To protect Azure resources with the Commvault software and/or to store backups in Azure Blob Storage in an on-premises environment, you need an Azure app registration that you can assign the roles and permissions that are required for Commvault to access the resources to.
Prerequisites
-
To create an app registration, your Azure account must have one or more of the following roles:
-
Application Administrator
-
Application Developer
-
Cloud Application Administrator
-
-
If you will use Azure CLI or Azure PowerShell for the steps on this page, use most recent version of the application.
Create the Azure App Registration
Azure Portal
-
Log on to the public Azure portal with service administrator credentials.
-
From the All services menu, select the App registrations tab, and then click on New registration.
-
In Name, enter the name of the application to create on Azure Active Directory.
For example, enter My App.
-
For Account type, select the type of account, which determines who can use the application.
-
To specify a redirect URI, in Redirect URI (optional), select Web, and then enter the URI that the access token is sent to.
For example, enter https://my_org.org/my_app.
-
Click Register.
The application is listed on the App Registration tab.
-
Record the application ID.
-
On the Certificates & secrets blade, click New client secret, and then enter a description and expiration date for the client secret.
-
Click Save.
A unique client secret is generated for the application.
-
Important: Save the client secret, which will be your application secret.
After you leave the Certificate & secrets blade, you cannot retrieve the value.
Azure CLI
-
Create the app registration and get the client secret:
az ad sp create-for-rbac --name ServicePrincipalName --query password -o tsv
Where ServicePrincipalName is a descriptive name for the Azure app.
Azure PowerShell
-
Create the app registration:
$sp = New-AzADServicePrincipal -DisplayName ServicePrincipalName
Where ServicePrincipalName is a descriptive name for the Azure app.
-
Get the client secret:
$sp.PasswordCredentials.SecretText