New key vault and web app settings

2026-02-27 18:52:18 +01:00 · 2024-03-12 17:32:15 +01:00
parent ceeee5a420
commit c1f54bf0f8
9 changed files with 305 additions and 30 deletions
--- a/Powershell/Tools/KeyVault
+++ b/Powershell/Tools/KeyVault
@@ -0,0 +1,48 @@
+#Connect-AzAccount
+
+# Set alias for az exe
+Set-Alias -Name az -Value "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd"
+
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Updating key vault resource settings."
+Write-Host "======================================================================================================================================================================"
+
+$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled" | Where Name -NotLike "Visual Studio*"  | Where Name -NotLike "*test*"
+
+foreach ($subscription in $subscriptions) 
+{
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    Set-AzContext -SubscriptionId $subscription.Id
+    az account set --subscription $subscription.Id
+
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    $allResourceGroups = Get-AzResourceGroup
+
+    foreach ($group in $allResourceGroups) {
+
+        $allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
+        
+        foreach ($vault in $allVaults) {
+            Write-Host "Checking vault $($vault.VaultName)..."
+
+            $vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName
+
+            if ($vaultWithAllProps.EnableSoftDelete -ne "TRUE") {
+                Write-Host "Enable Soft Delete $($vault.VaultName)"
+                az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --set properties.enableSoftDelete=true | out-null
+            }
+            if ($vaultWithAllProps.EnablePurgeProtection -ne "TRUE") {
+                Write-Host "Enable purge protection $($vault.VaultName)"
+                az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --enable-purge-protection | out-null
+            }
+        }
+    }
+}
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Done."
+
+