Challenge
You want to create manual permissions for your Azure account (service account) for Veeam Backup for Microsoft Azure or for a repository account. The Azure or service account is responsible for:
- Synchronization of virtual machines and disks with the Veeam Backup for Microsoft Azure database.
- Synchronization of subscriptions and storage accounts.
- Accessing virtual machines and its disks as a source of backup.
- Creating and deleting snapshots of virtual disks during backup.
The repository account can be used to store data in a different Azure Active Directory.
Solution
Azure Service Account
Go to the Azure portal and add permissions to your Azure account. The account for the default subscription will need at least the following permissions:
Contributor
For other subscriptions that are connected to your account, add the following permissions:
Snapshots
Microsoft.Compute/snapshots/read
Microsoft.Compute/snapshots/write
Microsoft.Compute/snapshots/delete
Virtual Machines
Microsoft.Compute/virtualMachines/write
Microsoft.Compute/virtualMachines/delete
Microsoft.Compute/virtualMachines/read
Disks
Microsoft.Compute/disks/read
Microsoft.Compute/disks/write
Microsoft.Compute/disks/delete
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Resources/subscriptions/resourceGroups/write
Microsoft.Resources/subscriptions/resourceGroups/delete
Storage accounts
Microsoft.Storage/storageAccounts/read
Microsoft.Storage/storageAccounts/write
Microsoft.Storage/storageAccounts/delete
Repository Account
Go to the Azure portal and add permissions to your storage account. You will need at least the following permissions:
Microsoft.Storage/storageAccounts/*
Microsoft.Resources/subscriptions/resourceGroups/read
More Information
For more information, see the
Required Permissions section of the Veeam Backup for Microsoft Azure User Guide.