Enable the Backup for Azure Virtual Machines, Azure Storage, and Azure SQL

Before you enable the backup service for Azure VM, Azure Storage, or Azure SQL, go to IBM® Storage Protect for Cloud to configure an app profile to register an app for Microsoft Delegate purposes. You can choose to register a delegated app or use a custom Azure app with the required Delegated permissions. After registering the app to your tenant, the owner of each subscription where the VMs or storages to protect are running must add the IBM Storage Protect for Cloud - Delegated App with Contributor role to the subscription.

Before you begin

Note that if you have concerns about granting this app the Contributor role, you can create a custom role for this app. For details, refer to Add a Custom Role Using Azure Portal, CLI, or PowerShell.

Procedure

Complete the following steps:

  1. Go to Management > App Management in the IBM Storage Protect for Cloud interface to create an app profile for Microsoft Delegate. For details, refer to Create an App Profile and Grant the Consent.
  2. Add this app to all the subscriptions where the VMs, storages, or databases that you want to protect are running and grant this app the Contributor role. For details, refer to Add to Subscription and Grant Contributor Role. This guide introduces only the steps of adding a role to a subscription through the Microsoft Azure Portal.
    Note: The user to add the app to the subscription and grant it the Contributor role must be the subscription owner or the User access administrator of your tenant, and if your tenant has new subscriptions to protect after the initialization, you must follow the same steps to add this app as Contributor as well.

    If you are going to protect Azure storage or use your own storage device to store the backup data, read the instructions in Allow IBM Storage Protect for Cloud Agent Servers to Access Your Storage Account section carefully and complete the settings upon your need.

    If the storage account has disabled the “Allow storage account key access” feature, the app must also have the Storage Blob Data Contributor role to the subscription or storage account, in addition to the Contributor role. Additionally, in this case, only the Azure Blob Storage is supported; the Azure File Storage is not supported.

    If you want to protect databases with the Azure SQL backup service, read the instructions in Grant a SQL Server Admin Role.

  3. After you completed all the settings above, go to the Home page of IBM Storage Protect for Cloud Azure VMs, Storage, and Entra ID, and then configure backup scopes for Azure Virtual Machine, Azure Storage, or Azure SQL. Note that before you start creating a backup scope, you can click the Refresh (Button: The Refresh button.) button in the upper-right corner of the service page to retrieve the latest status for the data to protect. The Last refreshed time is displayed next to the Refresh (Button: The Refresh button.) button.
    For details on configuring the backup scope, refer to: