ----  ------------------- --------    ---
 myhsm myrg1               eastus2euap CustomB32
-```                      
+```
+
+                      
 
-This command creates a managed hsm, just like the previous example. However, it specifies a value of
-CustomB32 for the *SKU* parameter to create a CustomB32 managed hsm.
+This command creates a managed HSM, just like the previous example. However, it specifies a value of
+CustomB32 for the *SKU* parameter to create a CustomB32 managed HSM.
 
 ## PARAMETERS
 
 ### -Administrator
-Array of initial administrators object ids for this managed hsm pool.
+Initial administrator object id for this managed HSM pool.
 
 ```yaml
 Type: System.String[]
@@ -67,6 +69,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -AsJob
+Run cmdlet in the background
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -DefaultProfile
 The credentials, account, tenant, and subscription used for communication with Azure.
 
@@ -99,7 +116,7 @@ Accept wildcard characters: False
 ```
 
 ### -Name
-Specifies a name of the managed hsm to create.
+Specifies a name of the managed HSM to create.
 The name can be any combination of letters, digits, or hyphens.
 The name must start and end with a letter or digit.
 The name must be universally unique.
@@ -132,13 +149,12 @@ Accept wildcard characters: False
 ```
 
 ### -Sku
-Specifies the SKU of the managed hsm instance.
+Specifies the SKU of the managed HSM instance.
 
 ```yaml
 Type: System.String
 Parameter Sets: (All)
 Aliases:
-Accepted values: StandardB1, CustomB32
 
 Required: False
 Position: Named
@@ -215,3 +231,5 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 [Get-AzManagedHsm](./Get-AzManagedHsm.md)
 
 [Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
+
+[Update-AzManagedHsm](./Update-AzManagedHsm.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
index 47ac90ea3818..1000c4de8aa1 100644
--- a/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
@@ -8,14 +8,14 @@ schema: 2.0.0
 # Remove-AzManagedHsm
 
 ## SYNOPSIS
-Deletes a managed hsm.
+Deletes a managed HSM.
 
 ## SYNTAX
 
 ### RemoveManagedHsmByName (Default)
 ```
-Remove-AzManagedHsm [-HsmName] <String> [[-ResourceGroupName] <String>] [[-Location] <String>] [-Force]
- [-AsJob] [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+Remove-AzManagedHsm [-Name] <String> [[-ResourceGroupName] <String>] [-Force] [-AsJob] [-PassThru]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### RemoveManagedHsmByInputObject
@@ -26,19 +26,18 @@ Remove-AzManagedHsm [-InputObject] <PSManagedHsm> [-Force] [-AsJob] [-PassThru]
 
 ### RemoveManagedHsmByResourceId
 ```
-Remove-AzManagedHsm [-ResourceId] <String> [[-Location] <String>] [-Force] [-AsJob] [-PassThru]
+Remove-AzManagedHsm [-ResourceId] <String> [-Force] [-AsJob] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-The **Remove-AzManagedHsm** cmdlet deletes the specified managed hsm.
+The **Remove-AzManagedHsm** cmdlet deletes the specified managed HSM.
 It also deletes all keys contained in that instance.
 Note that although specifying the resource group is optional for this cmdlet, you should so for better performance.
 
-
 ## EXAMPLES
 
-### Example 1: Remove a managed hsm
+### Example 1: Remove a managed HSM
 ```powershell
 PS C:\> Remove-AzManagedHsm -HsmName 'myhsm' -Force
 
@@ -55,7 +54,7 @@ True
 ```
 
 This command removes the managed hsm named myhsm from the resource group named myrg1.
-If you do not specify the resource group name, the cmdlet searches for the named managed hsm to delete in your current subscription.
+If you do not specify the resource group name, the cmdlet searches for the named managed HSM to delete in your current subscription.
 
 ## PARAMETERS
 
@@ -91,7 +90,7 @@ Accept wildcard characters: False
 
 ### -Force
 Indicates that the cmdlet does not prompt you for confirmation.
-By default, this cmdlet prompts you to confirm that you want to delete the managed hsm.
+By default, this cmdlet prompts you to confirm that you want to delete the managed HSM.
 
 ```yaml
 Type: System.Management.Automation.SwitchParameter
@@ -105,23 +104,8 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -HsmName
-Specifies the name of the managed hsm to remove.
-
-```yaml
-Type: System.String
-Parameter Sets: RemoveManagedHsmByName
-Aliases: Name
-
-Required: True
-Position: 0
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -InputObject
-Managed hsm object to be deleted.
+Managed HSM object to be deleted.
 
