Adding an Azure service principal

To allow your custom service principal to perform all operations on an Azure target, you must first add the service principal to R‑Cloud, and then specify it when setting up the target. For instructions on how to specify an Azure service principal when setting up an Azure target, see Setting up an Azure target.

If you plan to use the HMSP, skip the procedure that is described in this topic. For details on the HMSP, see Adding an Azure resource group.

Prerequisites

  • You must create a service principal in Azure.

  • The following permissions must be created and assigned to the Azure service principal:

    • Actions:

      • Microsoft.Storage/storageAccounts/blobServices/containers/*

      • Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action

      • Microsoft.Storage/storageAccounts/read

      • Microsoft.Storage/storageAccounts/write

      • Microsoft.Storage/storageAccounts/blobServices/read

      • Microsoft.Storage/storageAccounts/blobServices/write

      • Microsoft.Storage/storageAccounts/managementPolicies/read

    • Data actions:

      • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write

      • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read

      • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*

    As an alternative to assigning the necessary permissions to the Azure service principal manually, you can click Grant Consent when setting up an Azure target. By doing so, a role with the necessary permissions is automatically assigned to your service principal. For instructions, see Setting up an Azure target.

Procedure

  1. In the Cloud Accounts dialog box, click New New.

  2. Select Add Azure Service Principal, and then click Next.

  3. In the Name field, enter a name for your service principal.

  4. From the Protection Set drop-down menu, select the protection set to which you want to add your service principal.

  5. In the Tenant ID field, enter your tenant ID.

  6. In the Application ID field, enter the ID of the service principal.

  7. In the Client Secret field, enter the client secret value.

  8. Click Save.

The service principal is added to the list of cloud accounts in R‑Cloud.

You can at any time edit any of the service principals (click Edit Edit and make the required modifications) or delete the ones that you do not need anymore (click Delete Delete). Keep in mind that deleting the service principal from R‑Cloud does not remove it from Azure.