Adding an Azure Blob Storage Repository with IAM AD Application

To back up an Azure Blob Storage account using non-Azure virtual machines (VM) as access node, create an Azure Active Directory (AD) application, and then assign the storage blob data owner role to that AD application at the Azure storage account level. Then, use the IAM AD role assignment type of authentication to add an object storage repository.

Assign the Storage Blob Data Owner Role to the Azure AD Application

  1. On the Azure portal, create an Azure AD application.

  2. Generate and save a client secret for the application.

  3. Record the application ID, client secret, and the tenant ID of the application that you created.

  4. Record the secret key.

  5. Ensure the IAM AD application is configured with the Storage Blob Data Owner and Reader roles. To configure restricted access, use the custom role defined in MetallicAzureBlobBackupRole.json.


  1. From the navigation pane, go to Protect > Object storage.

    The Object storage page appears.

  2. In the upper-right area of the page, click Add object storage.

    The Add object storage dialog box appears.

  3. Click Azure Blob Storage.

    The Configure Azure Blob Storage wizard appears.

  4. On the Plan tab of the wizard, select the backup plan that you want to use for the object storage repository, and then click Next.

  5. On the Access Node tab of the wizard, select one or more access nodes or the server group where the Cloud Apps package is installed, and then click Next.


    • The access nodes must be of similar operating system type.

    • All servers in the server group must be reachable through network routes.

  6. On the Add object storage tab of the wizard, complete the following steps:

    1. In theObject storage name box, enter a name for the repository.

    2. In the Host URL box, enter the Azure Blob Storage service account URL.

      For example, you can enter

    3. From the Authentication list, select IAM AD application.

    4. Do one of the following:

      • From theCredentials dialog box, select the credentials that you are going to use, and then click Next.

      • To add credentials to the Credential Manager, click the plus button (+).

        TheAdd Credential dialog box appears.

      • Enter the following information:

      • Credential name: Enter a name for the credentials that you are creating.

      • Tenant ID: Enter the tenant ID of the Azure AD application.

      • Application ID: Enter the application ID of the Azure AD application.

      • Application secret: Enter the client secret of the Azure AD application.

      • Environment: Select the Azure cloud environment

      • Description: Enter a description of the credentials

      • ClickSave.

  7. On the Backup Content tab of the wizard, complete the following steps:

    1. Click Add, and do one of the following:

      • To enter a custom path, click Custom path, and then enter the path for the content.

      • To browse for content, click Browse, and then select the content.

    2. To exclude some of the content you selected, move the Specify exclusion toggle key to the right, and then add the exclusion.

    3. Click Next.

  8. On the Summary tab of the wizard, review the options, and then clickFinish.