Prerequisites to add Azure Account
Step 1 : Generate Application ID
Note: Make sure the user account you use has sufficient permission to register an application and assign a role to it.
- Name – Enter a display name for the application.
- Supported account types – Choose the option “Accounts in this organizational directory only”
Step 2: Generate Application Password
Select Certificates & secrets under Manage on the left pane.
Click on New client secret which opens a separate section: Add a client secret. On this page, choose 24 months from the Expires option and click Add. This will generate and display the application password (under the ‘Value’ column).
Note: Make sure you copy the application password (Value) as the portal will display it only once. (You can use the copy to clipboard icon to copy the password). Once the generated application password has expired, create a new client secret and update it on the BDRSuite. If the expired password is not updated, backups will fail.
Step 3: Create Role
- On the Home page, under the Azure Services section, select ‘Subscriptions’ (or) search for and select ‘Subscriptions’ from the Search box at the top.
- From the list of Subscriptions, click on the subscription that you plan to use in BDRSuite to configure backup from.
-
On the left pane of the selected Subscription page, click Access control (IAM) and then click Add -> Add custom role.
- On the Basics Tab, Enter a Custom Role name ( bdrsuite-azure-backup-restore-role) and for Baseline Permissions, select the option: start from scratch. Click Next.
- ‘Permissons’ Tab – Click next and move to Assignable Scopes tab.
- On the Assignable Scopes Tab: Click on “+Add Assignable Scopes” option to add any other subscriptions you have access to. On the Add assignable scopes dialog, select a subscription to add as an assignable scope.
- On the JSON Tab, click “Edit”, Under “permissions”, copy and paste the entire content from the following JSON policy document and finally “Save” it.
- On the Review + Create tab, review the role assignment settings and click the Review + Create button.
- On the Add custom role page add the following roles:
Note: Please make sure to select any other subscriptions associated with this account if you intend to use them for backup and recovery. Otherwise, you will need to perform the steps separately for each subscription later.
Step 4: Add Role Assignment
- On the Home page, under the Azure Services section, select ‘Subscriptions’ (or) search for and select ‘Subscriptions’ from the Search box at the top.
- From the list of subscriptions, click on the subscription that you plan to use in BDRSuite.
- On the left pane of the selected subscription page, click Access control (IAM) and then click Add -> Add role assignment
-
On the Add the role assignment page add the following roles:
- Under Role tab, select the role created above (bdrsuite-azure-backup-restore-role) and click next
-
On the Members Tab:
-
- For the field: ‘Assign access to’, select the option: User, group, or service principal.
- For the field: Members, click ‘Select Members’ which opens a dialog box. Search and select the application that you have created (in step 1) and click the ‘Select’ button. Then, click the Next button.
- On the Review + assign tab, review the role assignment settings and click the Review + assign button.
-
Step 5: Add Azure Account on the BDRSuite
- On the BDRSuite, navigate to the Cloud Workloads ->Data Source-> Azure Backup -> Azure Accounts page.
-
Click on the ‘Add Azure Account’ button which opens a dialog box. Then, enter the following details and click ‘Save’.
- Tenant ID – On the Azure Portal, navigate to the Microsoft Entra ID (formerly Azure Active Directory) page where you can find the ‘Tenant ID’ under the Basic information section.
- Application ID – On the Azure Portal, navigate to the Microsoft Entra ID (formerly Azure Active Directory) and select ‘App registrations’ from the left pane. Click on the application that you have created (in step 1) and you can find the ‘Application (client) ID’ under Essentials section.
- Application Password – Provide the Application Password (Value) that you copied after creating the client secret.