 ```yaml
 Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
@@ -135,16 +119,16 @@ Accept pipeline input: True (ByValue)
 Accept wildcard characters: False
 ```
 
-### -Location
-The location of the managed hsm to be deleted.
+### -Name
+Specifies the name of the managed HSM to remove.
 
 ```yaml
 Type: System.String
-Parameter Sets: RemoveManagedHsmByName, RemoveManagedHsmByResourceId
-Aliases:
+Parameter Sets: RemoveManagedHsmByName
+Aliases: HsmName
 
-Required: False
-Position: 2
+Required: True
+Position: 0
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
@@ -167,7 +151,7 @@ Accept wildcard characters: False
 ```
 
 ### -ResourceGroupName
-Specifies the name of resource group for Azure managed hsm to remove.
+Specifies the name of resource group for Azure managed HSM to remove.
 
 ```yaml
 Type: System.String
@@ -246,4 +230,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 [Get-AzManagedHsm](./Get-AzManagedHsm.md)
 
-[New-AzManagedHsm](./New-AzManagedHsm.md)
\ No newline at end of file
+[New-AzManagedHsm](./New-AzManagedHsm.md)
+
+[Update-AzManagedHsm](./Update-AzManagedHsm.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Update-AzKeyVault.md b/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
index 903820f6f2fc..b8f0c278823a 100644
--- a/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/Update-AzKeyVault.md
@@ -46,7 +46,7 @@ PS C:\> Update-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceG
 
 Enables soft delete on the key vault named `$keyVaultName` in resource group `$resourceGroupName`.
 
-### Example 1
+### Example 2
 ```powershell
 PS C:\> Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName | Update-AzKeyVault -EnablePurgeProtection
 ```
diff --git a/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md
new file mode 100644
index 000000000000..85bae0d71001
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md
@@ -0,0 +1,218 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version:
+schema: 2.0.0
+---
+
+# Update-AzManagedHsm
+
+## SYNOPSIS
+Update the state of an Azure managed HSM.
+
+## SYNTAX
+
+### UpdateByNameParameterSet (Default)
+```
+Update-AzManagedHsm -Name <String> -ResourceGroupName <String> [-Tag <Hashtable>]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+### UpdateByInputObjectParameterSet
+```
+Update-AzManagedHsm -InputObject <PSManagedHsm> [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>]
+ [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+### UpdateByResourceIdParameterSet
+```
+Update-AzManagedHsm -ResourceId <String> [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>]
+ [-WhatIf] [-Confirm] [<CommonParameters>]
+```
+
+## DESCRIPTION
+This cmdlet updates the state of an Azure managed HSM.
+
+## EXAMPLES
+
+### Example 1: Update a managed Hsm directly
+```powershell
+PS C:\> Update-AzManagedHsm -Name $hsmName -ResourceGroupName $resourceGroupName -Tag @{testKey="testValue"} | fl
+
+Managed HSM Name                    : testmhsm
+Resource Group Name                 : testmhsm
+Location                            : eastus2euap
+Resource ID                         : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testmhsm/provid
+                                      ers/Microsoft.KeyVault/managedHSMs/testmhsm
+HSM Pool URI                        :
+Tenant ID                           : xxxxxx-xxxx-xxxx-xxxxxxxxxxxx
+Initial Admin Object Ids            : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx​​​​​
+SKU                                 : StandardB1
+Soft Delete Enabled?                : True
+Enabled Purge Protection?           : False
+Soft Delete Retention Period (days) : 90
+Provisioning State                  : Provisioning
+Status Message                      : Resource creation in progress. Starting service...
+Tags                                :
+                                      Name        Value
+                                      ====        =====
+                                      testKey     testValued
+
+```
+
+Updates tags for the managed Hsm named `$hsmName` in resource group `$resourceGroupName`.
+
+### Example 2: Update a managed Hsm using piping
+```powershell
+PS C:\> Get-AzManagedHsm -Name $hsmName -ResourceGroupName $resourceGroupName | Update-AzManagedHsm -Tag @{testKey="testValue"}
+```
+
+Updates tags for the managed Hsm using piping syntax.
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -InputObject
+Managed HSM object.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: UpdateByInputObjectParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Name
+Name of the managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateByNameParameterSet
+Aliases: HsmName
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceGroupName
+Name of the resource group.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateByNameParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ResourceId
+Resource ID of the managed HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateByResourceIdParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Tag
+A hash table which represents resource tags.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: (All)
+Aliases: Tags
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+### System.String
+
+### System.Collections.Hashtable
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+## NOTES
+
+## RELATED LINKS
+
+[New-AzManagedHsm](./New-AzManagedHsm.md)
+
+[Remove-AzManagedHsm](./Remove-AzManagedHsm.md)
+
+[Get-AzManagedHsm](./Get-AzManagedHsm.md)
\ No newline at end of file

