Azure VM Permissions
To allow Veeam Backup for Microsoft Azure to protect Azure VMs, the service account that will be used for backup and restore operations with these VMs must have the following permissions.
Azure VM Snapshot and Backup Permissions
{ "permissions": [ { "actions": [ "Microsoft.Authorization/roleAssignments/read", "Microsoft.Compute/disks/beginGetAccess/action", "Microsoft.Compute/disks/endGetAccess/action", "Microsoft.Compute/disks/read", "Microsoft.Compute/snapshots/beginGetAccess/action", "Microsoft.Compute/snapshots/delete", "Microsoft.Compute/snapshots/endGetAccess/action", "Microsoft.Compute/snapshots/read", "Microsoft.Compute/snapshots/write", "Microsoft.Compute/virtualMachines/read", "Microsoft.DevTestLab/Schedules/read", "Microsoft.Network/loadBalancers/read", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.Network/publicIPAddresses/read", "Microsoft.Network/routeTables/join/action", "Microsoft.Network/virtualNetworks/read", "Microsoft.Resources/subscriptions/resourceGroups/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } |
{ "permissions": [ { "actions": [ "Microsoft.Authorization/locks/Read", "Microsoft.Authorization/roleAssignments/read", "Microsoft.Compute/availabilitySets/read", "Microsoft.Compute/availabilitySets/vmSizes/read", "Microsoft.Compute/diskAccesses/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnections/read", "Microsoft.Compute/diskAccesses/privateEndpointConnections/write", "Microsoft.Compute/diskAccesses/PrivateEndpointConnectionsApproval/action", "Microsoft.Compute/diskAccesses/read", "Microsoft.Compute/diskAccesses/write", "Microsoft.Compute/diskEncryptionSets/read", "Microsoft.Compute/disks/beginGetAccess/action", "Microsoft.Compute/disks/delete", "Microsoft.Compute/disks/endGetAccess/action", "Microsoft.Compute/disks/read", "Microsoft.Compute/disks/write", "Microsoft.Compute/snapshots/beginGetAccess/action", "Microsoft.Compute/snapshots/read", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/virtualMachines/delete", "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/virtualMachines/write", "Microsoft.DevTestLab/Schedules/write", "Microsoft.Network/loadBalancers/backendAddressPools/join/action", "Microsoft.Network/networkInterfaces/delete", "Microsoft.Network/networkInterfaces/join/action", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkInterfaces/write", "Microsoft.Network/networkSecurityGroups/join/action", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.Network/privateEndpoints/delete", "Microsoft.Network/privateEndpoints/read", "Microsoft.Network/privateEndpoints/write", "Microsoft.Network/privateLinkServices/privateEndpointConnections/delete", "Microsoft.Network/privateLinkServices/privateEndpointConnections/read", "Microsoft.Network/privateLinkServices/privateEndpointConnections/write", "Microsoft.Network/publicIPAddresses/join/action", "Microsoft.Network/publicIPAddresses/read", "Microsoft.Network/publicIPAddresses/write", "Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action", "Microsoft.Network/virtualNetworks/write", "Microsoft.Resources/subscriptions/resourceGroups/delete", "Microsoft.Resources/subscriptions/resourceGroups/moveResources/action", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Resources/subscriptions/resourceGroups/validateMoveResources/action", "Microsoft.Resources/subscriptions/resourceGroups/write", "Microsoft.Storage/storageAccounts/privateEndpointConnections/write", "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action", "Microsoft.Storage/storageAccounts/write" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } |