Specifying Existing Microsoft Entra Application

[This step applies only if you have selected the Specify existing service account option at the Type step of the wizard]

When you choose to specify an existing service account, Veeam Backup for Microsoft Azure connects to an existing Microsoft Entra application that grants access to your Azure resources. For Veeam Backup for Microsoft Azure to be able to connect to the Microsoft Entra application and to protect Azure resources, the application must be created in Microsoft Azure, and have the Contributor, Key Vault Crypto User and Storage Queue Data Contributor Azure built-in roles assigned. To learn how to create Microsoft Entra applications and assign Azure roles, see Microsoft Identity Platform and Azure RBAC documentation.

Tip

If you want the service account to have granular permissions, you can create a custom role in Microsoft Azure, assign the role to the Microsoft Entra application instead of the built-in roles, and make sure the role has all the permissions required to perform backup and restore operations. For the list of required permissions, see Service Account Permissions.

At the Logon step of the wizard, specify an existing service account that grants access to your Azure resources:

  1. In the Application ID field, enter the application identifier. You can find the identifier on the Overview page of your Microsoft Entra application in the Microsoft Azure portal. For more information, see Microsoft Docs.
  2. Select an application authentication type:
  • Select the Client (application) secret option to use a client secret created in the specified Microsoft Entra application. In the Secret field, enter the value of the secret. To learn how to create client secrets, see Microsoft Docs.
  • Select the Certificate option to use a certificate uploaded to the specified Microsoft Entra application. In the Certificate field, click Select File to locate the certificate. Then, provide a password used to encrypt the certificate in the Password field. To learn how to upload certificates to Microsoft Entra applications, see Microsoft Docs.

Important

Veeam Backup for Microsoft Azure supports certificates only in the formats .PFX and .P12.

  1. In the Tenant ID field, enter the tenant ID of the specified Microsoft Entra application.

You can find the tenant ID on the Overview page of your Microsoft Entra application in the Microsoft Azure portal. For more information, see Microsoft Docs.

Specifying Existing Account

Page updated 9/5/2024

Page content applies to build 7.1.0.22