From 6268fa38fa1644e2d49df1913beb134e598ab240 Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Tue, 13 Oct 2020 17:13:38 +0800
Subject: [PATCH 6/8] add online version for new help.md

---
 src/KeyVault/KeyVault/help/Get-AzManagedHsm.md    | 2 +-
 src/KeyVault/KeyVault/help/New-AzManagedHsm.md    | 2 +-
 src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md | 2 +-
 src/KeyVault/KeyVault/help/Update-AzManagedHsm.md | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
index 90fcd29b4360..d840141f42ae 100644
--- a/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/Get-AzManagedHsm.md
@@ -1,7 +1,7 @@
 ---
 external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
 Module Name: Az.KeyVault
-online version:
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/get-azmanagedhsm
 schema: 2.0.0
 ---
 
diff --git a/src/KeyVault/KeyVault/help/New-AzManagedHsm.md b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
index 144789efd3e1..cd87caf5e7cd 100644
--- a/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/New-AzManagedHsm.md
@@ -1,7 +1,7 @@
 ---
 external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
 Module Name: Az.KeyVault
-online version:
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/new-azmanagedhsm
 schema: 2.0.0
 ---
 
diff --git a/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
index 1000c4de8aa1..7d0d75b6614a 100644
--- a/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/Remove-AzManagedHsm.md
@@ -1,7 +1,7 @@
 ---
 external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
 Module Name: Az.KeyVault
-online version:
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/remove-azmanagedhsm
 schema: 2.0.0
 ---
 
diff --git a/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md
index 85bae0d71001..a203836b1d8a 100644
--- a/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/Update-AzManagedHsm.md
@@ -1,7 +1,7 @@
 ---
 external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
 Module Name: Az.KeyVault
-online version:
+online version: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/update-azmanagedhsm
 schema: 2.0.0
 ---
 

From 67529a7ff21247ae8878f83779947a3b1355d0e6 Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Tue, 13 Oct 2020 17:42:17 +0800
Subject: [PATCH 7/8] Convert mhsm test to liveonly

---
 .../KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
index df879c904be6..41e1939c3dd3 100644
--- a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
+++ b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
@@ -13,7 +13,7 @@ public ManagedHsmManagementTests(Xunit.Abstractions.ITestOutputHelper output) :
         }
 
         [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(Category.AcceptanceType, Category.LiveOnly)]
         public void TestManagedHsmCRUD()
         {
             TestRunner.RunTestScript("Test-ManagedHsmCRUD");

From bdf80d7d9f76ca33cbe6eca76f934c0706fda94a Mon Sep 17 00:00:00 2001
From: Beisi Zhou <zazbs@qq.com>
Date: Tue, 13 Oct 2020 21:59:09 +0800
Subject: [PATCH 8/8] add test record

---
 .../ManagedHsmManagementTests.cs              |  2 +-
 .../ManagedHsmManagementTests.ps1             |  4 +-
 src/KeyVault/KeyVault/Models/PSManagedHsm.cs  |  2 +-
 .../KeyVault/Models/VaultManagementClient.cs  | 55 ++++++++++---------
 4 files changed, 34 insertions(+), 29 deletions(-)

diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
index 41e1939c3dd3..df879c904be6 100644
--- a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
+++ b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.cs
@@ -13,7 +13,7 @@ public ManagedHsmManagementTests(Xunit.Abstractions.ITestOutputHelper output) :
         }
 
