You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/cosmos-db/how-to-setup-customer-managed-keys.md
+12-3Lines changed: 12 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -539,7 +539,7 @@ Not available
539
539
540
540
## Restore a continuous account that is configured with managed identity
541
541
542
-
A user-assigned identity is required in the restore request because the source account managed identity (User-assigned and System-assigned identities) cannot be carried over automatically to the target database account.
542
+
A user-assigned identity is required in the restore request because the source account managed identity (User-assigned and System-assigned identities) can't be carried over automatically to the target database account.
543
543
544
544
### [Azure CLI](#tab/azure-cli)
545
545
@@ -576,7 +576,7 @@ Use the Azure CLI to restore a continuous account that is already configured usi
1. Once the restore has completed, the target (restored) account will have the user-assigned identity. If desired, user can update the account to use System-Assigned managed identity.
579
+
1. Once the restore has completed, the target (restored) account has the user-assigned identity. If desired, user can update the account to use System-Assigned managed identity.
@@ -704,7 +704,16 @@ The following conditions are necessary to successfully restore a periodic backup
704
704
705
705
### How do customer-managed keys affect continuous backups?
706
706
707
-
Azure Cosmos DB gives you the option to configure [continuous backups](./continuous-backup-restore-introduction.md) on your account. With continuous backups, you can restore your data to any point in time within the past 30 days. To use continuous backups on an account where customer-managed keys are enabled, you must use a system-assigned or user-assigned managed identity in the Key Vault access policy. Azure Cosmos DB first-party identities is not currently supported on accounts using continuous backups.
707
+
Azure Cosmos DB gives you the option to configure [continuous backups](./continuous-backup-restore-introduction.md) on your account. With continuous backups, you can restore your data to any point in time within the past 30 days. To use continuous backups on an account where customer-managed keys are enabled, you must use a system-assigned or user-assigned managed identity in the Key Vault access policy. Azure Cosmos DB first-party identities are not currently supported on accounts using continuous backups.
708
+
709
+
Prerequisite steps for Customer Managed Keys enabled accounts to update user assigned identity.
710
+
711
+
- Add a user-assigned identity to the Cosmos DB account, and grant permissions in key vault access policy.
712
+
- Set the user-assigned as default identity via Azure CLI or ARM.
713
+
714
+
```azurecli
715
+
az cosmosdb update --resource-group MyResourceGroup --name MyAccountName --default-identity UserAssignedIdentity=/subscriptions/MySubscriptionId/resourcegroups/MyResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/MyUserAssignedIdentity
716
+
```
708
717
709
718
The following conditions are necessary to successfully perform a point-in-time restore:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments