How to Restrict Which Azure Subscription(s) Can Be Accessed by an Azure Compute Account
Purpose
This article documents how to restrict which subscriptions will be accessible to an Azure Compute account used by Veeam Backup & Replication.
Use Case
By default, IAM roles are assigned to a newly created Azure AD application on all subscriptions visible to the Azure AD user logged in on the device log in page.
- Some customers may wish to restrict this and would otherwise have to remove role assignments from other subscriptions manually.
- In some cases, access to more subscriptions than is strictly necessary could cause delays when adding the Azure Compute account.
Solution
Create the following registry value on the Veeam Backup Server, replacing <SubscriptionIDs> with a list of Azure Subscriptions IDs that should be used by Veeam Backup & Replication when adding an Azure Compute account.
Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
Value Name: AzureSubscriptionIdsToInclude
Value Type: Multi-String Value (REG_MULTI_SZ)
Value Data: <SubscriptionIDs>
Each Subscription ID should be on its own line.
Example:
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.