add PS commands for using account encryption key

tamram · tamram · commit 12b6cb3c8351 · 2020-02-05T15:13:09.000-08:00
diff --git a/articles/storage/common/account-encryption-key-create.md b/articles/storage/common/account-encryption-key-create.md
@@ -7,7 +7,7 @@ author: tamram
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 01/10/2020
+ms.date: 02/04/2020
 ms.author: tamram
 ms.reviewer: cbrooks
 ms.subservice: common
@@ -31,37 +31,57 @@ You can create a storage account that relies on the account encryption key for Q
 
 ### Register to use the account encryption key
 
-To register with Azure CLI, call the [az feature register](/cli/azure/feature#az-feature-register) command.
+To register to use the account encryption key with Queue or Table storage, use PowerShell or Azure CLI.
 
-To register to use the account encryption key with Queue storage:
+# [PowerShell](#tab/powershell)
 
-```azurecli
-az feature register --namespace Microsoft.Storage --name AllowAccountEncryptionKeyForQueues
+To register with PowerShell, call the [Get-AzProviderFeature](/powershell/module/az.resources/get-azproviderfeature) command.
+
+```powershell
+Register-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowAccountEncryptionKeyForQueues
+Register-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowAccountEncryptionKeyForTables
 ```
 
-To register to use the account encryption key with Table storage:
+# [Azure CLI](#tab/azure-cli)
+
+To register with Azure CLI, call the [az feature register](/cli/azure/feature#az-feature-register) command.
 
 ```azurecli
+az feature register --namespace Microsoft.Storage --name AllowAccountEncryptionKeyForQueues
 az feature register --namespace Microsoft.Storage --name AllowAccountEncryptionKeyForTables
 ```
 
+---
+
 ### Check the status of your registration
 
-To check the status of your registration for Queue storage:
+To check the status of your registration for Queue or Table storage, use PowerShell or Azure CLI.
 
-```azurecli
-az feature show --namespace Microsoft.Storage --name AllowAccountEncryptionKeyForQueues
+# [PowerShell](#tab/powershell)
+
+To check the status of your registration with PowerShell, call the [Get-AzProviderFeature](/powershell/module/az.resources/get-azproviderfeature) command.
+
+```powershell
+Get-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowAccountEncryptionKeyForQueues
+Get-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowAccountEncryptionKeyForTables
 ```
 
-To check the status of your registration for Table storage:
+# [Azure CLI](#tab/azure-cli)
+
+To check the status of your registration with Azure CLI, call the [az feature](/cli/azure/feature#az-feature-show).
 
 ```azurecli
+az feature show --namespace Microsoft.Storage --name AllowAccountEncryptionKeyForQueues
 az feature show --namespace Microsoft.Storage --name AllowAccountEncryptionKeyForTables
 ```
 
+---
+
 ### Re-register the Azure Storage resource provider
 
-After your registration is approved, you must re-register the Azure Storage resource provider. Call the [az provider register](/cli/azure/provider#az-provider-register) command:
+After your registration is approved, you must re-register the Azure Storage resource provider. 
+
+Call the [az provider register](/cli/azure/provider#az-provider-register) command:
 
 ```azurecli
 az provider register --namespace 'Microsoft.Storage'
@@ -76,7 +96,28 @@ The storage account must be of type general-purpose v2. You can create the stora
 > [!NOTE]
 > Only Queue and Table storage can be optionally configured to encrypt data with the account encryption key when the storage account is created. Blob storage and Azure Files always use the account encryption key to encrypt data.
 
-### [Azure CLI](#tab/azure-cli)
+# [PowerShell](#tab/powershell)
+
+To use PowerShell to create a storage account that relies on the account encryption key, make sure you have installed the Azure PowerShell module, version 3.4.0 or later. For more information, see [Install the Azure PowerShell module](/powershell/azure/install-az-ps).
+
+Next, create a general-purpose v2 storage account by calling the [New-AzStorageAccount](/powershell/module/az.storage/new-azstorageaccount) command, with the appropriate parameters:
+
+- Include the `-EncryptionKeyTypeForQueue` option and set its value to `Account` to use the account encryption key to encrypt data in Queue storage.
+- Include the `-EncryptionKeyTypeForTable` option and set its value to `Account` to use the account encryption key to encrypt data in Table storage.
+
+The following example shows how to create a general-purpose v2 storage account that is configured for read-access geo-redundant storage (RA-GRS) and that uses the account encryption key to encrypt data for both Queue and Table storage. Remember to replace the placeholder values in brackets with your own values:
+
+```powershell
+New-AzStorageAccount -ResourceGroupName <resource_group> `
+  -AccountName <storage-account> `
+  -Location <location> `
+  -SkuName "Standard_RAGRS" `
+  -Kind StorageV2 `
+  -EncryptionKeyTypeForTable Account `
+  -EncryptionKeyTypeForQueue Account
+```
+
+# [Azure CLI](#tab/azure-cli)
 
 To use Azure CLI to create a storage account that relies on the account encryption key, make sure you have installed Azure CLI version 2.0.80 or later. For more information, see [Install the Azure CLI](/cli/azure/install-azure-cli).
 
@@ -85,22 +126,22 @@ Next, create a general-purpose v2 storage account by calling the [az storage acc
 - Include the `--encryption-key-type-for-queue` option and set its value to `Account` to use the account encryption key to encrypt data in Queue storage.
 - Include the `--encryption-key-type-for-table` option and set its value to `Account` to use the account encryption key to encrypt data in Table storage.
 
-The following example shows how to create a general-purpose v2 storage account that is configured for LRS and that uses the account encryption key to encrypt data for both Queue and Table storage. Remember to replace the placeholder values in brackets with your own values:
+The following example shows how to create a general-purpose v2 storage account that is configured for read-access geo-redundant storage (RA-GRS) and that uses the account encryption key to encrypt data for both Queue and Table storage. Remember to replace the placeholder values in brackets with your own values:
 
 ```azurecli
 az storage account create \
     --name <storage-account> \
     --resource-group <resource-group> \
     --location <location> \
-    --sku Standard_LRS \
+    --sku Standard_RAGRS \
     --kind StorageV2 \
     --encryption-key-type-for-table Account \
     --encryption-key-type-for-queue Account
 ```
 
-### [Template](#tab/template)
+# [Template](#tab/template)
 
-The following JSON example creates a general-purpose v2 storage account that is configured for LRS and that uses the account encryption key to encrypt data for both Queue and Table storage. Remember to replace the placeholder values in angle brackets with your own values:
+The following JSON example creates a general-purpose v2 storage account that is configured for read-access geo-redundant storage (RA-GRS) and that uses the account encryption key to encrypt data for both Queue and Table storage. Remember to replace the placeholder values in angle brackets with your own values:
 
 ```json
 "resources": [
@@ -112,7 +153,7 @@ The following JSON example creates a general-purpose v2 storage account that is
         "dependsOn": [],
         "tags": {},
         "sku": {
-            "name": "[parameters('Standard_LRS')]"
+            "name": "[parameters('Standard_RAGRS')]"
         },
         "kind": "[parameters('StorageV2')]",
         "properties": {
diff --git a/articles/storage/common/storage-service-encryption.md b/articles/storage/common/storage-service-encryption.md
@@ -5,7 +5,7 @@ services: storage
 author: tamram
 
 ms.service: storage
-ms.date: 01/10/2020
+ms.date: 02/04/2020
 ms.topic: conceptual
 ms.author: tamram
 ms.reviewer: cbrooks
