Azure · iliu816 · Aug 8, 2025 · Aug 8, 2025 · Aug 8, 2025 · Aug 8, 2025
diff --git a/...bric.Test.ScenarioTests.ServiceFabricManagedClustersTests/TestCreateCaTlsCertCluster.json b/...bric.Test.ScenarioTests.ServiceFabricManagedClustersTests/TestCreateCaTlsCertCluster.json
diff --git a/src/ServiceFabric/ServiceFabric/ChangeLog.md b/src/ServiceFabric/ServiceFabric/ChangeLog.md
@@ -19,6 +19,7 @@
 -->
 ## Upcoming Release
 * Fixed `Set-AzServiceFabricManagedClusterApplication` to correctly overwrite existing application upgrade policy when `-RecreateApplication` parameter is specified and no other upgrade policy parameters are bound.
+* Added parameter `AutoGeneratedDomainNameLabelScope` to allow customers to initiate migration to public CA cluster certificates in cmdlet `New-AzServiceFabricManagedCluster` and `Set-AzServiceFabricManagedCluster`.
 
 ## Version 3.6.0
 * Added parameter `Location` to allow users to specify a different node type location than the resource group location in cmdlet `Add-AzServiceFabricNodeType`.

diff --git a/...erviceFabric/Commands/ManagedClusters/ManagedClusters/NewAzServiceFabricManagedCluster.cs b/...erviceFabric/Commands/ManagedClusters/ManagedClusters/NewAzServiceFabricManagedCluster.cs
@@ -140,6 +140,10 @@ public class NewAzServiceFabricManagedCluster : ServiceFabricManagedCmdletBase
         [Parameter(Mandatory = false, ParameterSetName = ClientCertByCn, HelpMessage = "Indicates if the cluster has zone resiliency.")]
         public SwitchParameter ZonalResiliency { get; set; }
 
+        [Parameter(Mandatory = false, ParameterSetName = ClientCertByTp, HelpMessage = "This property is the entry point to using a public CA cert for your cluster cert. It specifies the level of reuse allowed for the custom FQDN created, matching the subject of the public CA cert.")]
+        [Parameter(Mandatory = false, ParameterSetName = ClientCertByCn, HelpMessage = "This property is the entry point to using a public CA cert for your cluster cert. It specifies the level of reuse allowed for the custom FQDN created, matching the subject of the public CA cert.")]
+        public string AutoGeneratedDomainNameLabelScope { get; set; }
+
         [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background and return a Job to track progress.")]
         public SwitchParameter AsJob { get; set; }
 
@@ -236,6 +240,7 @@ private ManagedCluster GetNewManagedClusterParameters()
                 clusterUpgradeMode: this.UpgradeMode.ToString(),
                 clusterUpgradeCadence: this.UpgradeCadence.ToString(),
                 zonalResiliency: this.ZonalResiliency.IsPresent,
+                autoGeneratedDomainNameLabelScope: this.AutoGeneratedDomainNameLabelScope,
                 tags: this.Tag?.Cast<DictionaryEntry>().ToDictionary(d => d.Key as string, d => d.Value as string)
             );
 

diff --git a/...erviceFabric/Commands/ManagedClusters/ManagedClusters/SetAzServiceFabricManagedCluster.cs b/...erviceFabric/Commands/ManagedClusters/ManagedClusters/SetAzServiceFabricManagedCluster.cs
@@ -82,10 +82,13 @@ public class SetAzServiceFabricManagedCluster : ServiceFabricManagedCmdletBase
         [Parameter(Mandatory = false, ParameterSetName = WithParamsById, HelpMessage = "Cluster's dns name.")]
         public string DnsName { get; set; }
 
+        [Parameter(Mandatory = false, ParameterSetName = WithParamsByName, HelpMessage = "This property is the entry point to using a public CA cert for your cluster cert. It specifies the level of reuse allowed for the custom FQDN created, matching the subject of the public CA cert.")]
+        [Parameter(Mandatory = false, ParameterSetName = WithParamsById, HelpMessage = "This property is the entry point to using a public CA cert for your cluster cert. It specifies the level of reuse allowed for the custom FQDN created, matching the subject of the public CA cert.")]
+        public string AutoGeneratedDomainNameLabelScope { get; set; }
+
         [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background and return a Job to track progress.")]
         public SwitchParameter AsJob { get; set; }
-
-
+
         [Parameter(Mandatory = false, ParameterSetName = WithParamsByName, HelpMessage = "Specify the tags as key/value pairs.")]
         [Parameter(Mandatory = false, ParameterSetName = WithParamsById, HelpMessage = "Specify the tags as key/value pairs.")]
         public Hashtable Tag { get; set; }
@@ -158,6 +161,11 @@ private ManagedCluster GetUpdatedClusterParams()
                 currentCluster.PublicIPPrefixId = null;
             }
 
