Products: Managed Backup (Agent), Managed Backup (Web)
Article ID: m0222Last Modified: 28-Sep-2024

Get Started with Microsoft Azure

To start using Managed Backup Service with Microsoft Azure, perform the following steps:

  1. Prepare a Microsoft Entra ID account and grant the required permissions
  2. Use the Microsoft Entra ID Account to create Managed Backup Service administrator
  3. Add a new or existing Azure storage account
  4. Specify AD credentials for the Azure storage account (in case these credentials are not detected automatically) and manage the Lifecycle Rule Settings.

Prepare Microsoft Entra ID Account

To start using Managed Backup Service with Microsoft Azure, you need an Microsoft Entra ID user account.

  1. Go to the Azure Portal.
  2. Click on Microsoft Entra ID.

  1. Click on Users
  2. You can either create an entirely new user account or use the User principal name of an existing account to create an administrator account in Management Console and then log in to Management Console with your Microsoft credentials.

Create New User on Azure Portal

  1. Go to the Azure Portal.
  2. Click on Microsoft Entra ID.

  1. Click on Users
  2. Click + New user and select one of the available options. This article describes the Create New User option.

  1. Enter the required information and click Review + create.

  1. Check the provided information and click Create.

  1. When the created user appears in the user list, copy the User principal name of this user. You will need this data to create an administrator account in the Management Console.

Grant Required Permissions

To use the Azure storage account and manage the Lifecycle Rules Settings for it, you should grant the newly created user account or an existing account with Owner or Contributor permission to manage your Azure subscription:

  • Owner. Users assigned the Owner role have full access to all resources and can manage policies, including creating, editing, and assigning policies.
  • Contributor. Users assigned the Contributor role can create and manage all types of Azure resources, including Azure Policy definitions and assignments.

To grant the permission to manage your Azure subscription, perform the following steps:

  1. Go to the Azure Portal.
  2. Enter Subscriptions in the top search box to access your subscriptions.

  1. Click on the required subscription name
  2. Click on Access control (IAM) to assign a role to the selected or created account.

  1. On the Role Assignment tab, click + Create.

  1. On the Role tab, select Owner or Contributor role. Search for these roles on Privileged Administrator Roles.

  1. In this example the Contributor role is selected. On the Members tab, select User, group and service principal radio button, and click + Select members to assign this role to the selected or created account.

  1. Review and assign the role.

  1. Once you can see the assigned role on Access control (IAM), you are ready to add the selected or created account as an administrator to the Managed Backup Service Management Console.

Create Administrator

To create a new administrator in the Managed Backup Service Management Console, perform the following:

  1. In the Organization menu, select Administrators.
  2. Click +.

  1. Specify the administrator's personal information.
  2. Specify the administrator's email address. You should use the User principal name of the Microsoft Entra ID account created or selected in the previous step as the administrator's email address.

You should use the User principal name only to create the administrator. All other email addresses associated with the Microsoft Entra ID user will not work for this purpose.

  1. Select the administrator account type. The following types are available:
    • Internal. Select this type if you are granting this account to anyone inside your company
    • External. Select this type if you are granting this account to any of your customers. No permission restrictions apply to this account type
  2. Specify the password for the administrator or generate it automatically.
  3. Select the Enabled check box to enable the new administrator immediately.
  4. To provide the administrator with initial guidelines, select the Send email with instruction check box.
  5. Switch to the Permissions tab. By default, no permissions are granted.
  6. Specify the permissions for the new administrator. You should grant the permission required to create and manage the Azure storage account if you plan to add it for backup purposes:
Permission Description Comment
Manage Storage Accounts Administrators granted this permission are allowed to create and manage storage accounts. To learn more, refer to the Storage Accounts chapter This permission is mandatory
  1. Once you are done, click Create.

To log into Management Console using your Microsoft Entra ID (formerly Azure AD) credentials, click the Microsoft icon below the login and password fields and proceed with Microsoft Authentication using your Microsoft Entra ID account credentials.

As a result, the administrator will be able to add existing Azure storage account for Managed Backup service usage. In case you do not have an Azure storage account, create it as described below.

Create Azure Storage Account

To create a storage account, proceed as follows:

  1. In the Azure Management Portal, click Storage accounts in the left sidebar.

  1. You will be redirected to the Storage Accounts grid. You can select here the storage account to use for the backup purposes or create a new one by clicking + Create.

  1. Provide required information and click Review + Create.

  1. Check provided information and click Create.

To add this storage account to Managed Backup Service, retrieve the access keys, as described below.

Retrieve Access Keys

To start working with Managed Backup Service you need to generate Azure access keys for the Azure storage account you are planning to use for backup purposes.

  1. In the Azure Management Portal, click Storage accounts in the left sidebar.

  1. Click the name of the storage account you are planning to use for backup purposes.

  1. Expand Security + networking and click on Access Keys. Here you can generate keys or use the default ones.

Write down the storage account information somewhere; you will need it in the Managed Backup Service Management Console to add the Azure Storage Account.

Add Azure Storage Account to Managed Backup Service

  1. Open the Management Console.
  2. Open Backup > Storage Accounts.
  3. Click Add Account to open the Add Cloud Storage wizard.

  1. Select Microsoft Azure.

  1. Click Next.
  2. Specify the retrieved credentials to access the storage account.

If you want to create a new storage destination, click Sign Up for Microsoft Azure

  1. Click Next.
  2. Specify the container. In the Display Name field, specify the container name which will be displayed, then select whether you use an existing container or create a new one:
    • Select the Create New option to create a new container
    • Select the Select Existing option to use the existing container, then select it in the drop-down list.

  1. Click Next.
  2. Select the companies or users to assign to the storage account.

Note that it may take a while to assign companies and users to the storage account

  1. Click Next.
  2. View the storage account summary, then click Save.

Refer to Manage Storage Accounts for more information on how to manage the added Azure storage account.

  1. Note, the Lifecycle Rules Settings are not configured for the Azure Storage account.

To manage Lifecycle Rules Settings for the Azure storage account refer to the Azure Lifecycle Policies article.

There are some required actions needed to manage the Lifecycle Rules Settings. You cannot perform some operations with the added backup storage unless these actions are performed.

.

https://git.cloudberrylab.com/egor.m/doc-help-mbs.git