To add the Azure Data Lake Gen2 object storage repository using non-Azure virtual machines (VM) as access nodes, create an Azure Active Directory (AD) application, and then assign the storage blob data owner role to the application. Then, use the IAM AD role assignment type of authentication to add an object storage repository.
Assign the Storage Blob Data Owner Role to the AD Application
On the Azure portal, create an Azure AD application.
Add the storage blob data owner role to the Azure AD application.
Generate and save a client secret for the Azure AD application.
Record the application ID and the tenant ID of the application that you created.
Add the Repository
From the navigation pane, go to Protect > Object storage.
The Object storage page appears.
In the upper-right corner of the page, click Add object storage.
The Add object storage dialog box appears.
Click Azure Data Lake Storage Gen2.
The Configure Azure Data Lake Storage Gen2 wizard appears.
On the Plan tab of the wizard, select the backup plan that you want to use for the object storage repository, and then click Next.
On the Access Node tab of the wizard, select one or more access nodes or the server group where the Cloud Apps package is installed, and then click Next.
The access nodes must be of similar operating system type.
All servers in the server group must be reachable through network routes.
On the Add object storage tab of the wizard, complete the following steps:
In the Object storage name box, enter a name for the repository.
In the Host URL box, enter the Azure Data Lake Storage Gen2 service account URL.
For example, enter dfs.core.windows.net.
From the Authentication list, select IAM AD application.
Do one of the following:
From the Credentials dialog box, select the credentials that you are going to use, and then click Next.
To add credentials to the Credential Manager, click the plus button (+).
The Add Credential dialog box appears.
Enter the following information:
Credential name: Enter a name for the credentials that you are creating.
Tenant ID: Enter the tenant ID of the Azure AD application.
Application ID: Enter the application ID of the Azure AD application.
Application secret: Enter the application secret of the Azure AD application.
Description: Enter a description for the credentials.
In the Account name box, enter the name of the Azure Data Lake Storage Gen2 service account.
On the Backup Content tab of the wizard, complete the following steps:
Click Add, and do one of the following:
To enter a custom path, click Custom path, and then enter the path for the content.
To browse for content, click Browse, and then select the content.
To exclude some of the content you selected, move the Specify exclusion toggle key to the right, and then add the exclusion.
On the Summary tab of the wizard, review the options, and then click Finish.