Veeam Backup for Microsoft Azure 5.0 [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Azure Account Permissions Changelog

This section describes the latest changes in Azure Account permissions required for Veeam Backup for Microsoft Azure to perform operations.

When you update Veeam Backup for Microsoft Azure version 4.0 to version 5.0, consider that Azure service accounts and Azure repository accounts must be assigned additional permissions:

  • For Veeam Backup for Microsoft Azure to be able to detect locks applied to Azure resources when creating snapshots and backups of these Azure resources, Azure service accounts must be additionally assigned the following permission:

"Microsoft.Authorization/locks/Read"

  • For Veeam Backup for Microsoft Azure to be able to collect availability set configuration and auto-shutdown settings of backed up Azure VMs, Azure service accounts must be additionally assigned the following permissions:

"Microsoft.Compute/availabilitySets/read", 

"Microsoft.Compute/availabilitySets/vmSizes/read",

"Microsoft.DevTestLab/Schedules/read"

  • For Veeam Backup for Microsoft Azure to be able to allow worker instances to process resources that reside in private virtual networks, Azure service accounts and Azure repository accounts must be additionally assigned the following permissions:

"Microsoft.Compute/diskAccesses/delete",

"Microsoft.Compute/diskAccesses/privateEndpointConnections/read",

"Microsoft.Compute/diskAccesses/privateEndpointConnections/write",

"Microsoft.Compute/diskAccesses/PrivateEndpointConnectionsApproval/action",

"Microsoft.Compute/diskAccesses/read",

"Microsoft.Compute/diskAccesses/write"

  • For Veeam Backup for Microsoft Azure to be able to collect information on Azure resource log events, Azure service accounts must be additionally assigned the following permission:

"Microsoft.Insights/eventtypes/values/Read"

  • For Veeam Backup for Microsoft Azure to be able to collect immutability settings of Azure storage accounts and Azure blob containers, and to create immutable backups, Azure service accounts and Azure repository accounts must be additionally assigned the following permissions:

"Microsoft.Storage/storageAccounts/blobServices/containers/read",

"Microsoft.Storage/storageAccounts/blobServices/containers/write"

  • For Veeam Backup for Microsoft Azure to be able to maintain load balancing while performing VM restore, Azure service accounts must be additionally assigned the following permission:

"Microsoft.Network/loadBalancers/backendAddressPools/join/action"

  • For Veeam Backup for Microsoft Azure to be able to restore virtual disks and Azure VMs, Azure service accounts must be additionally assigned the following permission:

"Microsoft.Resources/subscriptions/resourceGroups/validateMoveResources/action"

View all results across Veeam
Back to document search