Veeam Backup for Microsoft Azure 8
User Guide
Archive
Version 7.0 Version 6.0
Related documents
Search

Permissions Changelog

This section describes the latest changes in service account permissions required for Veeam Backup for Microsoft Azure to perform operations.

When you update Veeam Backup for Microsoft Azure version 7.0 to version 8, consider that service accounts must be assigned additional permissions:

  • For Veeam Backup for Microsoft Azure to be able to back up Cosmos DB for MongoDB accounts, service accounts must be additionally assigned the following permissions:

"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/action",

"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/read",

"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/throughputSettings/read",

"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/read",

"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/throughputSettings/read"

  • For Veeam Backup for Microsoft Azure to be able to restore Cosmos DB for MongoDB accounts, service accounts must be additionally assigned the following permissions:

"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/action",

"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/throughputSettings/read",

"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/throughputSettings/read",

"Microsoft.Insights/eventtypes/values/Read"

  • For Veeam Backup for Microsoft Azure to be able to be able to allow worker instances to perform backup and restore operations in private environments, service accounts must be additionally assigned the following permissions:

"Microsoft.Authorization/locks/delete", 

"Microsoft.Authorization/locks/read",

"Microsoft.Authorization/locks/write",

"Microsoft.Network/natGateways/join/action",

"Microsoft.Network/privateDnsZones/A/write",

"Microsoft.Network/privateDnsZones/join/action",

"Microsoft.Network/privateDnsZones/read",

"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write",

"Microsoft.Network/privateDnsZones/virtualNetworkLinks/read",

"Microsoft.Network/privateDnsZones/write",

"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read",

"Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write",

"Microsoft.Network/virtualNetworks/join/action"

  • For Veeam Backup for Microsoft Azure to be able to create and manage backup repositories and to protect Azure VMs, Azure SQL databases and Azure file shares, service accounts must be additionally assigned the following permission:

"Microsoft.Insights/eventtypes/values/Read"

Page updated 3/27/2025

Page content applies to build 8.0.0.334

View all results across Veeam
Back to document search