+            if (this.IsParameterBound(c => c.AutoGeneratedDomainNameLabelScope))
+            {
+                currentCluster.AutoGeneratedDomainNameLabelScope = this.AutoGeneratedDomainNameLabelScope;
+            }
+
             return currentCluster;
         }
 

diff --git a/src/ServiceFabric/ServiceFabric/Models/ManagedClusters/PSManagedCluster.cs b/src/ServiceFabric/ServiceFabric/Models/ManagedClusters/PSManagedCluster.cs
@@ -19,38 +19,56 @@ namespace Microsoft.Azure.Commands.ServiceFabric.Models
     public class PSManagedCluster : ManagedCluster
     {
         public PSManagedCluster(ManagedCluster cluster)
-            : base(location: cluster.Location,
-                   id: cluster.Id,
-                   name: cluster.Name,
-                   type: cluster.Type,
-                   tags: cluster.Tags,
-                   etag: cluster.Etag,
-                   clusterId: cluster.ClusterId,
-                   addonFeatures: cluster.AddonFeatures,
-                   clusterUpgradeCadence: cluster.ClusterUpgradeCadence,
-                   clusterUpgradeMode: cluster.ClusterUpgradeMode,
-                   clusterCodeVersion: cluster.ClusterCodeVersion,
-                   provisioningState: cluster.ProvisioningState,
-                   fabricSettings: cluster.FabricSettings,
-                   azureActiveDirectory: cluster.AzureActiveDirectory,
-                   clients: cluster.Clients,
-                   networkSecurityRules: cluster.NetworkSecurityRules,
-                   loadBalancingRules: cluster.LoadBalancingRules,
-                   adminPassword: cluster.AdminPassword,
-                   adminUserName: cluster.AdminUserName,
-                   httpGatewayConnectionPort: cluster.HttpGatewayConnectionPort,
-                   clientConnectionPort: cluster.ClientConnectionPort,
-                   clusterCertificateThumbprints: cluster.ClusterCertificateThumbprints,
-                   clusterState: cluster.ClusterState,
-                   ipv4Address: cluster.Ipv4Address,
-                   fqdn: cluster.Fqdn,
-                   dnsName: cluster.DnsName,
-                   applicationTypeVersionsCleanupPolicy: cluster.ApplicationTypeVersionsCleanupPolicy,
-                   sku: cluster.Sku,
-                   zonalResiliency: cluster.ZonalResiliency,
-                   allowRdpAccess: cluster.AllowRdpAccess,
-                   enableAutoOSUpgrade: cluster.EnableAutoOSUpgrade,
-                   publicIPPrefixId: cluster.PublicIPPrefixId)
+            : base(
+            addonFeatures: cluster.AddonFeatures,
+            adminPassword: cluster.AdminPassword,
+            adminUserName: cluster.AdminUserName,
+            allocatedOutboundPorts: cluster.AllocatedOutboundPorts,
+            allowRdpAccess: cluster.AllowRdpAccess,
+            applicationTypeVersionsCleanupPolicy: cluster.ApplicationTypeVersionsCleanupPolicy,
+            autoGeneratedDomainNameLabelScope: cluster.AutoGeneratedDomainNameLabelScope,
+            auxiliarySubnets: cluster.AuxiliarySubnets,
+            azureActiveDirectory: cluster.AzureActiveDirectory,
+            clientConnectionPort: cluster.ClientConnectionPort,
+            clients: cluster.Clients,
+            clusterCertificateThumbprints: cluster.ClusterCertificateThumbprints,
+            clusterCodeVersion: cluster.ClusterCodeVersion,
+            clusterId: cluster.ClusterId,
+            clusterState: cluster.ClusterState,
+            clusterUpgradeCadence: cluster.ClusterUpgradeCadence,
+            clusterUpgradeMode: cluster.ClusterUpgradeMode,
+            ddosProtectionPlanId: cluster.DdosProtectionPlanId,
+            dnsName: cluster.DnsName,
+            enableAutoOSUpgrade: cluster.EnableAutoOSUpgrade,
+            enableHttpGatewayExclusiveAuthMode: cluster.EnableHttpGatewayExclusiveAuthMode,
+            enableIpv6: cluster.EnableIpv6,
+            enableServicePublicIP: cluster.EnableServicePublicIP,
+            etag: cluster.Etag,
+            fabricSettings: cluster.FabricSettings,
+            fqdn: cluster.Fqdn,
+            httpGatewayConnectionPort: cluster.HttpGatewayConnectionPort,
+            httpGatewayTokenAuthConnectionPort: cluster.httpGatewayTokenAuthConnectionPort,
+            id: cluster.Id,
+            ipTags: cluster.IPTags,
+            ipv4Address: cluster.Ipv4Address,
+            ipv6Address: cluster.Ipv6Address,
+            loadBalancingRules: cluster.LoadBalancingRules,
+            location: cluster.Location,
+            name: cluster.Name,
+            networkSecurityRules: cluster.NetworkSecurityRules,
+            provisioningState: cluster.ProvisioningState,
+            publicIPPrefixId: cluster.PublicIPPrefixId,
+            publicIPv6PrefixId: cluster.PublicIPv6PrefixId,
+            serviceEndpoints: cluster.ServiceEndpoints,
+            sku: cluster.Sku,
+            subnetId: cluster.SubnetId,
+            tags: cluster.Tags,
+            type: cluster.Type,
+            upgradeDescription: cluster.UpgradeDescription,
+            useCustomVnet: cluster.UseCustomVnet,
+            vmImage: cluster.VMImage,
+            zonalResiliency: cluster.ZonalResiliency,
+            zonalUpdateMode: cluster.ZonalUpdateMode)
         {
         }
     }

