Set-AzStorageAccount - Auto update on storage account for Key Vault is not working

[marcosrivera-ms]

Description

Using Set-AzStorageAccount to change storage account to auto update enabled is not working when URI key is set. This does not even produce an error and shows succeeded output when running the script provided in below URL. https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell#configure-encryption-for-automatic-updating-of-key-versions

This works when the Storage Account Encryption is set to Microsoft-managed keys but not when Customer-managed keys is set use key URI

Steps to reproduce

$RGName = <resource_group>
$kvName = <keyvault_name>
$storageAccount = Get-AzStorageAccount -ResourceGroupName $RGName -Name <storage_account>
$keyVault = Get-AzKeyVault -VaultName $kvName
$key = Get-AzKeyVaultKey -VaultName $keyVault.VaultName -Name <key_name>
Set-AzStorageAccount -ResourceGroupName $storageAccount.ResourceGroupName -AccountName $storageAccount.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVaultUri $keyVault.VaultUri

Environment data

Name                           Value
----                           -----
PSVersion                      7.1.3
PSEdition                      Core
GitCommitId                    7.1.3
OS                             Linux 4.15.0-1112-azure #124~16.04.1-Ubuntu SMP Sat Mar 27 00:08:18 UTC 2021
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

    Directory: /usr/local/share/powershell/Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Script     5.8.0                 Az                                  Core,Desk
Script     2.2.8                 Az.Accounts                         Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollection, Enable-AzContextAutosave…}
Script     1.1.1                 Az.Advisor                          Core,Desk {Get-AzAdvisorRecommendation, Enable-AzAdvisorRecommendation, Disable-AzAdvisorRecommendation, Get-AzAdvisorConfiguration…}
Script     2.0.2                 Az.Aks                              Core,Desk {Get-AzAksCluster, New-AzAksCluster, Remove-AzAksCluster, Import-AzAksCredential…}
Script     1.1.4                 Az.AnalysisServices                 Core,Desk {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServicesServer, Get-AzAnalysisServicesServer, Remove-AzAnalysisServicesServer…}
Script     2.2.0                 Az.ApiManagement                    Core,Desk {Add-AzApiManagementApiToGateway, Add-AzApiManagementApiToProduct, Add-AzApiManagementProductToGroup, Add-AzApiManagementRegion…}
Script     1.0.0                 Az.AppConfiguration                 Core,Desk {Get-AzAppConfigurationStore, Get-AzAppConfigurationStoreKey, New-AzAppConfigurationStore, New-AzAppConfigurationStoreKey…}
Script     1.1.0                 Az.ApplicationInsights              Core,Desk {Get-AzApplicationInsights, New-AzApplicationInsights, Remove-AzApplicationInsights, Update-AzApplicationInsights…}
Script     1.6.0                 Az.Automation                       Core,Desk {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHybridWorkerGroup, Get-AzAutomationJobOutputRecord, Import-AzAutomationDscNodeConfiguration…}
Script     3.1.0                 Az.Batch                            Core,Desk {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAccountKey, New-AzBatchAccount…}
Script     2.0.0                 Az.Billing                          Core,Desk {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollmentAccount, Get-AzConsumptionBudget…}
Script     1.6.0                 Az.Cdn                              Core,Desk {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfile, Remove-AzCdnProfile…}
Script     1.8.0                 Az.CognitiveServices                Core,Desk {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAccountKey, Get-AzCognitiveServicesAccountSku, Get-AzCognitiveServicesAccountType…}
Script     4.11.0                Az.Compute                          Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAvailabilitySet, Update-AzAvailabilitySet…}
Script     1.0.3                 Az.ContainerInstance                Core,Desk {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzContainerGroup, Get-AzContainerInstanceLog}
Script     2.2.2                 Az.ContainerRegistry                Core,Desk {New-AzContainerRegistry, Get-AzContainerRegistry, Update-AzContainerRegistry, Remove-AzContainerRegistry…}
Script     1.1.0                 Az.CosmosDB                         Core,Desk {Get-AzCosmosDBSqlContainer, Get-AzCosmosDBSqlContainerThroughput, Get-AzCosmosDBSqlDatabase, Get-AzCosmosDBSqlDatabaseThroughput…}
Script     1.1.0                 Az.DataBoxEdge                      Core,Desk {Get-AzDataBoxEdgeJob, Get-AzDataBoxEdgeDevice, Invoke-AzDataBoxEdgeDevice, New-AzDataBoxEdgeDevice…}
Script     1.1.0                 Az.Databricks                       Core,Desk {Get-AzDatabricksVNetPeering, Get-AzDatabricksWorkspace, New-AzDatabricksVNetPeering, New-AzDatabricksWorkspace…}
Script     1.11.5                Az.DataFactory                      Core,Desk {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFactoryV2, Remove-AzDataFactoryV2…}
Script     1.0.2                 Az.DataLakeAnalytics                Core,Desk {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalyticsCatalogCredential, Remove-AzDataLakeAnalyticsCatalogCredential, Set-AzDataLakeAnalyticsCatalogCre…
Script     1.3.0                 Az.DataLakeStore                    Core,Desk {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreFirewallRule, Set-AzDataLakeStoreTrustedIdProvider…}
Script     1.0.0                 Az.DataShare                        Core,Desk {New-AzDataShareAccount, Get-AzDataShareAccount, Remove-AzDataShareAccount, New-AzDataShare…}
Script     1.1.0                 Az.DeploymentManager                Core,Desk {Get-AzDeploymentManagerArtifactSource, New-AzDeploymentManagerArtifactSource, Set-AzDeploymentManagerArtifactSource, Remove-AzDeploymentManagerArtifactSour…
Script     2.1.1                 Az.DesktopVirtualization            Core,Desk {Disconnect-AzWvdUserSession, Expand-AzWvdMsixImage, Get-AzWvdApplication, Get-AzWvdApplicationGroup…}
Script     1.0.2                 Az.DevTestLabs                      Core,Desk {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolicy, Get-AzDtlAutoStartPolicy, Get-AzDtlVMsPerLabPolicy…}
Script     1.1.2                 Az.Dns                              Core,Desk {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRecordSet, Set-AzDnsRecordSet…}
Script     1.3.0                 Az.EventGrid                        Core,Desk {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGridTopic, New-AzEventGridTopicKey…}
Script     1.7.2                 Az.EventHub                         Core,Desk {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzEventHubNamespace, Remove-AzEventHubNamespace…}
Script     1.7.0                 Az.FrontDoor                        Core,Desk {New-AzFrontDoor, Get-AzFrontDoor, Set-AzFrontDoor, Remove-AzFrontDoor…}
Script     2.0.0                 Az.Functions                        Core,Desk {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocation, Get-AzFunctionAppPlan, Get-AzFunctionAppSetting…}
Script     0.10.8                Az.GuestConfiguration               Core,Desk {Get-AzVMGuestPolicyStatus, Get-AzVMGuestPolicyStatusHistory}
Script     4.2.1                 Az.HDInsight                        Core,Desk {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wait-AzHDInsightJob, New-AzHDInsightStreamingMapReduceJobDefinition…}
Script     1.3.1                 Az.HealthcareApis                   Core,Desk {New-AzHealthcareApisService, Remove-AzHealthcareApisService, Set-AzHealthcareApisService, Get-AzHealthcareApisService}
Script     2.7.3                 Az.IotHub                           Core,Desk {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-AzIotHubConnectionString, Get-AzIotHubJob…}
Script     3.4.2                 Az.KeyVault                         Core,Desk {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, Stop-AzKeyVaultCertificateOperation, Get-AzKeyVaultCertificateOperation…}
