#Connect-AzAccount

# Set alias for az exe
Set-Alias -Name az -Value "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd"


Write-Host "======================================================================================================================================================================"
Write-Host "Updating key vault resource settings."
Write-Host "======================================================================================================================================================================"

$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled" | Where Name -NotLike "Visual Studio*"  | Where Name -NotLike "*test*"

foreach ($subscription in $subscriptions) 
{
    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"

    Set-AzContext -SubscriptionId $subscription.Id
    az account set --subscription $subscription.Id

    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"

    $allResourceGroups = Get-AzResourceGroup

    foreach ($group in $allResourceGroups) {

        $allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
        
        foreach ($vault in $allVaults) {
            Write-Host "Checking vault $($vault.VaultName)..."

            $vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName

            if ($vaultWithAllProps.EnableSoftDelete -ne "TRUE") {
                Write-Host "Enable Soft Delete $($vault.VaultName)"
                az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --set properties.enableSoftDelete=true | out-null
            }
            if ($vaultWithAllProps.EnablePurgeProtection -ne "TRUE") {
                Write-Host "Enable purge protection $($vault.VaultName)"
                az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --enable-purge-protection | out-null
            }
        }
    }
}

Write-Host "======================================================================================================================================================================"
Write-Host "Done."