Virtual machine owners can be assigned automatically during virtual machine discovery, based on privileges and roles defined in the Azure Stack Hub portal that indicate rights to virtual machines. When this feature is enabled in the Command Center, users and user groups who have the correct permissions defined in the Azure Stack Hub portal and are defined in Commvault are automatically assigned as VM owners for the virtual machine.
With VM owner detection, administrators and end users can access virtual machine data without being manually assigned as VM owners. Depending on the permissions and roles that users have in the Azure Stack Hub portal, they can view and/or recover VM data. Any user with Remove VM, VM Power On, and VM Power Off permissions for a virtual machine is assigned as an owner of that VM during VM discovery.
Owner IDs are assigned during discovery only for a streaming or IntelliSnap backup, and are not modified by backup copy or auxiliary copy operations.
Note
-
This feature is supported only for users or user groups defined in the Azure Stack Hub portal and through an Active Directory Domain Service (ADDS) user or group. The feature is not supported for users defined through Active Directory Federation Services (ADFS).
-
When you enable this feature, the VM discovery operation time might increase.
Requirements for Commvault
-
Users or user groups defined in the Azure Stack Hub portal must also be defined in Commvault, either through a local user definition or a Domains user definition (such as an Active Directory user or group).
-
Assign permissions for VM owners as described in Assigning Permissions to Owners.
Requirements for Azure Stack Hub
-
Users must have a predefined role assigned to indicate that the user has access to the virtual machine. By default, the Owner or Contributor roles are considered VM owners.
-
Azure Stack Hub AD applications used for Commvault authentication must have the following API permission assigned:
Type: Application
Permission: Microsoft Graph.Directory.Read.All
Note
This requires Admin consent.