Create an Azure App Registration for Commvault

To protect Azure resources with the Commvault software and/or to store backups in Azure Blob Storage in an on-premises environment, you need an Azure app registration that you can assign the roles and permissions that are required for Commvault to access the resources to.


  • To create an app registration, your Azure account must have one or more of the following roles:

    • Application Administrator

    • Application Developer

    • Cloud Application Administrator

  • If you will use Azure CLI or Azure PowerShell for the steps on this page, use most recent version of the application.

Create the Azure App Registration

Azure Portal

  1. Log on to the public Azure portal with service administrator credentials.

  2. From the All services menu, select the App registrations tab, and then click on New registration.

  3. In Name, enter the name of the application to create on Azure Active Directory.

    For example, enter My App.

  4. For Account type, select the type of account, which determines who can use the application.

  5. To specify a redirect URI, in Redirect URI (optional), select Web, and then enter the URI that the access token is sent to.

    For example, enter

  6. Click Register.

    The application is listed on the App Registration tab.

  7. Record the application ID.

  8. On the Certificates & secrets blade, click New client secret, and then enter a description and expiration date for the client secret.

  9. Click Save.

    A unique client secret is generated for the application.

  10. Important: Save the client secret, which will be your application secret.

    After you leave the Certificate & secrets blade, you cannot retrieve the value.

Azure CLI

  • Create the app registration and get the client secret:

    az ad sp create-for-rbac --name ServicePrincipalName --query password -o tsv

    Where ServicePrincipalName is a descriptive name for the Azure app.

Azure PowerShell

  1. Create the app registration:

    $sp = New-AzADServicePrincipal -DisplayName ServicePrincipalName

    Where ServicePrincipalName is a descriptive name for the Azure app.

  2. Get the client secret: