Merge pull request #3596 from chelnak/patch-1

markcowl · web-flow · commit 54732ec05182 · 2017-03-10T18:03:32.000-08:00
Update Set-AzureRmVMDiskEncryptionExtension.md
diff --git a/src/ResourceManager/Compute/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md b/src/ResourceManager/Compute/Commands.Compute/help/Set-AzureRmVMDiskEncryptionExtension.md
@@ -41,129 +41,141 @@ It is advised that you save your work on the virtual machine before you run this
 
 ### Example 1: Enable encryption using Azure AD Client ID and Client Secret
 ```
-PS C:\>$RGName = "MyResourceGroup";
-PS C:\> $VMName = "MyTestVM";
-PS C:\> $AADClientID = "<clientID of your Azure AD app>";
-PS C:\> $AADClientSecret = "<clientSecret of your Azure AD app>";
-PS C:\> $VaultName= "MyKeyVault";
-PS C:\> $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName;
-PS C:\> $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
-PS C:\> $KeyVaultResourceId = $KeyVault.ResourceId;
-PS C:\> Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -AadClientID $AADClientID -AadClientSecret $AADClientSecret -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId ;
+$RGName = "MyResourceGroup"
+$VMName = "MyTestVM"
+$AADClientID = "<clientID of your Azure AD app>"
+$AADClientSecret = "<clientSecret of your Azure AD app>"
+$VaultName= "MyKeyVault"
+$KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName
+$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
+$KeyVaultResourceId = $KeyVault.ResourceId
+Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -AadClientID $AADClientID -AadClientSecret $AADClientSecret -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId
 ```
 
 This example enables encryption using Azure AD client ID, and client secret.
 
 ### Example 2: Enable encryption using Azure AD client ID and client certification thumbprint
 ```
-PS C:\>$RGName = "MyResourceGroup";
-PS C:\> $VMName = "MyTestVM";
+$RGName = "MyResourceGroup"
+$VMName = "MyTestVM"
 #The KeyVault must have enabledForDiskEncryption property set on it
-PS C:\> $VaultName= "MyKeyVault";
-PS C:\> $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName;
-PS C:\> $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
-PS C:\> $KeyVaultResourceId = $KeyVault.ResourceId;
+$VaultName= "MyKeyVault"
+$KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName
+$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
+$KeyVaultResourceId = $KeyVault.ResourceId
 
 # create Azure AD application and associate the certificate
-PS C:\> $CertPath = "C:\certificates\examplecert.pfx";
-PS C:\> $CertPassword = "Password";
-PS C:\> $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword);
-PS C:\> $KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData());
-PS C:\> $AzureAdApplication = New-AzureRmADApplication -DisplayName "<Your Application Display Name>" -HomePage "<https://YourApplicationHomePage>" -IdentifierUris "<https://YouApplicationUri>" -KeyValue $KeyValue -KeyType AsymmetricX509Cert ;
-PS C:\> $ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId;
+$CertPath = "C:\certificates\examplecert.pfx"
+$CertPassword = "Password"
+$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword)
+$KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
+$AzureAdApplication = New-AzureRmADApplication -DisplayName "<Your Application Display Name>" -HomePage "<https://YourApplicationHomePage>" -IdentifierUris "<https://YouApplicationUri>" -KeyValue $KeyValue -KeyType AsymmetricX509Cert 
+$ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId
 
-PS C:\> $AADClientID = $AzureAdApplication.ApplicationId;
-PS C:\> $aadClientCertThumbprint= $cert.Thumbprint;
+$AADClientID = $AzureAdApplication.ApplicationId
+$aadClientCertThumbprint= $cert.Thumbprint
 
 #Upload pfx to KeyVault 
-PS C:\> $KeyVaultSecretName = "MyAADCert';
-PS C:\> $FileContentBytes = get-content $CertPath -Encoding Byte;
-PS C:\> $FileContentEncoded = [System.Convert]::ToBase64String($fileContentBytes);
-PS C:\> $JSONObject = @" { "data": "$filecontentencoded", "dataType" :"pfx", "password": "$CertPassword" } "@ ;
-PS C:\> $JSONObjectBytes = [System.Text.Encoding]::UTF8.GetBytes($jsonObject);
-PS C:\> $JSONEncoded = [System.Convert]::ToBase64String($jsonObjectBytes);
-
-PS C:\> $Secret = ConvertTo-SecureString -String $JSONEncoded -AsPlainText -Force;
-PS C:\> Set-AzureKeyVaultSecret -VaultName $VaultName -Name $KeyVaultSecretName -SecretValue $Secret;
-PS C:\> Set-AzureRmKeyVaultAccessPolicy -VaultName $VaultName -ResourceGroupName $RGName -EnabledForDeployment;
+$KeyVaultSecretName = "MyAADCert"
+$FileContentBytes = get-content $CertPath -Encoding Byte
+$FileContentEncoded = [System.Convert]::ToBase64String($fileContentBytes)
+$JSONObject = @"
+    { 
+        "data" : "$filecontentencoded", 
+        "dataType" : "pfx", 
+        "password" : "$CertPassword" 
+    } 
+"@
+$JSONObjectBytes = [System.Text.Encoding]::UTF8.GetBytes($jsonObject)
+$JSONEncoded = [System.Convert]::ToBase64String($jsonObjectBytes)
+
+$Secret = ConvertTo-SecureString -String $JSONEncoded -AsPlainText -Force
+Set-AzureKeyVaultSecret -VaultName $VaultName -Name $KeyVaultSecretName -SecretValue $Secret
+Set-AzureRmKeyVaultAccessPolicy -VaultName $VaultName -ResourceGroupName $RGName -EnabledForDeployment
 
 #deploy cert to VM
-PS C:\> $CertUrl = (Get-AzureKeyVaultSecret -VaultName $VaultName -Name $KeyVaultSecretName).Id
+$CertUrl = (Get-AzureKeyVaultSecret -VaultName $VaultName -Name $KeyVaultSecretName).Id
 $SourceVaultId = (Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName).ResourceId
-PS C:\> $VM = Get-AzureRmVM -ResourceGroupName $RGName -Name $VMName 
-PS C:\> $VM = Add-AzureRmVMSecret -VM $VM -SourceVaultId $SourceVaultId -CertificateStore "My" -CertificateUrl $CertUrl
-PS C:\> Update-AzureRmVM -VM $VM -ResourceGroupName $RGName 
+$VM = Get-AzureRmVM -ResourceGroupName $RGName -Name $VMName 
+$VM = Add-AzureRmVMSecret -VM $VM -SourceVaultId $SourceVaultId -CertificateStore "My" -CertificateUrl $CertUrl
+Update-AzureRmVM -VM $VM -ResourceGroupName $RGName 
 
 #Enable encryption on the virtual machine using Azure AD client ID and client cert thumbprint
-PS C:\> Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId ;
+Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId 
 ```
 
