Step 4. Specify Service Account Parameters
At the Logon to Azure/Service Account step of the wizard, select a logon type to Microsoft Azure.
When you choose to create a service account automatically, Veeam Backup for Microsoft Azure creates an Azure AD application in your Microsoft Azure Active Directory and then uses it to get access to Azure resources that you can back up.
To create a service account, do the following:
- Click Copy code to clipboard to copy the code.
Mind that a code is valid for 15 minutes.
- Click the link to the Microsoft portal.
- On the Microsoft Azure device logon page, paste the code that you have copied and click Next.
- On the Microsoft Azure device logon page, sign in to Azure.
Make sure the account that you use has required permissions. For more information, see Required Permissions.
Using Personal account (Microsoft account) is not recommended, use Work account (Azure AD account) instead. If you are not sure what kind of account you are using or getting error messages mentioning tenant ID f8cdef31-a31e-4b4a-93e4-5f571e91255a, make sure to create a new Azure AD account, as described in this Microsoft article.
- Return to the Add Azure Connection wizard and click Next.
When you specify an existing service account, Veeam Backup for Microsoft Azure connects to the existing Azure AD application that grants access to Microsoft Azure resources. Make sure to create such an application in advance. For more information on how to create an Azure AD Application, see this Microsoft article.
Make sure to grant your application required permissions. For more information, see Required Permissions.
After you create a custom application in Azure, specify a service account according to the following:
- In the Application ID field, enter the application identifier.
You can find it in the application settings of your Azure Active Directory. For more information, see this Microsoft article.
- Select an application authentication type. You can select either Client (application) secret or Certificate:
- To use a client secret (also known as application password), in the Client (application) secret field, enter a secret string to access your application.
To obtain a secret string, you will need to generate it first. For more information, see this Microsoft article.
Mind that the application secret will become hidden once you leave or refresh the page in the Azure portal. Consider saving the secret to a secure location.
- To use a certificate, switch to the Certificate option and click Browse to select a certificate from a .pfx file.
To be able to use a certificate, you must upload it to the Azure portal and assign it to Azure AD application. For more information, see this Microsoft article.
Note that Azure portal requires a certificate in the .cer, .pem, .crt formats while Veeam Backup for Microsoft Azure requires a certificate only in the .pfx format.
- In the Tenant ID field, enter a directory (tenant) ID of the Azure AD application.
You can find it in the application settings. For more information, see this Microsoft article.