Step 3. Register or Configure Azure AD Application

In this article

    At this step of the wizard, you can create a new application in Azure Active Directory or configure an existing one.

    Use this method if you have selected the Register a new Azure AD application automatically option at the previous step of the wizard.

    Use this method if you have selected the Use an existing Azure AD application option at the previous step of the wizard.

    Note

    Restore operators and end users will be able to use the only URI that you specify in the Restore Portal web address field. If you want to specify multiple redirect URIs that will be used as the Restore Portal web address or set the application as enterprise to allow multi-tenant access, you must configure these settings manually in your Azure Active Directory.

    Registering New Azure AD Application

    You can register a new Azure AD application in Azure Active Directory. Veeam Backup for Microsoft 365 will use this application to connect to Restore Portal. When registering a new Azure AD application, Veeam Backup for Microsoft 365 automatically grants the required permissions to this application.

    To register a new Azure AD application, do the following:Azure

    1. From the Region drop-down list, select a Microsoft Azure region.
    2. In the Name field, enter a name that you want to use to register a new Azure AD application in your Azure Active Directory.
    3. Click Install to specify an SSL certificate that you want to use for data exchange between Restore Portal and the created Azure AD application.
    4. In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

    You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Azure Active Directory. For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

    1. In the Restore Portal web address field, specify web address of a machine with the Veeam Backup for Microsoft 365 REST API component installed. Restore operators and end users will use this web address to open Restore Portal in a web browser window.

    Consider the following:

    • The website is available over HTTPS protocol only.
    • By default, port 4443 must be opened on the Veeam Backup for Microsoft 365 server or a machine with the Veeam Backup for Microsoft 365 REST API component installed. For more information, see Used Ports.
    • The web address must be specified in one of the following formats:
    • https://<IPv4 address>:<port number>, where <IPv4 address> is a public IPv4 address of a machine with the Veeam Backup for Microsoft 365 REST API component installed. For example, https://135.169.170.192:4443.
    • https://<DNS hostname>:<port number>, where <DNS hostname> is DNS hostname of a machine with the Veeam Backup for Microsoft 365 REST API component installed. For example, https://portal.abc.com:4443.

    Registering Azure AD Application

    Configuring Existing Azure AD Application

    You can configure an existing Azure AD application to connect to Restore Portal. Veeam Backup for Microsoft 365 checks the Azure AD application permissions, grants the missing permissions if needed and updates an SSL certificate.

    To configure an existing application, do the following:

    1. From the Region drop-down list, select a Microsoft Azure region.

    Mind that if you change your Microsoft Azure region, you must also specify another Azure AD application.

    1. In the Application ID field, specify an identification number of Azure AD application that you want to use to connect to Restore Portal.

    You can find this number in the application settings of your Azure Active Directory. For more information, see this Microsoft article.

    1. Click Install to specify an SSL certificate that you want to use for data exchange between Restore Portal and the created Azure AD application.
    2. In the Select Certificate wizard, select a certificate. For more information, see Installing SSL Certificates.

    You can generate a new self-signed certificate or use an existing one. Before using an existing certificate, make sure to register this certificate in Azure Active Directory. For more information, see this Microsoft article. When generating a new self-signed certificate, Veeam Backup for Microsoft 365 will register it automatically.

    1. In the Restore Portal web address field, specify web address of a machine with the Veeam Backup for Microsoft 365 REST API component installed. Restore operators and end users will use this web address to open Restore Portal in a web browser window.

    Consider the following:

    • The website is available over HTTPS protocol only.
    • By default, port 4443 must be opened on the Veeam Backup for Microsoft 365 server or a machine with the Veeam Backup for Microsoft 365 REST API component installed. For more information, see Used Ports.
    • The web address must be specified in one of the following formats:
    • https://<IPv4 address>:<port number>, where <IPv4 address> is a public IPv4 address of a machine with the Veeam Backup for Microsoft 365 REST API component installed. For example, https://135.169.170.192:4443.
    • https://<DNS hostname>:<port number>, where <DNS hostname> is DNS hostname of a machine with the Veeam Backup for Microsoft 365 REST API component installed. For example, https://portal.abc.com:4443.

    Configuring Azure AD Application