Adding Permissions to Back Up Azure VMs Encrypted with Azure Key Vault

To back up Azure VMs that are encrypted with Azure Key Vault, you must provide the appropriate permissions for accessing the key vault.

Before You Begin

Only VMs that are encrypted with Azure Key Vault for management of secrets (token and password information) and keys (algorithm information) are supported.

Procedure

1. Log on to the Microsoft Azure portal.

2. From the left-side navigation pane, click All services.

3. From the All services window pane, scroll to the SECURITY section, and click on Key vaults.

   The list of key vaults associated with your subscriptions appears.

4. For each key vault associated with the subscription where the encrypted guest VMs, do the following:

   1. From the list of key vaults, click the key vault.

   2. From the settings menu, select Access Policies, and then click Add New.

   3. Click Add New.

   4. From the Configure from template list, select Key & Secret Management.

      Al operation permissions for Key and Secret Management are selected by default. However, you only need to select the following permissions:

      • For Key permissions, select Get, Backup, Recover, and Restore.

      • For Secret permissions, select Get, Backup, Recover, and Restore.

   5. From the Select principal field, search for either the VM or the Azure AD application (depending on which method was used for when the workload was added to Commvault), and then click Select.

   6. Click OK.

   7. Click Save.