         [Fact]
-        [Trait(Category.AcceptanceType, Category.LiveOnly)]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestManagedHsmCRUD()
         {
             TestRunner.RunTestScript("Test-ManagedHsmCRUD");
diff --git a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1 b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
index 1127f0f6f774..2c10a18ddceb 100644
--- a/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
+++ b/src/KeyVault/KeyVault.Test/ScenarioTests/ManagedHsmManagementTests.ps1
@@ -18,9 +18,9 @@ Tests CRUD for Managed Hsm.
 #>
 function Test-ManagedHsmCRUD {
     $rgName = getAssetName
-    $rgLocation = Get-Location "Microsoft.Resources" "resourceGroups" "eastus2euap"
+    $rgLocation = Get-Location "Microsoft.Resources" "resourceGroups" "West US"
     $hsmName = getAssetName
-    $hsmLocation = Get-Location "Microsoft.KeyVault" "managedHSMs" "eastus2euap"
+    $hsmLocation = Get-Location "Microsoft.KeyVault" "managedHSMs" "East US 2"
     $administrator = "c1be1392-39b8-4521-aafc-819a47008545"
     New-AzResourceGroup -Name $rgName -Location $rgLocation
 
diff --git a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
index b8458f8ad8b5..1d2906c361cf 100644
--- a/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
+++ b/src/KeyVault/KeyVault/Models/PSManagedHsm.cs
@@ -17,7 +17,7 @@ public PSManagedHsm()
         {
         }
 
-        public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient = null)
+        public PSManagedHsm(ManagedHsm managedHsm, ActiveDirectoryClient adClient)
         {
             // PSKeyVaultIdentityItem's properties
             ResourceId = managedHsm.Id;
diff --git a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
index 57e152ca9444..b22510e8c1d8 100644
--- a/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
+++ b/src/KeyVault/KeyVault/Models/VaultManagementClient.cs
@@ -452,45 +452,50 @@ public PSManagedHsm GetManagedHsm(string managedHsmName, string resourceGroupNam
         /// <param name="adClient">the active directory client</param>
         /// <returns>the retrieved Managed HSM</returns>
         public List<PSManagedHsm> ListManagedHsms(string resourceGroupName, ActiveDirectoryClient adClient = null)
+        {
+            return resourceGroupName == null ? ListManagedHsmsBySubscription(adClient) :
+                ListManagedHsmsByResourceGroup(resourceGroupName, adClient);
+        }
+
+        private List<PSManagedHsm> ListManagedHsmsByResourceGroup(string resourceGroupName, ActiveDirectoryClient adClient = null) 
         {
             List<PSManagedHsm> managedHsms = new List<PSManagedHsm>(); ;
-            IPage<ManagedHsm> response;
+            IPage<ManagedHsm> response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupAsync(resourceGroupName).GetAwaiter().GetResult();
+            foreach (var managedHsm in response)
+            {
+                managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
+            }
 
-            if (resourceGroupName != null) 
+            while (response?.NextPageLink != null)
             {
-                response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupAsync(resourceGroupName).GetAwaiter().GetResult();
+                response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupNextAsync(response.NextPageLink).GetAwaiter().GetResult();
+
                 foreach (var managedHsm in response)
                 {
-                    managedHsms.Add(new PSManagedHsm(managedHsm));
+                    managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
                 }
+            }
 
-                while (response?.NextPageLink != null)
-                {
-                    response = KeyVaultManagementClient.ManagedHsms.ListByResourceGroupNextAsync(response.NextPageLink).GetAwaiter().GetResult();
+            return managedHsms;
+        }
 
-                    foreach (var managedHsm in response)
-                    {
-                        managedHsms.Add(new PSManagedHsm(managedHsm));
-                    }
-                }
+        private List<PSManagedHsm> ListManagedHsmsBySubscription(ActiveDirectoryClient adClient = null)
+        {
+            List<PSManagedHsm> managedHsms = new List<PSManagedHsm>(); ;
+            IPage<ManagedHsm> response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionAsync().GetAwaiter().GetResult();
+
+            foreach (var managedHsm in response)
+            {
+                managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
             }
-            else
+
+            while (response?.NextPageLink != null)
             {
-                response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionAsync().GetAwaiter().GetResult();
+                response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionNextAsync(response.NextPageLink).GetAwaiter().GetResult();
 
                 foreach (var managedHsm in response)
                 {
-                    managedHsms.Add(new PSManagedHsm(managedHsm));
-                }
-
-                while (response?.NextPageLink != null)
-                {
-                    response = KeyVaultManagementClient.ManagedHsms.ListBySubscriptionNextAsync(response.NextPageLink).GetAwaiter().GetResult();
-
-                    foreach (var managedHsm in response)
-                    {
-                        managedHsms.Add(new PSManagedHsm(managedHsm));
-                    }
+                    managedHsms.Add(new PSManagedHsm(managedHsm, adClient));
                 }
             }