Script     1.0.1                 Az.Kusto                            Core,Desk {Add-AzKustoClusterLanguageExtension, Add-AzKustoDatabasePrincipal, Get-AzKustoAttachedDatabaseConfiguration, Get-AzKustoCluster…}
Script     1.5.0                 Az.LogicApp                         Core,Desk {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccountAssembly, Get-AzIntegrationAccountBatchConfiguration, Get-AzIntegrationAccountCallbackUrl…}
Script     1.1.3                 Az.MachineLearning                  Core,Desk {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssociation, Get-AzMlCommitmentPlanUsageHistory, Remove-AzMlCommitmentPlan…}
Script     1.1.0                 Az.Maintenance                      Core,Desk {Get-AzApplyUpdate, Get-AzConfigurationAssignment, Get-AzMaintenanceConfiguration, Get-AzMaintenanceUpdate…}
Script     2.0.0                 Az.ManagedServices                  Core,Desk {Get-AzManagedServicesAssignment, New-AzManagedServicesAssignment, Remove-AzManagedServicesAssignment, Get-AzManagedServicesDefinition…}
Script     1.0.2                 Az.MarketplaceOrdering              Core,Desk {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}
Script     1.1.1                 Az.Media                            Core,Desk {Sync-AzMediaServiceStorageKey, Set-AzMediaServiceKey, Get-AzMediaServiceKey, Get-AzMediaServiceNameAvailability…}
Script     1.0.1                 Az.Migrate                          Core,Desk {Get-AzMigrateDiscoveredServer, Get-AzMigrateJob, Get-AzMigrateProject, Get-AzMigrateReplicationFabric…}
Script     2.5.0                 Az.Monitor                          Core,Desk {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile, Get-AzLogProfile…}
Script     4.7.0                 Az.Network                          Core,Desk {Add-AzApplicationGatewayAuthenticationCertificate, Get-AzApplicationGatewayAuthenticationCertificate, New-AzApplicationGatewayAuthenticationCertificate, Re…
Script     1.1.1                 Az.NotificationHubs                 Core,Desk {Get-AzNotificationHub, Get-AzNotificationHubAuthorizationRule, Get-AzNotificationHubListKey, Get-AzNotificationHubPNSCredential…}
Script     2.3.0                 Az.OperationalInsights              Core,Desk {New-AzOperationalInsightsAzureActivityLogDataSource, New-AzOperationalInsightsCustomLogDataSource, Disable-AzOperationalInsightsLinuxCustomLogCollection, D…
Script     1.4.1                 Az.PolicyInsights                   Core,Desk {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSummary, Get-AzPolicyRemediation…}
Script     1.1.2                 Az.PowerBIEmbedded                  Core,Desk {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollectionAccessKey, Get-AzPowerBIWorkspace…}
Script     1.0.3                 Az.PrivateDns                       Core,Desk {Get-AzPrivateDnsZone, Remove-AzPrivateDnsZone, Set-AzPrivateDnsZone, New-AzPrivateDnsZone…}
Script     3.5.0                 Az.RecoveryServices                 Core,Desk {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServicesVault, Get-AzRecoveryServicesVaultSettingsFile, New-AzRecoveryServicesVault…}
Script     1.4.0                 Az.RedisCache                       Core,Desk {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheScheduleEntry, Get-AzRedisCachePatchSchedule, New-AzRedisCachePatchSchedule…}
Script     1.0.0                 Az.RedisEnterpriseCache             Core,Desk {Export-AzRedisEnterpriseCache, Get-AzRedisEnterpriseCache, Get-AzRedisEnterpriseCacheDatabase, Get-AzRedisEnterpriseCacheKey…}
Script     1.0.3                 Az.Relay                            Core,Desk {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNamespace, Remove-AzRelayNamespace…}
Script     3.4.1                 Az.Resources                        Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzRoleAssignment, New-AzRoleAssignment…}
Script     1.5.0                 Az.ServiceBus                       Core,Desk {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set-AzServiceBusNamespace, Remove-AzServiceBusNamespace…}
Script     2.3.0                 Az.ServiceFabric                    Core,Desk {Add-AzServiceFabricClientCertificate, Add-AzServiceFabricClusterCertificate, Add-AzServiceFabricNode, Add-AzServiceFabricNodeType…}
Script     1.2.0                 Az.SignalR                          Core,Desk {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSignalRKey…}
Script     2.17.1                Az.Sql                              Core,Desk {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDatabaseTransparentDataEncryptionActivity, Set-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDataba…
Script     1.1.0                 Az.SqlVirtualMachine                Core,Desk {New-AzSqlVM, Get-AzSqlVM, Update-AzSqlVM, Remove-AzSqlVM…}
Script     3.5.1                 Az.Storage                          Core,Desk {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStorageAccount, New-AzStorageAccountKey…}
Script     1.4.0                 Az.StorageSync                      Core,Desk {Invoke-AzStorageSyncCompatibilityCheck, New-AzStorageSyncService, Get-AzStorageSyncService, Set-AzStorageSyncService…}
Script     1.1.0                 Az.StreamAnalytics                  Core,Desk {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefaultFunctionDefinition, New-AzStreamAnalyticsFunction, Remove-AzStreamAnalyticsFunction…}
Script     1.0.0                 Az.Support                          Core,Desk {Get-AzSupportService, Get-AzSupportProblemClassification, Get-AzSupportTicket, Get-AzSupportTicketCommunication…}
Script     1.0.4                 Az.TrafficManager                   Core,Desk {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTrafficManagerCustomHeaderFromEndpoint, Add-AzTrafficManagerCustomHeaderToProfile, Remove-AzTrafficMan…
Script     2.5.0                 Az.Websites                         Core,Desk {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServicePlan, Remove-AzAppServicePlan…}
Script     0.0.0.10              AzureAD.Standard.Preview            Desk      {Get-AzureADServiceAppRoleAssignment, Set-AzureADTenantDetail, New-AzureADGroup, Set-AzureADApplication…}
Script     0.9.3                 AzurePSDrive                        Desk
Script     17.0.4716…            EXOPSSessionConnector               Desk      Connect-EXOPSSession
Binary     0.1.1                 Microsoft.PowerShell.UnixCompleters Core      {Import-UnixCompleters, Remove-UnixCompleters, Set-UnixCompleter}
Manifest   1.0.867               MicrosoftPowerBIMgmt                Desk
Binary     1.0.867               MicrosoftPowerBIMgmt.Admin          Desk      {Add-PowerBIEncryptionKey, Get-PowerBIEncryptionKey, Get-PowerBIWorkspaceEncryptionStatus, Switch-PowerBIEncryptionKey…}
Binary     1.0.867               MicrosoftPowerBIMgmt.Capacities     Desk      Get-PowerBICapacity
Binary     1.0.867               MicrosoftPowerBIMgmt.Data           Desk      {Add-PowerBIDataset, Set-PowerBITable, New-PowerBIDataset, New-PowerBITable…}
Binary     1.0.867               MicrosoftPowerBIMgmt.Profile        Desk      {Connect-PowerBIServiceAccount, Disconnect-PowerBIServiceAccount, Invoke-PowerBIRestMethod, Get-PowerBIAccessToken…}
Binary     1.0.867               MicrosoftPowerBIMgmt.Reports        Desk      {Get-PowerBIReport, New-PowerBIReport, Export-PowerBIReport, Get-PowerBIDashboard…}
Binary     1.0.867               MicrosoftPowerBIMgmt.Workspaces     Desk      {Get-PowerBIWorkspace, Get-PowerBIWorkspaceMigrationStatus, Add-PowerBIWorkspaceUser, Remove-PowerBIWorkspaceUser…}
Binary     1.1.6                 MicrosoftTeams                      Core,Desk {Add-TeamUser, Connect-MicrosoftTeams, Disconnect-MicrosoftTeams, Get-CsPolicyPackage…}
Script     0.9.3                 PSCloudShellUtility                 Desk      {Enter-AzVM, Get-AzCommand, Invoke-AzVMCommand, Enable-AzVMPSRemoting…}
Binary     0.8.1                 SHiPS                               Desk
Script     21.1.18229            SqlServer                           Desk      {Add-RoleMember, Add-SqlAvailabilityDatabase, Add-SqlAvailabilityGroupListenerStaticIp, Add-SqlAzureAuthenticationContext…}

    Directory: /opt/microsoft/powershell/7/Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Manifest   1.2.5                 Microsoft.PowerShell.Archive        Desk      {Compress-Archive, Expand-Archive}
Manifest   7.0.0.0               Microsoft.PowerShell.Host           Core      {Start-Transcript, Stop-Transcript}
Manifest   7.0.0.0               Microsoft.PowerShell.Management     Core      {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path…}
Manifest   7.0.0.0               Microsoft.PowerShell.Security       Core      {Get-Credential, Get-ExecutionPolicy, Set-ExecutionPolicy, ConvertFrom-SecureString…}
Manifest   7.0.0.0               Microsoft.PowerShell.Utility        Core      {Export-Alias, Get-Alias, Import-Alias, New-Alias…}
Script     1.4.7                 PackageManagement                   Desk      {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource…}
Script     2.2.5                 PowerShellGet                       Desk      {Find-Command, Find-DSCResource, Find-Module, Find-RoleCapability…}
Script     2.0.5                 PSDesiredStateConfiguration         Core      {Configuration, New-DscChecksum, Get-DscResource, Invoke-DscResource}
Script     2.1.0                 PSReadLine                          Desk      {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler, Get-PSReadLineOption…}
Binary     2.0.3                 ThreadJob                           Desk      Start-ThreadJob

Debug output

DEBUG: 2:04:05 PM - SetAzureStorageAccountCommand begin processing with ParameterSet 'KeyvaultEncryption'.
DEBUG: 2:04:05 PM - using account id 'xxxxxxxxxxx'...
DEBUG: [Common.Authentication]: Authenticating using Account: 'MSI@50342', environment: 'AzureCloud', tenant: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
DEBUG: [HttpClientOperations]: Adding Header 'Metadata'
DEBUG: [Common.Authentication]: Received token with LoginType 'ManagedService', Tenant: 'xxxxxxxxxxxxxxxxxxxxxxxxx', UserId: 'xxxxxxxxxx'
DEBUG: Checking Cache request http://localhost:50342/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01
DEBUG: Cache Hit
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://management.azure.com/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest?api-version=2021-01-01

Headers:
x-ms-client-request-id        : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Accept-Language               : en-US

Body:
{
  "properties": {
    "encryption": {
      "keySource": "Microsoft.Keyvault",
      "keyvaultproperties": {
        "keyname": "key1",
        "keyvaulturi": "https://xxxxxxxtest5.vault.azure.net/"
      }
    }
  }
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-request-id               : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Server                        : Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-correlation-request-id   : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x-ms-routing-request-id       : EASTUS:20210416T140408Z:31d98a91-3a93-4b29-830f-cd28a9ae7c20
X-Content-Type-Options        : nosniff
Date                          : Fri, 16 Apr 2021 14:04:07 GMT

Body:
{
  "identity": {
    "principalId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "tenantId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "type": "SystemAssigned"
  },
  "sku": {
    "name": "Standard_LRS",
    "tier": "Standard"
  },
  "kind": "StorageV2",
  "id": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest",
  "name": "xxxxxxxtest",
  "type": "Microsoft.Storage/storageAccounts",
  "location": "eastus",
  "tags": {},
  "properties": {
    "privateEndpointConnections": [],
    "minimumTlsVersion": "TLS1_2",
    "allowBlobPublicAccess": true,
    "allowSharedKeyAccess": true,
    "networkAcls": {
      "bypass": "AzureServices",
      "virtualNetworkRules": [],
      "ipRules": [],
      "defaultAction": "Allow"
    },
    "supportsHttpsTrafficOnly": true,
    "encryption": {
      "keyvaultproperties": {
        "currentVersionedKeyIdentifier": "https://xxxxxxxtest5.vault.azure.net/keys/key1/xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "lastKeyRotationTimestamp": "2021-04-16T14:04:07.095877Z",
        "currentVersionedKeyExpirationTimestamp": "1970-01-01T00:00:00Z",
        "keyvaulturi": "https://xxxxxxxtest5.vault.azure.net/",
        "keyname": "key1",
        "keyversion": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      },
      "services": {
        "file": {
          "keyType": "Account",
          "enabled": true,
          "lastEnabledTime": "2021-04-13T15:26:51.8631125Z"
        },
        "blob": {
          "keyType": "Account",
          "enabled": true,
          "lastEnabledTime": "2021-04-13T15:26:51.8631125Z"
        }
      },
      "keySource": "Microsoft.Keyvault"
    },
    "accessTier": "Hot",
    "provisioningState": "Succeeded",
    "creationTime": "2021-04-13T15:26:51.7381468Z",
    "primaryEndpoints": {
      "dfs": "https://xxxxxxxtest.dfs.core.windows.net/",
      "web": "https://xxxxxxxtest.z13.web.core.windows.net/",
      "blob": "https://xxxxxxxtest.blob.core.windows.net/",
      "queue": "https://xxxxxxxtest.queue.core.windows.net/",
      "table": "https://xxxxxxxtest.table.core.windows.net/",
      "file": "https://xxxxxxxtest.file.core.windows.net/"
    },
    "primaryLocation": "eastus",
    "statusOfPrimary": "available"
  }
}

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest?api-version=2021-01-01

Headers:
x-ms-client-request-id        : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Accept-Language               : en-US

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-request-id               : xxxxxxxxxxxxxxxxxxxxxxxxxxx
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Server                        : Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-reads: 11997
x-ms-correlation-request-id   : xxxxxxxxxxxxxxxxxxxxxxxxxxx
x-ms-routing-request-id       : EASTUS:20210416T140408Z:df32b4a4-cc0f-44f3-aa18-90d87556d8f9
X-Content-Type-Options        : nosniff
Date                          : Fri, 16 Apr 2021 14:04:07 GMT

Body:
{
  "identity": {
    "principalId": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "tenantId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "type": "SystemAssigned"
  },
  "sku": {
    "name": "Standard_LRS",
    "tier": "Standard"
  },
  "kind": "StorageV2",
  "id": "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest",
  "name": "xxxxxxxtest",
  "type": "Microsoft.Storage/storageAccounts",
  "location": "eastus",
  "tags": {},
  "properties": {
    "privateEndpointConnections": [],
    "minimumTlsVersion": "TLS1_2",
    "allowBlobPublicAccess": true,
    "allowSharedKeyAccess": true,
    "networkAcls": {
      "bypass": "AzureServices",
      "virtualNetworkRules": [],
      "ipRules": [],
      "defaultAction": "Allow"
    },
    "supportsHttpsTrafficOnly": true,
    "encryption": {
      "keyvaultproperties": {
        "currentVersionedKeyIdentifier": "https://xxxxxxxtest5.vault.azure.net/keys/key1/xxxxxxxxxxxxxxxxxxx",
        "lastKeyRotationTimestamp": "2021-04-16T14:04:07.095877Z",
        "currentVersionedKeyExpirationTimestamp": "1970-01-01T00:00:00Z",
        "keyvaulturi": "https://xxxxxxxtest5.vault.azure.net/",
        "keyname": "key1",
        "keyversion": "xxxxxxxxxxxxxxxxxxxxxxxx"
      },
      "services": {
        "file": {
          "keyType": "Account",
          "enabled": true,
          "lastEnabledTime": "2021-04-13T15:26:51.8631125Z"
        },
        "blob": {
          "keyType": "Account",
          "enabled": true,
          "lastEnabledTime": "2021-04-13T15:26:51.8631125Z"
        }
      },
      "keySource": "Microsoft.Keyvault"
    },
    "accessTier": "Hot",
    "provisioningState": "Succeeded",
    "creationTime": "2021-04-13T15:26:51.7381468Z",
    "primaryEndpoints": {
      "dfs": "https://xxxxxxxtest.dfs.core.windows.net/",
      "web": "https://xxxxxxxtest.z13.web.core.windows.net/",
      "blob": "https://xxxxxxxtest.blob.core.windows.net/",
      "queue": "https://xxxxxxxtest.queue.core.windows.net/",
      "table": "https://xxxxxxxtest.table.core.windows.net/",
      "file": "https://xxxxxxxtest.file.core.windows.net/"
    },
    "primaryLocation": "eastus",
    "statusOfPrimary": "available"
  }
}

