Creating New Azure AD Application

This step applies only if you have selected the Create a new account option at the Account Type step of the wizard.

Configuring Azure AD Application

When you choose to create a new account, Veeam Backup & Replication registers a new AD application in Microsoft Azure. Veeam Backup & Replication will use this application to authenticate to Azure. For more information on AD applications, see Microsoft Azure Docs. To create the Azure AD application, you must use a single-use verification code that Veeam Backup & Replication provides you.

At the Account Type step of the wizard, do the following:

  1. Click Copy to clipboard to copy the verification code.
  2. Click the https://microsoft.com/devicelogin link.
  3. On the Microsoft Azure device authentication page, do the following:
  1. Paste the code that you have copied and click Next. Note that the code will expire in 15 minutes.
  2. Specify an Azure AD user account that will be used to create an application. Note that the user name must be specified in the user principal name format (username@domain). The account must have permissions described in section Permissions.

Veeam Backup & Replication will retrieve information about subscriptions to which the Azure AD user has access and will create Azure AD application in the tenant of the account.

  1. Back to the Add Azure Account wizard, check whether any errors occurred during the authentication process.

Note

Consider the following:

  • If you have multiple tenants associated with the Azure AD user account that you plan to use to create a new application, Veeam Backup & Replication will create the application in the home tenant of the account. As a result, the application will have access only to the subscriptions of the home tenant, as well as the Azure Compute account will. If you want to use another tenant and its subscriptions, follow the instructions in this Veeam KB article.
  • The created Azure AD application is assigned the Owner role privileges and the Key Vault Crypto User role privileges for the subscriptions for which the following conditions are met: the subscriptions are linked to the home tenant of the Azure AD user; the Azure AD user has access to these subscriptions and can assign roles on the subscription level for the registered application.

You can limit the subscriptions to which Veeam Backup & Replication assigns the privileges as described in this Veeam KB article. For more information on roles, see Microsoft Azure Docs.

Enabling Direct Restore of Linux Workloads

To enable direct restore of Linux-based workloads, select the Enable direct restore of Linux-based computers. When selected, this check box enables the Helper Appliance step where you will have to configure helper appliances.

Creating New Azure AD Application