 This example enables encryption using Azure AD client ID and client certification thumbprints.
 
 ### Example 3: Enable encryption using Azure AD client ID, client secret, and wrap disk encryption key by using key encryption key
 ```
-PS C:\>$RGName = "MyResourceGroup";
-PS C:\> $VMName = "MyTestVM";
+$RGName = "MyResourceGroup"
+$VMName = "MyTestVM"
 
-PS C:\> $AADClientID = "<clientID of your Azure AD app>";
-PS C:\> $AADClientSecret = "<clientSecret of your Azure AD app>";
+$AADClientID = "<clientID of your Azure AD app>"
+$AADClientSecret = "<clientSecret of your Azure AD app>"
 
-PS C:\> $VaultName= "MyKeyVault";
-PS C:\> $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName;
-PS C:\> $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
-PS C:\> $KeyVaultResourceId = $KeyVault.ResourceId;
+$VaultName= "MyKeyVault"
+$KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName
+$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
+$KeyVaultResourceId = $KeyVault.ResourceId
 
-PS C:\> $KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software"
-PS C:\> $KeyEncryptionKeyUrl = $KEK.Key.kid;
+$KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software"
+$KeyEncryptionKeyUrl = $KEK.Key.kid
 
-PS C:\> Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -AadClientID $AADClientID -AadClientSecret $AADClientSecret -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -KeyEncryptionKeyUrl $KeyEncryptionKeyUrl -KeyEncryptionKeyVaultId $KeyVaultResourceId;
+Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -AadClientID $AADClientID -AadClientSecret $AADClientSecret -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -KeyEncryptionKeyUrl $KeyEncryptionKeyUrl -KeyEncryptionKeyVaultId $KeyVaultResourceId
 ```
 
 This example enables encryption using Azure AD client ID, client secret, and wrap disk encryption key by using the key encryption key.
 