DEBUG: AzureQoSEvent: CommandName - Set-AzStorageAccount; IsSuccess - True; Duration - 00:00:02.4612750
DEBUG: Finish sending metric.
DEBUG: 2:04:08 PM - SetAzureStorageAccountCommand end processing.
StorageAccountName ResourceGroupName PrimaryLocation SkuName      Kind      AccessTier CreationTime         ProvisioningState EnableHttpsTrafficOnly LargeFileShares
------------------ ----------------- --------------- -------      ----      ---------- ------------         ----------------- ---------------------- ---------------
xxxxxxxtest       xxxxxxx-mgmt     eastus          Standard_LRS StorageV2 Hot        4/13/2021 3:26:51 PM Succeeded         True

Error output

DEBUG: 2:11:13 PM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 2:11:13 PM - using account id 'xxxxxxx'...
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.

   HistoryId: 9

Message        : Cannot validate argument on parameter 'KeyName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
StackTrace     :    at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags) in
                 /PowerShell/src/System.Management.Automation/engine/ParameterBinderBase.cs:line 529
                    at System.Management.Automation.CmdletParameterBinderController.BindParameter(CommandParameterInternal argument, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags) in
                 /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 1354
                    at System.Management.Automation.CmdletParameterBinderController.BindParameter(UInt32 parameterSets, CommandParameterInternal argument, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags) in
                 /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 1295
                    at System.Management.Automation.CmdletParameterBinderController.BindNamedParameter(UInt32 parameterSets, CommandParameterInternal argument, MergedCompiledCommandParameter parameter) in
                 /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 1099
                    at System.Management.Automation.ParameterBinderController.BindNamedParameters(UInt32 parameterSets, Collection`1 arguments) in /PowerShell/src/System.Management.Automation/engine/ParameterBinderController.cs:line 645
                    at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParametersNoValidation(Collection`1 arguments) in
                 /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 229
                    at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParameters(Collection`1 arguments) in /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 108
                    at System.Management.Automation.CommandProcessor.BindCommandLineParameters() in /PowerShell/src/System.Management.Automation/engine/CommandProcessor.cs:line 178
                    at System.Management.Automation.CommandProcessor.Prepare(IDictionary psDefaultParameterValues) in /PowerShell/src/System.Management.Automation/engine/CommandProcessor.cs:line 238
                    at System.Management.Automation.CommandProcessorBase.DoPrepare(IDictionary psDefaultParameterValues) in /PowerShell/src/System.Management.Automation/engine/CommandProcessorBase.cs:line 442
                    at System.Management.Automation.Internal.PipelineProcessor.Start(Boolean incomingStream) in /PowerShell/src/System.Management.Automation/engine/pipeline.cs:line 1051
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input) in /PowerShell/src/System.Management.Automation/engine/pipeline.cs:line 499
                 --- End of stack trace from previous location ---
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input) in /PowerShell/src/System.Management.Automation/engine/pipeline.cs:line 585
                    at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections,
                 FunctionContext funcContext) in /PowerShell/src/System.Management.Automation/engine/runtime/Operations/MiscOps.cs:line 498
                    at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame) in /PowerShell/src/System.Management.Automation/engine/interpreter/CallInstruction.Generated.cs:line 608
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) in /PowerShell/src/System.Management.Automation/engine/interpreter/ControlFlowInstructions.cs:line 358
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Set-AzStorageAccount}
Line           : Set-AzStorageAccount -ResourceGroupName $storageAccount.ResourceGroupName -AccountName $storageAccount.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVaultUri $keyVault.VaultUri
Position       : At line:1 char:152
                 + … unt.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVau …
                 +                                                       ~~~~~~~~~
HistoryId      : 9

Message        : The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
StackTrace     :    at System.Management.Automation.ValidateNotNullOrEmptyAttribute.Validate(Object arguments, EngineIntrinsics engineIntrinsics) in /PowerShell/src/System.Management.Automation/engine/Attributes.cs:line 2031
                    at System.Management.Automation.ValidateArgumentsAttribute.InternalValidate(Object o, EngineIntrinsics engineIntrinsics) in /PowerShell/src/System.Management.Automation/engine/Attributes.cs:line 129
                    at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags) in
                 /PowerShell/src/System.Management.Automation/engine/ParameterBinderBase.cs:line 509
Exception      : System.Management.Automation.ValidationMetadataException
InvocationInfo : {Set-AzStorageAccount}
Line           : Set-AzStorageAccount -ResourceGroupName $storageAccount.ResourceGroupName -AccountName $storageAccount.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVaultUri $keyVault.VaultUri
Position       : At line:1 char:152
                 + … unt.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVau …
                 +                                                       ~~~~~~~~~
HistoryId      : 9

   HistoryId: 8

Message        : Operation returned an invalid status code 'Forbidden'
StackTrace     :    at Microsoft.Azure.KeyVault.KeyVaultClient.GetKeyWithHttpMessagesAsync(String vaultBaseUrl, String keyName, String keyVersion, Dictionary`2 customHeaders, CancellationToken cancellationToken)
                    at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetKeyAsync(IKeyVaultClient operations, String vaultBaseUrl, String keyName, String keyVersion, CancellationToken cancellationToken)
                    at Microsoft.Azure.Commands.KeyVault.Models.KeyVaultDataServiceClient.GetKey(String vaultName, String keyName, String keyVersion)
                    at Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultKey.GetKeyVaultKey()
                    at Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultKey.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : Microsoft.Azure.KeyVault.Models.KeyVaultErrorException
InvocationInfo : {Get-AzKeyVaultKey}
Line           : $key = Get-AzKeyVaultKey -VaultName $keyVault.VaultName -Name "key1"
Position       : At line:1 char:8
                 + $key = Get-AzKeyVaultKey -VaultName $keyVault.VaultName -Name "key1"
                 +        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 8

The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR.

DEBUG: AzureQoSEvent: CommandName - Resolve-AzError; IsSuccess - True; Duration - 00:00:00.0255496
DEBUG: Finish sending metric.
DEBUG: 2:11:13 PM - ResolveError end processing.

