If multi-factor authentication is enabled for your global administrator account, you must manually create the Azure Active Directory application.
Log On to the Azure Portal as the Global Administrator
-
Log on to the Azure portal (https://portal.azure.com/) using your global administrator account.
-
Go to Azure Active Directory (now Microsoft Entra ID).
Register Azure Active Directory in the Azure Portal
-
In the navigation pane, click App registrations.
The App registrations page appears.
-
Click New registration.
The Register an application screen appears.
-
In the Name box, type a name for the app.
-
Under Supported account types, select Accounts in this organizational directory only (tenant_prefix - Single tenant).
-
Click Register.
-
Copy and paste the following values in a file or other document that you can access later:
-
Application (client) ID
-
Directory (tenant) ID
You will enter these values in the Commvault software when you create the Azure AD app.
-
-
From the left navigation pane, click Certificates & secrets.
-
Click New client secret.
-
Enter a description of the secret, and then click Add.
-
Copy the client secret value shown on the page as it will also be entered when you create the Azure AD app.
-
In the navigation pane, click API permissions.
-
Click Add a permission.
The Request API permissions page appears.
-
Click Microsoft Graph and complete the following steps:
-
Click Application Permissions.
-
Select the following permissions:
-
AdministrativeUnit: AdministrativeUnit.ReadWrite.All. This API permission is required to read and write all administrative units.
-
Application: Application.ReadWrite.All. This API permission is required to backup and restore the Registry and Enterprise applications.
-
AppRoleAssignment: AppRoleAssignment.ReadWrite.All. This API permission is required to backup and restore the Registry and Enterprise applications.
-
AuditLog: AuditLog.Read.All. This API permission is required to backup the Office 365 agents.
-
DelegatedPermissionGrant: DelegatedPermissionGrant.ReadWrite.All. This API permission is required to read and write Azure AD object permission relationships.
-
Device: Device.ReadWrite.All. This API permission is required to read and write to devices.
-
Directory: Directory.ReadWrite.All. This API permission is required to backup your organization's directory.
-
Domain: Domain.ReadWrite.All. This API permission is required to read and write to domains.
-
Group: Group.ReadWrite.All. This API permission is required to backup and restore Groups.
-
Policy: Policy.Read.All. This API permission is required to backup and restore your organization's policies.
-
Policy: Policy.ReadWrite.ConditionalAccess. This API permission is required to read and write to your organization’s conditional access policies.
-
RoleManagement: RoleManagement.ReadWrite.Directory. This API permission is required to read and write to directory RBC settings.
-
User: User.ReadWrite.All. This API permission is required to backup and restore the user profiles.
-
-
Click Add permissions.
-
-
Click Microsoft Graph again and complete the following steps:
-
Click Delegated Permissions.
-
Select the following permissions:
-
Directory: Directory.AccessAsUser.All. This API permission is required for restore.
-
UserAuthenticationMethod: UserAuthenticationMethod.ReadWrite.All. This API permission is required to read and write to a user’s authentication methods.
-
For more information regarding permissions, see Microsoft Permissions.
-
-
Return to the Request API permissions page.
-
On the app API permissions page, click Grant admin consent for tenant_name.
Add an App for Azure Active Directory
Start the Configuration Wizard
-
From the navigation pane, go to Protect > Active Directory.
The Overview page appears.
-
On the Apps tab, in the upper-right area of the page, click Add, and then click Azure Active Directory.
The Create Azure AD App page appears.
-
In the Name box, enter a name for the app.
-
From the Azure AD cloud region list, select the region where the company is located.
-
Click Next.
The Server Plan page appears.
Server Plan
-
Select an existing plan to back up the Azure AD server or create a new plan.
-
Click Next.
The Infrastructure page appears.
Infrastructure
-
From the Index server list, select the index server to use for the app
-
From the Access node list, select the access node to use for the app.
-
Click Next.
The Application Details page appears.
Application Details
-
Select the Custom configuration (Advanced) option.
You can download the toolkit for Custom configuration from this page if you have not already configured the Azure app manually.
-
In the Application ID box, enter the Azure app ID.
-
In the Application secret box, enter the Azure app secret value.
-
In the Azure directory ID box, enter the Azure directory ID.
Note
You can create app with the Commvault tool and copy the app information from the CVAzureADCustomConfigHelper.exe file.
-
Select the The Azure app is authorized from the Azure portal with all the required permissions. checkbox.
-
Click Next.
The Summary page appears.
-
Click Close.