Step 3b. Specifying Existing Service Account

[This step applies only if you have selected the Specify existing service account option at the Select Service Account Type step of the wizard]

When you specify an existing service account, Veeam Backup for Microsoft Azure connects to the existing Azure AD application that grants access to Azure resources. For an Azure AD application to be used, it must be created as described in Microsoft Docs.

Important

The selected Azure AD application must have the Microsoft.Authorization/*/Write permission set in the subscription associated with the backup appliance.
If you have disabled the Users can register applications option on the Microsoft Azure portal, make sure that the service account has the Application Developer role.

For more information on role permissions in Azure Active Directory, see Microsoft Docs.

To specify a service account, do the following:

In the Application ID field, enter the application ID.

You can find the application ID in the application settings of your Azure Active Directory. For more information, see Microsoft Docs.

Select an application authentication type:

Select the Client (application) secret option to use a client secret. A secret string can be obtained as described in Microsoft Docs.

Select the Certificate option to use a certificate to authenticate against the server, click Browse to locate the certificate file.

For a certificate to be valid, it must be uploaded to the Microsoft Azure portal and assigned to Azure AD application as described in Microsoft Docs.

Important

Veeam Backup for Microsoft Azure supports certificates only in the .PFX format.

In the Tenant ID field, enter a tenant ID of the Azure AD application.

You can find the tenant ID in the application settings of your Azure Active Directory. For more information, see Microsoft Docs.