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

Issue Details

---

## Description Using Set-AzStorageAccount to change storage account to auto update enabled is not working when URI key is set. This does not even produce an error and shows succeeded output when running the script provided in below URL. https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell#configure-encryption-for-automatic-updating-of-key-versions This works when the Storage Account Encryption is set to Microsoft-managed keys but not when Customer-managed keys is set use key URI ## Steps to reproduce ```powershell $RGName = $kvName = $storageAccount = Get-AzStorageAccount -ResourceGroupName $RGName -Name $keyVault = Get-AzKeyVault -VaultName $kvName $key = Get-AzKeyVaultKey -VaultName $keyVault.VaultName -Name Set-AzStorageAccount -ResourceGroupName $storageAccount.ResourceGroupName -AccountName $storageAccount.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVaultUri $keyVault.VaultUri ``` ## Environment data ``` Name Value ---- ----- PSVersion 7.1.3 PSEdition Core GitCommitId 7.1.3 OS Linux 4.15.0-1112-azure #124~16.04.1-Ubuntu SMP Sat Mar 27 00:08:18 UTC 2021 Platform Unix PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0 ``` ## Module versions ```powershell Directory: /usr/local/share/powershell/Modules ModuleType Version PreRelease Name PSEdition ExportedCommands ---------- ------- ---------- ---- --------- ---------------- Script 5.8.0 Az Core,Desk Script 2.2.8 Az.Accounts Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollection, Enable-AzContextAutosave…} Script 1.1.1 Az.Advisor Core,Desk {Get-AzAdvisorRecommendation, Enable-AzAdvisorRecommendation, Disable-AzAdvisorRecommendation, Get-AzAdvisorConfiguration…} Script 2.0.2 Az.Aks Core,Desk {Get-AzAksCluster, New-AzAksCluster, Remove-AzAksCluster, Import-AzAksCredential…} Script 1.1.4 Az.AnalysisServices Core,Desk {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServicesServer, Get-AzAnalysisServicesServer, Remove-AzAnalysisServicesServer…} Script 2.2.0 Az.ApiManagement Core,Desk {Add-AzApiManagementApiToGateway, Add-AzApiManagementApiToProduct, Add-AzApiManagementProductToGroup, Add-AzApiManagementRegion…} Script 1.0.0 Az.AppConfiguration Core,Desk {Get-AzAppConfigurationStore, Get-AzAppConfigurationStoreKey, New-AzAppConfigurationStore, New-AzAppConfigurationStoreKey…} Script 1.1.0 Az.ApplicationInsights Core,Desk {Get-AzApplicationInsights, New-AzApplicationInsights, Remove-AzApplicationInsights, Update-AzApplicationInsights…} Script 1.6.0 Az.Automation Core,Desk {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHybridWorkerGroup, Get-AzAutomationJobOutputRecord, Import-AzAutomationDscNodeConfiguration…} Script 3.1.0 Az.Batch Core,Desk {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAccountKey, New-AzBatchAccount…} Script 2.0.0 Az.Billing Core,Desk {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollmentAccount, Get-AzConsumptionBudget…} Script 1.6.0 Az.Cdn Core,Desk {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfile, Remove-AzCdnProfile…} Script 1.8.0 Az.CognitiveServices Core,Desk {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAccountKey, Get-AzCognitiveServicesAccountSku, Get-AzCognitiveServicesAccountType…} Script 4.11.0 Az.Compute Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAvailabilitySet, Update-AzAvailabilitySet…} Script 1.0.3 Az.ContainerInstance Core,Desk {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzContainerGroup, Get-AzContainerInstanceLog} Script 2.2.2 Az.ContainerRegistry Core,Desk {New-AzContainerRegistry, Get-AzContainerRegistry, Update-AzContainerRegistry, Remove-AzContainerRegistry…} Script 1.1.0 Az.CosmosDB Core,Desk {Get-AzCosmosDBSqlContainer, Get-AzCosmosDBSqlContainerThroughput, Get-AzCosmosDBSqlDatabase, Get-AzCosmosDBSqlDatabaseThroughput…} Script 1.1.0 Az.DataBoxEdge Core,Desk {Get-AzDataBoxEdgeJob, Get-AzDataBoxEdgeDevice, Invoke-AzDataBoxEdgeDevice, New-AzDataBoxEdgeDevice…} Script 1.1.0 Az.Databricks Core,Desk {Get-AzDatabricksVNetPeering, Get-AzDatabricksWorkspace, New-AzDatabricksVNetPeering, New-AzDatabricksWorkspace…} Script 1.11.5 Az.DataFactory Core,Desk {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFactoryV2, Remove-AzDataFactoryV2…} Script 1.0.2 Az.DataLakeAnalytics Core,Desk {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalyticsCatalogCredential, Remove-AzDataLakeAnalyticsCatalogCredential, Set-AzDataLakeAnalyticsCatalogCre… Script 1.3.0 Az.DataLakeStore Core,Desk {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreFirewallRule, Set-AzDataLakeStoreTrustedIdProvider…} Script 1.0.0 Az.DataShare Core,Desk {New-AzDataShareAccount, Get-AzDataShareAccount, Remove-AzDataShareAccount, New-AzDataShare…} Script 1.1.0 Az.DeploymentManager Core,Desk {Get-AzDeploymentManagerArtifactSource, New-AzDeploymentManagerArtifactSource, Set-AzDeploymentManagerArtifactSource, Remove-AzDeploymentManagerArtifactSour… Script 2.1.1 Az.DesktopVirtualization Core,Desk {Disconnect-AzWvdUserSession, Expand-AzWvdMsixImage, Get-AzWvdApplication, Get-AzWvdApplicationGroup…} Script 1.0.2 Az.DevTestLabs Core,Desk {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolicy, Get-AzDtlAutoStartPolicy, Get-AzDtlVMsPerLabPolicy…} Script 1.1.2 Az.Dns Core,Desk {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRecordSet, Set-AzDnsRecordSet…} Script 1.3.0 Az.EventGrid Core,Desk {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGridTopic, New-AzEventGridTopicKey…} Script 1.7.2 Az.EventHub Core,Desk {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzEventHubNamespace, Remove-AzEventHubNamespace…} Script 1.7.0 Az.FrontDoor Core,Desk {New-AzFrontDoor, Get-AzFrontDoor, Set-AzFrontDoor, Remove-AzFrontDoor…} Script 2.0.0 Az.Functions Core,Desk {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocation, Get-AzFunctionAppPlan, Get-AzFunctionAppSetting…} Script 0.10.8 Az.GuestConfiguration Core,Desk {Get-AzVMGuestPolicyStatus, Get-AzVMGuestPolicyStatusHistory} Script 4.2.1 Az.HDInsight Core,Desk {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wait-AzHDInsightJob, New-AzHDInsightStreamingMapReduceJobDefinition…} Script 1.3.1 Az.HealthcareApis Core,Desk {New-AzHealthcareApisService, Remove-AzHealthcareApisService, Set-AzHealthcareApisService, Get-AzHealthcareApisService} Script 2.7.3 Az.IotHub Core,Desk {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-AzIotHubConnectionString, Get-AzIotHubJob…} Script 3.4.2 Az.KeyVault Core,Desk {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, Stop-AzKeyVaultCertificateOperation, Get-AzKeyVaultCertificateOperation…} Script 1.0.1 Az.Kusto Core,Desk {Add-AzKustoClusterLanguageExtension, Add-AzKustoDatabasePrincipal, Get-AzKustoAttachedDatabaseConfiguration, Get-AzKustoCluster…} Script 1.5.0 Az.LogicApp Core,Desk {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccountAssembly, Get-AzIntegrationAccountBatchConfiguration, Get-AzIntegrationAccountCallbackUrl…} Script 1.1.3 Az.MachineLearning Core,Desk {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssociation, Get-AzMlCommitmentPlanUsageHistory, Remove-AzMlCommitmentPlan…} Script 1.1.0 Az.Maintenance Core,Desk {Get-AzApplyUpdate, Get-AzConfigurationAssignment, Get-AzMaintenanceConfiguration, Get-AzMaintenanceUpdate…} Script 2.0.0 Az.ManagedServices Core,Desk {Get-AzManagedServicesAssignment, New-AzManagedServicesAssignment, Remove-AzManagedServicesAssignment, Get-AzManagedServicesDefinition…} Script 1.0.2 Az.MarketplaceOrdering Core,Desk {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms} Script 1.1.1 Az.Media Core,Desk {Sync-AzMediaServiceStorageKey, Set-AzMediaServiceKey, Get-AzMediaServiceKey, Get-AzMediaServiceNameAvailability…} Script 1.0.1 Az.Migrate Core,Desk {Get-AzMigrateDiscoveredServer, Get-AzMigrateJob, Get-AzMigrateProject, Get-AzMigrateReplicationFabric…} Script 2.5.0 Az.Monitor Core,Desk {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile, Get-AzLogProfile…} Script 4.7.0 Az.Network Core,Desk {Add-AzApplicationGatewayAuthenticationCertificate, Get-AzApplicationGatewayAuthenticationCertificate, New-AzApplicationGatewayAuthenticationCertificate, Re… Script 1.1.1 Az.NotificationHubs Core,Desk {Get-AzNotificationHub, Get-AzNotificationHubAuthorizationRule, Get-AzNotificationHubListKey, Get-AzNotificationHubPNSCredential…} Script 2.3.0 Az.OperationalInsights Core,Desk {New-AzOperationalInsightsAzureActivityLogDataSource, New-AzOperationalInsightsCustomLogDataSource, Disable-AzOperationalInsightsLinuxCustomLogCollection, D… Script 1.4.1 Az.PolicyInsights Core,Desk {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSummary, Get-AzPolicyRemediation…} Script 1.1.2 Az.PowerBIEmbedded Core,Desk {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollectionAccessKey, Get-AzPowerBIWorkspace…} Script 1.0.3 Az.PrivateDns Core,Desk {Get-AzPrivateDnsZone, Remove-AzPrivateDnsZone, Set-AzPrivateDnsZone, New-AzPrivateDnsZone…} Script 3.5.0 Az.RecoveryServices Core,Desk {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServicesVault, Get-AzRecoveryServicesVaultSettingsFile, New-AzRecoveryServicesVault…} Script 1.4.0 Az.RedisCache Core,Desk {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheScheduleEntry, Get-AzRedisCachePatchSchedule, New-AzRedisCachePatchSchedule…} Script 1.0.0 Az.RedisEnterpriseCache Core,Desk {Export-AzRedisEnterpriseCache, Get-AzRedisEnterpriseCache, Get-AzRedisEnterpriseCacheDatabase, Get-AzRedisEnterpriseCacheKey…} Script 1.0.3 Az.Relay Core,Desk {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNamespace, Remove-AzRelayNamespace…} Script 3.4.1 Az.Resources Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzRoleAssignment, New-AzRoleAssignment…} Script 1.5.0 Az.ServiceBus Core,Desk {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set-AzServiceBusNamespace, Remove-AzServiceBusNamespace…} Script 2.3.0 Az.ServiceFabric Core,Desk {Add-AzServiceFabricClientCertificate, Add-AzServiceFabricClusterCertificate, Add-AzServiceFabricNode, Add-AzServiceFabricNodeType…} Script 1.2.0 Az.SignalR Core,Desk {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSignalRKey…} Script 2.17.1 Az.Sql Core,Desk {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDatabaseTransparentDataEncryptionActivity, Set-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDataba… Script 1.1.0 Az.SqlVirtualMachine Core,Desk {New-AzSqlVM, Get-AzSqlVM, Update-AzSqlVM, Remove-AzSqlVM…} Script 3.5.1 Az.Storage Core,Desk {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStorageAccount, New-AzStorageAccountKey…} Script 1.4.0 Az.StorageSync Core,Desk {Invoke-AzStorageSyncCompatibilityCheck, New-AzStorageSyncService, Get-AzStorageSyncService, Set-AzStorageSyncService…} Script 1.1.0 Az.StreamAnalytics Core,Desk {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefaultFunctionDefinition, New-AzStreamAnalyticsFunction, Remove-AzStreamAnalyticsFunction…} Script 1.0.0 Az.Support Core,Desk {Get-AzSupportService, Get-AzSupportProblemClassification, Get-AzSupportTicket, Get-AzSupportTicketCommunication…} Script 1.0.4 Az.TrafficManager Core,Desk {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTrafficManagerCustomHeaderFromEndpoint, Add-AzTrafficManagerCustomHeaderToProfile, Remove-AzTrafficMan… Script 2.5.0 Az.Websites Core,Desk {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServicePlan, Remove-AzAppServicePlan…} Script 0.0.0.10 AzureAD.Standard.Preview Desk {Get-AzureADServiceAppRoleAssignment, Set-AzureADTenantDetail, New-AzureADGroup, Set-AzureADApplication…} Script 0.9.3 AzurePSDrive Desk Script 17.0.4716… EXOPSSessionConnector Desk Connect-EXOPSSession Binary 0.1.1 Microsoft.PowerShell.UnixCompleters Core {Import-UnixCompleters, Remove-UnixCompleters, Set-UnixCompleter} Manifest 1.0.867 MicrosoftPowerBIMgmt Desk Binary 1.0.867 MicrosoftPowerBIMgmt.Admin Desk {Add-PowerBIEncryptionKey, Get-PowerBIEncryptionKey, Get-PowerBIWorkspaceEncryptionStatus, Switch-PowerBIEncryptionKey…} Binary 1.0.867 MicrosoftPowerBIMgmt.Capacities Desk Get-PowerBICapacity Binary 1.0.867 MicrosoftPowerBIMgmt.Data Desk {Add-PowerBIDataset, Set-PowerBITable, New-PowerBIDataset, New-PowerBITable…} Binary 1.0.867 MicrosoftPowerBIMgmt.Profile Desk {Connect-PowerBIServiceAccount, Disconnect-PowerBIServiceAccount, Invoke-PowerBIRestMethod, Get-PowerBIAccessToken…} Binary 1.0.867 MicrosoftPowerBIMgmt.Reports Desk {Get-PowerBIReport, New-PowerBIReport, Export-PowerBIReport, Get-PowerBIDashboard…} Binary 1.0.867 MicrosoftPowerBIMgmt.Workspaces Desk {Get-PowerBIWorkspace, Get-PowerBIWorkspaceMigrationStatus, Add-PowerBIWorkspaceUser, Remove-PowerBIWorkspaceUser…} Binary 1.1.6 MicrosoftTeams Core,Desk {Add-TeamUser, Connect-MicrosoftTeams, Disconnect-MicrosoftTeams, Get-CsPolicyPackage…} Script 0.9.3 PSCloudShellUtility Desk {Enter-AzVM, Get-AzCommand, Invoke-AzVMCommand, Enable-AzVMPSRemoting…} Binary 0.8.1 SHiPS Desk Script 21.1.18229 SqlServer Desk {Add-RoleMember, Add-SqlAvailabilityDatabase, Add-SqlAvailabilityGroupListenerStaticIp, Add-SqlAzureAuthenticationContext…} Directory: /opt/microsoft/powershell/7/Modules ModuleType Version PreRelease Name PSEdition ExportedCommands ---------- ------- ---------- ---- --------- ---------------- Manifest 1.2.5 Microsoft.PowerShell.Archive Desk {Compress-Archive, Expand-Archive} Manifest 7.0.0.0 Microsoft.PowerShell.Host Core {Start-Transcript, Stop-Transcript} Manifest 7.0.0.0 Microsoft.PowerShell.Management Core {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path…} Manifest 7.0.0.0 Microsoft.PowerShell.Security Core {Get-Credential, Get-ExecutionPolicy, Set-ExecutionPolicy, ConvertFrom-SecureString…} Manifest 7.0.0.0 Microsoft.PowerShell.Utility Core {Export-Alias, Get-Alias, Import-Alias, New-Alias…} Script 1.4.7 PackageManagement Desk {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource…} Script 2.2.5 PowerShellGet Desk {Find-Command, Find-DSCResource, Find-Module, Find-RoleCapability…} Script 2.0.5 PSDesiredStateConfiguration Core {Configuration, New-DscChecksum, Get-DscResource, Invoke-DscResource} Script 2.1.0 PSReadLine Desk {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler, Get-PSReadLineOption…} Binary 2.0.3 ThreadJob Desk Start-ThreadJob ``` ## Debug output ``` DEBUG: 2:04:05 PM - SetAzureStorageAccountCommand begin processing with ParameterSet 'KeyvaultEncryption'. DEBUG: 2:04:05 PM - using account id 'xxxxxxxxxxx'... DEBUG: [Common.Authentication]: Authenticating using Account: 'MSI@50342', environment: 'AzureCloud', tenant: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' DEBUG: [HttpClientOperations]: Adding Header 'Metadata' DEBUG: [Common.Authentication]: Received token with LoginType 'ManagedService', Tenant: 'xxxxxxxxxxxxxxxxxxxxxxxxx', UserId: 'xxxxxxxxxx' DEBUG: Checking Cache request http://localhost:50342/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 DEBUG: Cache Hit DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: PATCH Absolute Uri: https://management.azure.com/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest?api-version=2021-01-01 Headers: x-ms-client-request-id : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Accept-Language : en-US Body: { "properties": { "encryption": { "keySource": "Microsoft.Keyvault", "keyvaultproperties": { "keyname": "key1", "keyvaulturi": "https://xxxxxxxtest5.vault.azure.net/" } } } } DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache x-ms-request-id : xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Strict-Transport-Security : max-age=31536000; includeSubDomains Server : Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 x-ms-ratelimit-remaining-subscription-writes: 1199 x-ms-correlation-request-id : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x-ms-routing-request-id : EASTUS:20210416T140408Z:31d98a91-3a93-4b29-830f-cd28a9ae7c20 X-Content-Type-Options : nosniff Date : Fri, 16 Apr 2021 14:04:07 GMT Body: { "identity": { "principalId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "tenantId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "type": "SystemAssigned" }, "sku": { "name": "Standard_LRS", "tier": "Standard" }, "kind": "StorageV2", "id": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest", "name": "xxxxxxxtest", "type": "Microsoft.Storage/storageAccounts", "location": "eastus", "tags": {}, "properties": { "privateEndpointConnections": [], "minimumTlsVersion": "TLS1_2", "allowBlobPublicAccess": true, "allowSharedKeyAccess": true, "networkAcls": { "bypass": "AzureServices", "virtualNetworkRules": [], "ipRules": [], "defaultAction": "Allow" }, "supportsHttpsTrafficOnly": true, "encryption": { "keyvaultproperties": { "currentVersionedKeyIdentifier": "https://xxxxxxxtest5.vault.azure.net/keys/key1/xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "lastKeyRotationTimestamp": "2021-04-16T14:04:07.095877Z", "currentVersionedKeyExpirationTimestamp": "1970-01-01T00:00:00Z", "keyvaulturi": "https://xxxxxxxtest5.vault.azure.net/", "keyname": "key1", "keyversion": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "services": { "file": { "keyType": "Account", "enabled": true, "lastEnabledTime": "2021-04-13T15:26:51.8631125Z" }, "blob": { "keyType": "Account", "enabled": true, "lastEnabledTime": "2021-04-13T15:26:51.8631125Z" } }, "keySource": "Microsoft.Keyvault" }, "accessTier": "Hot", "provisioningState": "Succeeded", "creationTime": "2021-04-13T15:26:51.7381468Z", "primaryEndpoints": { "dfs": "https://xxxxxxxtest.dfs.core.windows.net/", "web": "https://xxxxxxxtest.z13.web.core.windows.net/", "blob": "https://xxxxxxxtest.blob.core.windows.net/", "queue": "https://xxxxxxxtest.queue.core.windows.net/", "table": "https://xxxxxxxtest.table.core.windows.net/", "file": "https://xxxxxxxtest.file.core.windows.net/" }, "primaryLocation": "eastus", "statusOfPrimary": "available" } } DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: GET Absolute Uri: https://management.azure.com/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest?api-version=2021-01-01 Headers: x-ms-client-request-id : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Accept-Language : en-US Body: DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Cache-Control : no-cache Pragma : no-cache x-ms-request-id : xxxxxxxxxxxxxxxxxxxxxxxxxxx Strict-Transport-Security : max-age=31536000; includeSubDomains Server : Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 x-ms-ratelimit-remaining-subscription-reads: 11997 x-ms-correlation-request-id : xxxxxxxxxxxxxxxxxxxxxxxxxxx x-ms-routing-request-id : EASTUS:20210416T140408Z:df32b4a4-cc0f-44f3-aa18-90d87556d8f9 X-Content-Type-Options : nosniff Date : Fri, 16 Apr 2021 14:04:07 GMT Body: { "identity": { "principalId": "xxxxxxxxxxxxxxxxxxxxxxxxxxx", "tenantId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "type": "SystemAssigned" }, "sku": { "name": "Standard_LRS", "tier": "Standard" }, "kind": "StorageV2", "id": "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxx-mgmt/providers/Microsoft.Storage/storageAccounts/xxxxxxxtest", "name": "xxxxxxxtest", "type": "Microsoft.Storage/storageAccounts", "location": "eastus", "tags": {}, "properties": { "privateEndpointConnections": [], "minimumTlsVersion": "TLS1_2", "allowBlobPublicAccess": true, "allowSharedKeyAccess": true, "networkAcls": { "bypass": "AzureServices", "virtualNetworkRules": [], "ipRules": [], "defaultAction": "Allow" }, "supportsHttpsTrafficOnly": true, "encryption": { "keyvaultproperties": { "currentVersionedKeyIdentifier": "https://xxxxxxxtest5.vault.azure.net/keys/key1/xxxxxxxxxxxxxxxxxxx", "lastKeyRotationTimestamp": "2021-04-16T14:04:07.095877Z", "currentVersionedKeyExpirationTimestamp": "1970-01-01T00:00:00Z", "keyvaulturi": "https://xxxxxxxtest5.vault.azure.net/", "keyname": "key1", "keyversion": "xxxxxxxxxxxxxxxxxxxxxxxx" }, "services": { "file": { "keyType": "Account", "enabled": true, "lastEnabledTime": "2021-04-13T15:26:51.8631125Z" }, "blob": { "keyType": "Account", "enabled": true, "lastEnabledTime": "2021-04-13T15:26:51.8631125Z" } }, "keySource": "Microsoft.Keyvault" }, "accessTier": "Hot", "provisioningState": "Succeeded", "creationTime": "2021-04-13T15:26:51.7381468Z", "primaryEndpoints": { "dfs": "https://xxxxxxxtest.dfs.core.windows.net/", "web": "https://xxxxxxxtest.z13.web.core.windows.net/", "blob": "https://xxxxxxxtest.blob.core.windows.net/", "queue": "https://xxxxxxxtest.queue.core.windows.net/", "table": "https://xxxxxxxtest.table.core.windows.net/", "file": "https://xxxxxxxtest.file.core.windows.net/" }, "primaryLocation": "eastus", "statusOfPrimary": "available" } } DEBUG: AzureQoSEvent: CommandName - Set-AzStorageAccount; IsSuccess - True; Duration - 00:00:02.4612750 DEBUG: Finish sending metric. DEBUG: 2:04:08 PM - SetAzureStorageAccountCommand end processing. StorageAccountName ResourceGroupName PrimaryLocation SkuName Kind AccessTier CreationTime ProvisioningState EnableHttpsTrafficOnly LargeFileShares ------------------ ----------------- --------------- ------- ---- ---------- ------------ ----------------- ---------------------- --------------- xxxxxxxtest xxxxxxx-mgmt eastus Standard_LRS StorageV2 Hot 4/13/2021 3:26:51 PM Succeeded True ``` ## Error output ``` DEBUG: 2:11:13 PM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'. DEBUG: 2:11:13 PM - using account id 'xxxxxxx'... WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' : The `Resolve-Error` alias will be removed in a future release. Please change any scripts that use this alias to use `Resolve-AzError` instead. Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell. HistoryId: 9 Message : Cannot validate argument on parameter 'KeyName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. StackTrace : at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags) in /PowerShell/src/System.Management.Automation/engine/ParameterBinderBase.cs:line 529 at System.Management.Automation.CmdletParameterBinderController.BindParameter(CommandParameterInternal argument, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags) in /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 1354 at System.Management.Automation.CmdletParameterBinderController.BindParameter(UInt32 parameterSets, CommandParameterInternal argument, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags) in /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 1295 at System.Management.Automation.CmdletParameterBinderController.BindNamedParameter(UInt32 parameterSets, CommandParameterInternal argument, MergedCompiledCommandParameter parameter) in /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 1099 at System.Management.Automation.ParameterBinderController.BindNamedParameters(UInt32 parameterSets, Collection`1 arguments) in /PowerShell/src/System.Management.Automation/engine/ParameterBinderController.cs:line 645 at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParametersNoValidation(Collection`1 arguments) in /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 229 at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParameters(Collection`1 arguments) in /PowerShell/src/System.Management.Automation/engine/CmdletParameterBinderController.cs:line 108 at System.Management.Automation.CommandProcessor.BindCommandLineParameters() in /PowerShell/src/System.Management.Automation/engine/CommandProcessor.cs:line 178 at System.Management.Automation.CommandProcessor.Prepare(IDictionary psDefaultParameterValues) in /PowerShell/src/System.Management.Automation/engine/CommandProcessor.cs:line 238 at System.Management.Automation.CommandProcessorBase.DoPrepare(IDictionary psDefaultParameterValues) in /PowerShell/src/System.Management.Automation/engine/CommandProcessorBase.cs:line 442 at System.Management.Automation.Internal.PipelineProcessor.Start(Boolean incomingStream) in /PowerShell/src/System.Management.Automation/engine/pipeline.cs:line 1051 at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input) in /PowerShell/src/System.Management.Automation/engine/pipeline.cs:line 499 --- End of stack trace from previous location --- at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input) in /PowerShell/src/System.Management.Automation/engine/pipeline.cs:line 585 at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext) in /PowerShell/src/System.Management.Automation/engine/runtime/Operations/MiscOps.cs:line 498 at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame) in /PowerShell/src/System.Management.Automation/engine/interpreter/CallInstruction.Generated.cs:line 608 at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) in /PowerShell/src/System.Management.Automation/engine/interpreter/ControlFlowInstructions.cs:line 358 Exception : System.Management.Automation.ParameterBindingValidationException InvocationInfo : {Set-AzStorageAccount} Line : Set-AzStorageAccount -ResourceGroupName $storageAccount.ResourceGroupName -AccountName $storageAccount.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVaultUri $keyVault.VaultUri Position : At line:1 char:152 + … unt.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVau … + ~~~~~~~~~ HistoryId : 9 Message : The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. StackTrace : at System.Management.Automation.ValidateNotNullOrEmptyAttribute.Validate(Object arguments, EngineIntrinsics engineIntrinsics) in /PowerShell/src/System.Management.Automation/engine/Attributes.cs:line 2031 at System.Management.Automation.ValidateArgumentsAttribute.InternalValidate(Object o, EngineIntrinsics engineIntrinsics) in /PowerShell/src/System.Management.Automation/engine/Attributes.cs:line 129 at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags) in /PowerShell/src/System.Management.Automation/engine/ParameterBinderBase.cs:line 509 Exception : System.Management.Automation.ValidationMetadataException InvocationInfo : {Set-AzStorageAccount} Line : Set-AzStorageAccount -ResourceGroupName $storageAccount.ResourceGroupName -AccountName $storageAccount.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVaultUri $keyVault.VaultUri Position : At line:1 char:152 + … unt.StorageAccountName -KeyvaultEncryption -KeyName $key.Name -KeyVau … + ~~~~~~~~~ HistoryId : 9 HistoryId: 8 Message : Operation returned an invalid status code 'Forbidden' StackTrace : at Microsoft.Azure.KeyVault.KeyVaultClient.GetKeyWithHttpMessagesAsync(String vaultBaseUrl, String keyName, String keyVersion, Dictionary`2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetKeyAsync(IKeyVaultClient operations, String vaultBaseUrl, String keyName, String keyVersion, CancellationToken cancellationToken) at Microsoft.Azure.Commands.KeyVault.Models.KeyVaultDataServiceClient.GetKey(String vaultName, String keyName, String keyVersion) at Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultKey.GetKeyVaultKey() at Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultKey.ExecuteCmdlet() at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.b__3_0(T c) at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor) at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet) at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord() Exception : Microsoft.Azure.KeyVault.Models.KeyVaultErrorException InvocationInfo : {Get-AzKeyVaultKey} Line : $key = Get-AzKeyVaultKey -VaultName $keyVault.VaultName -Name "key1" Position : At line:1 char:8 + $key = Get-AzKeyVaultKey -VaultName $keyVault.VaultName -Name "key1" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HistoryId : 8 The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR. DEBUG: AzureQoSEvent: CommandName - Resolve-AzError; IsSuccess - True; Duration - 00:00:00.0255496 DEBUG: Finish sending metric. DEBUG: 2:11:13 PM - ResolveError end processing. ```

