Use the Express Configuration to Add Azure Apps

The Azure AD application is the connection Commvault Cloud uses to access data in your Azure AD tenant. The express configuration uses Commvault Cloud hosted multi-tenant apps. These apps use Federated Identity Credentials (FIC) based authentication mechanism which do not need app secrets or certificates.

These multi-tenant apps provide a better security posture and is the recommended authentication method from Microsoft.

Procedure

1. From the Command Center navigation pane, go to Protect > Active Directory..

   The Overview page appears.

2. On the Apps tab, in the upper-right area of the page, click Add, and then click Azure AD.

   The Create Azure AD App page appears.

3. From the Storage region list, select the storage region where the company is located..

4. Click Next.

   The Application page appears.

5. In the Name box, enter the app name.

6. Select the Express configuration (Recommended) option.

7. Click Sign in with Microsoft.

   You may be prompted to sign into the Azure AD tenant at this stage. The account you sign in with requires permissions to create Applications. A Global Administrator account has these permissions.

8. On the Application page, click Create to finalize the creation of the app.

   The Create Azure App dialog box appears displaying the progress of operations.

   A Microsoft window displays all the permissions that are required by the Azure app. These are itemized in the next section.

   If the pop-up blocker prevents the Microsoft window from opening, allow access to the Microsoft window.

9. At the bottom of the Microsoft window, click Accept.

   You are redirected to the configuration wizard.

10. In the Create Azure App dialog box, click Close, and then click Next.

    The Summary page appears.

11. Click Close.

Permissions Assigned

The Express configuration wizard creates an application in the Azure AD tenant which is used to back up data from the tenant and restore objects. If you would rather create and configure the Azure AD application yourself, use the custom configuration option. The custom configuration option also allows you to assign the least privileges necessary to the application for backups so that elevated privileges required to restore data are only provided on an as needed basis.

For information on the permissions assigned to the application by the Express configuration wizard, see Permissions required for configuring Azure AD.

Re-authorize the Azure app

If support for additional objects has been added since the Azure App was created using Express Configuration, new permissions required to protect those objects will not be automatically added. To ensure the Azure App has the necessary permissions to protect all objects supported by Commvault, re-authorize the App:

1. From the Command Center navigation pane, go to Protect > Active Directory..

   The Overview page appears.

2. On the Apps tab, select the Azure AD tenant.

   The Overview page for the Azure AD tenant appears.

3. On the Configuration tab, under Azure AD connection settings, select Authorize app from the list of actions next to the Azure AD app.

   The Authorize app dialog appears.

4. Click Proceed to re-authorize the app.

You may be prompted to sign into the Azure AD tenant at this stage. The account you sign in with requires permissions to create Applications. A Global Administrator account has these permissions.