Complete the Guided Setup for Azure Active Directory Using the Custom Configuration

If multi-factor authentication is enabled for your global administrator account, you must manually create the Azure Active Directory application.

Log On to the Azure Portal as the Global Administrator

1. Log on to the Azure portal (https://portal.azure.com/) using your global administrator account.

2. Go to Azure Active Directory (now Microsoft Entra ID).

Register Azure Active Directory in the Azure Portal

1. In the navigation pane, click App registrations.

   The App registrations page appears.

2. Click New registration.

   The Register an application screen appears.

3. In the Name box, type a name for the app.

4. Under Supported account types, select Accounts in this organizational directory only (tenant_prefix - Single tenant).

5. Click Register.

6. Copy and paste the following values in a file or other document that you can access later:

   • Application (client) ID

   • Directory (tenant) ID

   You will enter these values in the Commvault software when you create the Azure AD app.

7. From the left navigation pane, click Certificates & secrets.

8. Click New client secret.

9. Enter a description of the secret, and then click Add.

10. Copy the client secret value shown on the page as it will also be entered when you create the Azure AD app.

11. In the navigation pane, click API permissions.

12. Click Add a permission.

    The Request API permissions page appears.

13. Click Microsoft Graph and complete the following steps:

    1. Click Application Permissions.

    2. Select the following permissions:

       • AdministrativeUnit: AdministrativeUnit.ReadWrite.All. This API permission is required to read and write all administrative units.

       • Application: Application.ReadWrite.All. This API permission is required to backup and restore the Registry and Enterprise applications.

       • AppRoleAssignment: AppRoleAssignment.ReadWrite.All. This API permission is required to backup and restore the Registry and Enterprise applications.

       • AuditLog: AuditLog.Read.All. This API permission is required to backup the Office 365 agents.

       • DelegatedPermissionGrant: DelegatedPermissionGrant.ReadWrite.All. This API permission is required to read and write Azure AD object permission relationships.

       • Device: Device.ReadWrite.All. This API permission is required to read and write to devices.

       • Directory: Directory.ReadWrite.All. This API permission is required to backup your organization's directory.

       • Domain: Domain.ReadWrite.All. This API permission is required to read and write to domains.

       • Group: Group.ReadWrite.All. This API permission is required to backup and restore Groups.

       • Policy: Policy.Read.All. This API permission is required to backup and restore your organization's policies.

       • Policy: Policy.ReadWrite.ConditionalAccess. This API permission is required to read and write to your organization’s conditional access policies.

       • RoleManagement: RoleManagement.ReadWrite.Directory. This API permission is required to read and write to directory RBC settings.

       • User: User.ReadWrite.All. This API permission is required to backup and restore the user profiles.

    3. Click Add permissions.

14. Click Microsoft Graph again and complete the following steps:

    1. Click Delegated Permissions.

    2. Select the following permissions:

       • Directory: Directory.AccessAsUser.All. This API permission is required for restore.

       • UserAuthenticationMethod: UserAuthenticationMethod.ReadWrite.All. This API permission is required to read and write to a user’s authentication methods.

    For more information regarding permissions, see Microsoft Permissions.

15. Return to the Request API permissions page.

16. On the app API permissions page, click Grant admin consent for tenant_name.

Add an App for Azure Active Directory

Start the Configuration Wizard

1. From the navigation pane, go to Protect > Active Directory.

   The Overview page appears.

2. On the Apps tab, in the upper-right area of the page, click Add, and then click Azure Active Directory.

   The Create Azure AD App page appears.

3. In the Name box, enter a name for the app.

4. From the Azure AD cloud region list, select the region where the company is located.

5. Click Next.

   The Server Plan page appears.

Server Plan

1. Select an existing plan to back up the Azure AD server or create a new plan.

2. Click Next.

   The Infrastructure page appears.

Infrastructure

1. From the Index server list, select the index server to use for the app

2. From the Access node list, select the access node to use for the app.

3. Click Next.

   The Application Details page appears.

Application Details

1. Select the Custom configuration (Advanced) option.

   You can download the toolkit for Custom configuration from this page if you have not already configured the Azure app manually.

2. In the Application ID box, enter the Azure app ID.

3. In the Application secret box, enter the Azure app secret value.

4. In the Azure directory ID box, enter the Azure directory ID.

   Note

   You can create app with the Commvault tool and copy the app information from the CVAzureADCustomConfigHelper.exe file.

5. Select the The Azure app is authorized from the Azure portal with all the required permissions. checkbox.

6. Click Next.

   The Summary page appears.

7. Click Close.