Author:	marcosrivera-ms
Assignees:	-
Labels:	`Service Attention`, `Storage`, `customer-reported`, `needs-triage`, `question`
Milestone:	-

[blueww]

@marcosrivera-ms Would you please share why you think "Using Set-AzStorageAccount to change storage account to auto update enabled is not working when URI key is set."? What's the unexpected behavior?

From the debug log you share, it seems the cmdlet runs successfully. From the error log, it looks not related with the debug log, should be some old error like $key.Name has no value. As you have success debug log, this error should already be resolved.

[marcosrivera-ms]

@blueww Basically when the URI is set for the storage account, Cx wants to use Set-AzStorageAccount based on the mentioned link to use auto rotation for keys. When using this command, it shows succeeded but does not change it. If I set it to Microsoft Managed Keys 1st then re-run the command it also shows succeeded but it also correctly changes it to auto rotated keys. The expected behavior should be when using URI in Custom Managed keys and using this command to change to auto rotated, that it would change to auto rotated or throw a failure.

[blueww]

@marcosrivera-ms Thanks for clarify this! I am clear on it now: The issue it: When the account already has keyvaultUri+KeyName+Keyversion, update account with only keyvaultUri+KeyName won't clean up the keyversion.

This is server behavior, I will check with the server team to see is there any way to remove the keyversion directly. (Without set the account to Microsoft-managed keys, then set back to keyvault.) And update you later.

Btw, I think you are not blocked now as you can set the account to Microsoft-managed keys, then set back to keyvault.

[blueww]

@marcosrivera-ms Have raised PR https://github.com/Azure/azure-powershell/pull/14806 to fix this issue. User can set keyversion to "" to enabled key auto rotation, after the fix is released.

Set-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -KeyvaultEncryption -KeyName $key.Name -KeyVersion "" -KeyVaultUri $keyVault.VaultUri

[marcosrivera-ms]

@blueww Really Appreciate the help. Do you know how long on avg it would take for the fix to be released?

[blueww]

@marcosrivera-ms The next Powershell release target 5/4.

[blueww]

@marcosrivera-ms The fix is released in: Github: https://github.com/Azure/azure-powershell/releases/tag/v5.9.0-May2021 Gallery Module for Azure PowerShell : https://www.powershellgallery.com/packages/Az/5.9.0

I will close the issue. Feel free to contact us again if you need any further assistance on Azure Powershell.