 ### Example 4: Enable encryption using Azure AD client ID, client cert thumbprint, and wrap disk encryptionkey by using key encryption key
 ```
-PS C:\>$RGName = "MyResourceGroup";
-PS C:\> $VMName = "MyTestVM";
+$RGName = "MyResourceGroup"
+$VMName = "MyTestVM"
 #The KeyVault must have enabledForDiskEncryption property set on it
-PS C:\> $VaultName= "MyKeyVault";
-PS C:\> $KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName;
-PS C:\> $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
-PS C:\> $KeyVaultResourceId = $KeyVault.ResourceId;
-PS C:\> $KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software"
-PS C:\> $KeyEncryptionKeyUrl = $KEK.Key.kid;
-
-PS C:\> # create Azure AD application and associate the certificate
-PS C:\> $CertPath = "C:\certificates\examplecert.pfx";
-PS C:\> $CertPassword = "Password";
-PS C:\> $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword);
-PS C:\> $KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData());
-PS C:\> $AzureAdApplication = New-AzureRmADApplication -DisplayName "<Your Application Display Name>" -HomePage "<https://YourApplicationHomePage>" -IdentifierUris "<https://YouApplicationUri>" -KeyValue $KeyValue -KeyType AsymmetricX509Cert ;
-PS C:\> $ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId;
-
-PS C:\> $AADClientID = $AzureAdApplication.ApplicationId;
-PS C:\> $AADClientCertThumbprint= $Cert.Thumbprint;
+$VaultName= "MyKeyVault"
+$KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName
+$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
+$KeyVaultResourceId = $KeyVault.ResourceId
+$KEK = Add-AzureKeyVaultKey -VaultName $VaultName -Name $KEKName -Destination "Software"
+$KeyEncryptionKeyUrl = $KEK.Key.kid
+
+# create Azure AD application and associate the certificate
+$CertPath = "C:\certificates\examplecert.pfx"
+$CertPassword = "Password"
+$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath, $CertPassword)
+$KeyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
+$AzureAdApplication = New-AzureRmADApplication -DisplayName "<Your Application Display Name>" -HomePage "<https://YourApplicationHomePage>" -IdentifierUris "<https://YouApplicationUri>" -KeyValue $KeyValue -KeyType AsymmetricX509Cert 
+$ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $AzureAdApplication.ApplicationId
+
+$AADClientID = $AzureAdApplication.ApplicationId
+$AADClientCertThumbprint= $Cert.Thumbprint
 
 #Upload pfx to KeyVault 
-PS C:\> $KeyVaultSecretName = "MyAADCert";
-PS C:\> $FileContentBytes = get-content $CertPath -Encoding Byte;
-PS C:\> $FileContentEncoded = [System.Convert]::ToBase64String($FileContentBytes);
-$JSONObject = @" { "data": "$filecontentencoded", "dataType" :"pfx", "password": "$CertPassword" } "@ ;
-PS C:\> $JSONObjectBytes = 
-[System.Text.Encoding]::UTF8.GetBytes($JSONObject);$jsonEncoded = [System.Convert]::ToBase64String($JSONObjectBytes);
-PS C:\> $Secret = ConvertTo-SecureString -String $JSONEncoded -AsPlainText -Force;
-PS C:\> Set-AzureKeyVaultSecret -VaultName $VaultName-Name $KeyVaultSecretName -SecretValue $Secret;
-PS C:\> Set-AzureRmKeyVaultAccessPolicy -VaultName $VaultName -ResourceGroupName $RGName -EnabledForDeployment;
+$KeyVaultSecretName = "MyAADCert"
+$FileContentBytes = get-content $CertPath -Encoding Byte
+$FileContentEncoded = [System.Convert]::ToBase64String($FileContentBytes)
+$JSONObject = @"
+    { 
+        "data" : "$filecontentencoded", 
+        "dataType" : "pfx", 
+        "password" : "$CertPassword" 
+    } 
+"@
+$JSONObjectBytes = [System.Text.Encoding]::UTF8.GetBytes($JSONObject)
+$JsonEncoded = [System.Convert]::ToBase64String($JSONObjectBytes)
+$Secret = ConvertTo-SecureString -String $JSONEncoded -AsPlainText -Force
+Set-AzureKeyVaultSecret -VaultName $VaultName-Name $KeyVaultSecretName -SecretValue $Secret
+Set-AzureRmKeyVaultAccessPolicy -VaultName $VaultName -ResourceGroupName $RGName -EnabledForDeployment
 
 #deploy cert to VM
-PS C:\> $CertUrl = (Get-AzureKeyVaultSecret -VaultName $VaultName -Name $KeyVaultSecretName).Id
-PS C:\> $SourceVaultId = (Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName).ResourceId
-PS C:\> $VM = Get-AzureRmVM -ResourceGroupName $RGName -Name $VMName 
-PS C:\> $VM = Add-AzureRmVMSecret -VM $VM -SourceVaultId $SourceVaultId -CertificateStore "My" -CertificateUrl $CertUrl 
-PS C:\> Update-AzureRmVM -VM $VM -ResourceGroupName $RGName 
+$CertUrl = (Get-AzureKeyVaultSecret -VaultName $VaultName -Name $KeyVaultSecretName).Id
+$SourceVaultId = (Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName).ResourceId
+$VM = Get-AzureRmVM -ResourceGroupName $RGName -Name $VMName 
+$VM = Add-AzureRmVMSecret -VM $VM -SourceVaultId $SourceVaultId -CertificateStore "My" -CertificateUrl $CertUrl 
+Update-AzureRmVM -VM $VM -ResourceGroupName $RGName 
 
 #Enable encryption on the virtual machine using Azure AD client ID and client cert thumbprint
-PS C:\> Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGname -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId ;
+Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGname -VMName $VMName -AadClientID $AADClientID -AadClientCertThumbprint $AADClientCertThumbprint -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId 
 ```
 
 This example enables encryption using Azure AD client ID, client cert thumbprint, and wrap disk encryption key by using key encryption key.
