mirror of
https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering
synced 2026-02-27 18:52:18 +01:00
49 lines
2.4 KiB
PowerShell
49 lines
2.4 KiB
PowerShell
#Connect-AzAccount
|
|
|
|
# Set alias for az exe
|
|
Set-Alias -Name az -Value "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd"
|
|
|
|
|
|
Write-Host "======================================================================================================================================================================"
|
|
Write-Host "Updating key vault resource settings."
|
|
Write-Host "======================================================================================================================================================================"
|
|
|
|
$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled" | Where Name -NotLike "Visual Studio*" | Where Name -NotLike "*test*"
|
|
|
|
foreach ($subscription in $subscriptions)
|
|
{
|
|
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
|
|
|
|
Set-AzContext -SubscriptionId $subscription.Id
|
|
az account set --subscription $subscription.Id
|
|
|
|
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
|
|
|
|
$allResourceGroups = Get-AzResourceGroup
|
|
|
|
foreach ($group in $allResourceGroups) {
|
|
|
|
$allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
|
|
|
|
foreach ($vault in $allVaults) {
|
|
Write-Host "Checking vault $($vault.VaultName)..."
|
|
|
|
$vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName
|
|
|
|
if ($vaultWithAllProps.EnableSoftDelete -ne "TRUE") {
|
|
Write-Host "Enable Soft Delete $($vault.VaultName)"
|
|
az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --set properties.enableSoftDelete=true | out-null
|
|
}
|
|
if ($vaultWithAllProps.EnablePurgeProtection -ne "TRUE") {
|
|
Write-Host "Enable purge protection $($vault.VaultName)"
|
|
az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --enable-purge-protection | out-null
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
Write-Host "======================================================================================================================================================================"
|
|
Write-Host "Done."
|
|
|
|
|