diff --git a/src/ServiceFabric/ServiceFabric/Models/ManagedClusters/PSManagedNodeType.cs b/src/ServiceFabric/ServiceFabric/Models/ManagedClusters/PSManagedNodeType.cs
@@ -20,34 +20,35 @@ public class PSManagedNodeType : NodeType
     {
         public PSManagedNodeType(NodeType nodeType)
             : base(id: nodeType.Id,
-                   name: nodeType.Name,
-                   type: nodeType.Type,
-                   tags: nodeType.Tags,
-                   isPrimary: nodeType.IsPrimary,
-                   vmInstanceCount: nodeType.VMInstanceCount,
+                   applicationPorts: nodeType.ApplicationPorts,
+                   capacities: nodeType.Capacities,
+                   enableNodePublicIP: nodeType.EnableNodePublicIP,
+                   ephemeralPorts: nodeType.EphemeralPorts,
                    dataDiskSizeGb: nodeType.DataDiskSizeGb,
                    dataDiskType: nodeType.DataDiskType,
-                   provisioningState: nodeType.ProvisioningState,
+                   dataDiskLetter: nodeType.DataDiskLetter,
+                   isPrimary: nodeType.IsPrimary,
+                   isStateless: nodeType.IsStateless,
+                   multiplePlacementGroups: nodeType.MultiplePlacementGroups,
+                   name: nodeType.Name,
+                   natGatewayId: nodeType.NatGatewayId,
                    placementProperties: nodeType.PlacementProperties,
-                   capacities: nodeType.Capacities,
-                   applicationPorts: nodeType.ApplicationPorts,
-                   ephemeralPorts: nodeType.EphemeralPorts,
-                   vmSize: nodeType.VMSize,
-                   vmImagePublisher: nodeType.VMImagePublisher,
+                   provisioningState: nodeType.ProvisioningState,
+                   securityType: nodeType.SecurityType,
+                   secureBootEnabled: nodeType.SecureBootEnabled,
+                   tags: nodeType.Tags,
+                   type: nodeType.Type,
+                   vmExtensions: nodeType.VMExtensions,
                    vmImageOffer: nodeType.VMImageOffer,
+                   vmImagePlan: nodeType.VMImagePlan,
+                   vmImagePublisher: nodeType.VMImagePublisher,
                    vmImageSku: nodeType.VMImageSku,
                    vmImageVersion: nodeType.VMImageVersion,
-                   vmSecrets: nodeType.VMSecrets,
-                   vmExtensions: nodeType.VMExtensions,
+                   vmInstanceCount: nodeType.VMInstanceCount,
                    vmManagedIdentity: nodeType.VMManagedIdentity,
-                   isStateless: nodeType.IsStateless,
-                   multiplePlacementGroups: nodeType.MultiplePlacementGroups,
+                   vmSecrets: nodeType.VMSecrets,
                    vmSharedGalleryImageId: nodeType.VMSharedGalleryImageId,
-                   securityType: nodeType.SecurityType,
-                   secureBootEnabled: nodeType.SecureBootEnabled,
-                   enableNodePublicIP: nodeType.EnableNodePublicIP,
-                   natGatewayId: nodeType.NatGatewayId,
-                   vmImagePlan: nodeType.VMImagePlan)
+                   vmSize: nodeType.VMSize)
         {
         }
     }

