You then use the output of this command with Set-Azure Rm Key Vault Access Policy to grant permissions to group2 for your key vault, named myownvault.
This example enumerates the groups named 'group2' inline in the same command line.
Id -Permissions To Keys All -Permissions To Secrets All Display Name Type Object Id ----------- ---- -------- group1 96a0daa6-9841-4a9c-bdeb-e7062276c688 group2 b8a401eb-63ad-4a30-b0e1-a7461969fe54 group3 da07a6be-2c1e-4e42-934d-ceb57cf652b4 The first command uses the Get-Azure Rm ADGroup cmdlet to get all Active Directory groups.
From the output, you see 3 groups returned, named group1, group2, and group3.
Specify the application ID, also known as client ID, registered for the application in Azure Active Directory.
The application with the service principal name that this parameter specifies must be registered in the Azure directory that contains your current subscription.
Multiple groups can have the same name but always have a unique Object Id.
When more than one group that has the same name is returned, use the Object Id in the output to identify the one you want to use.
If you are setting permissions for a security group, this operation affects only users in that security group.
Example 5: Enable secrets to be retrieved from a key vault vault by the Microsoft.
Compute resource providerkey vault Set-Azure Rm Key Vault Access Policy -Vault Name 'myownvault' -Object Id (Get-Azure Rm ADGroup -Search String 'group2').
The second command modifies the permissions that were granted to Patti [email protected] the first command, to now allow getting secrets in addition to setting and deleting them.
The permissions to key operations remain unchanged after this command.