diff --git a/src/ServiceFabric/ServiceFabric/help/New-AzServiceFabricManagedCluster.md b/src/ServiceFabric/ServiceFabric/help/New-AzServiceFabricManagedCluster.md
@@ -18,7 +18,8 @@ New-AzServiceFabricManagedCluster [-ResourceGroupName] <String> [-Name] <String>
  [-UpgradeMode <ClusterUpgradeMode>] [-CodeVersion <String>] [-UpgradeCadence <PSClusterUpgradeCadence>]
  [-ClientCertIsAdmin] -ClientCertThumbprint <String> -AdminPassword <SecureString> [-AdminUserName <String>]
  [-HttpGatewayConnectionPort <Int32>] [-ClientConnectionPort <Int32>] [-DnsName <String>]
- [-Sku <ManagedClusterSku>] [-UseTestExtension] [-ZonalResiliency] [-AsJob] [-Tag <Hashtable>]
+ [-Sku <ManagedClusterSku>] [-UseTestExtension] [-ZonalResiliency]
+ [-AutoGeneratedDomainNameLabelScope <String>] [-AsJob] [-Tag <Hashtable>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -29,8 +30,7 @@ New-AzServiceFabricManagedCluster [-ResourceGroupName] <String> [-Name] <String>
  [-ClientCertIsAdmin] -ClientCertCommonName <String> [-ClientCertIssuerThumbprint <String[]>]
  -AdminPassword <SecureString> [-AdminUserName <String>] [-HttpGatewayConnectionPort <Int32>]
  [-ClientConnectionPort <Int32>] [-DnsName <String>] [-Sku <ManagedClusterSku>] [-UseTestExtension]
- [-ZonalResiliency] [-AsJob] [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ [-ZonalResiliency] [-AutoGeneratedDomainNameLabelScope <String>] [-AsJob] [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -128,6 +128,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AutoGeneratedDomainNameLabelScope
+This property is the entry point to using a public CA cert for your cluster cert. It specifies the level of reuse allowed for the custom FQDN created, matching the subject of the public CA cert.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ClientCertCommonName
 Client certificate common name.
 

diff --git a/src/ServiceFabric/ServiceFabric/help/Set-AzServiceFabricManagedCluster.md b/src/ServiceFabric/ServiceFabric/help/Set-AzServiceFabricManagedCluster.md
@@ -22,16 +22,18 @@ Set-AzServiceFabricManagedCluster [-InputObject] <PSManagedCluster> [-AsJob]
 ```
 Set-AzServiceFabricManagedCluster [-ResourceGroupName] <String> [-Name] <String>
  [-UpgradeMode <ClusterUpgradeMode>] [-CodeVersion <String>] [-HttpGatewayConnectionPort <Int32>]
- [-ClientConnectionPort <Int32>] [-DnsName <String>] [-AsJob] [-Tag <Hashtable>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-ClientConnectionPort <Int32>] [-DnsName <String>] [-AutoGeneratedDomainNameLabelScope <String>] [-AsJob]
+ [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### ByNameById
 ```
 Set-AzServiceFabricManagedCluster [-ResourceId] <String> [-UpgradeMode <ClusterUpgradeMode>]
  [-CodeVersion <String>] [-HttpGatewayConnectionPort <Int32>] [-ClientConnectionPort <Int32>]
- [-DnsName <String>] [-AsJob] [-Tag <Hashtable>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
- [-Confirm] [<CommonParameters>]
+ [-DnsName <String>] [-AutoGeneratedDomainNameLabelScope <String>] [-AsJob] [-Tag <Hashtable>]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -79,6 +81,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AutoGeneratedDomainNameLabelScope
+This property is the entry point to using a public CA cert for your cluster cert. It specifies the level of reuse allowed for the custom FQDN created, matching the subject of the public CA cert.
+
+```yaml
+Type: System.String
+Parameter Sets: WithParamsByName, ByNameById
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ClientConnectionPort
 Port used for client connections to the cluster. Default: 19000.