Commvault supports Azure authentication using either managed identities or Azure application and a secret to give Commvault access to the resources. Using a managed identity is the securest and simplest way to give Commvault access because they eliminate the need to manage secrets and provide secure, identity-based access.
Supported Authentication Methods for Azure Resources
The supported authentication method depends on the Azure resource type. Use this table to determine whether managed identities are supported for your Azure resources and which type to use.
| Azure resource | Managed identity support | Supported identity type | Notes |
|---|---|---|---|
| Azure virtual machines | Yes | System-assigned, user-assigned | Recommended authentication method |
| Azure disks | Yes | System-assigned, user-assigned | Uses access node identity |
| Azure blob storage | Yes | System-assigned, user-assigned | Requires appropriate RBAC roles |
| Azure file shares | Yes | System-assigned, user-assigned | |
| Azure SQL databases | Yes | System-assigned | User-assigned identities are not supported |
| Azure NetApp Files | Yes | System-assigned | Requires RBAC access to NetApp account and volumes |
| Azure Active Directory (Microsoft Entra ID) | No | Not supported | Use Azure application credentials |
| SharePoint Online (Microsoft 365) | No | Not supported | Use Azure application credentials |
| Office 365 services | No | Not supported | Use Azure application credentials |
| Dynamics 365 | No | Not supported | Use Azure application credentials |
| Azure subscriptions (discovery) | No | Not supported | Use Azure application credentials |
| Other Azure resources | No | Not supported | Use Azure application credentials |
Use Managed Identities
For supported resources, configure a managed identity on your Commvault access nodes to allow secure access to Azure resources.
Managed identities provide the following benefits:
- No need to store or rotate secrets
- Native integration with Azure role-based access control (RBAC)
- Improved security posture for cloud environments
To configure managed identities, see set up managed identities for Azure resources.
Use Azure Application Credentials
Use an Azure application and secret in the following cases:
- The Azure resource does not support managed identities.
- You require cross-tenant access.
- You are protecting Microsoft 365 services such as SharePoint Online or Office 365. For SharePoint, using certificate credentials for authentication is recommended.
- You are protecting business applications such as Dynamics 365
- Your organization restricts managed identity usage
To configure Azure application credentials, see create an Azure app registration.
Technical Reference
- Managed identities authenticate using Microsoft Entra ID and are authorized through RBAC roles.
- System-assigned identities are tied to a single resource lifecycle.
- User-assigned identities can be reused across multiple access nodes.
- Microsoft 365 and Dynamics 365 services use application-based authentication instead of managed identities.
- The required RBAC roles depend on the resource type and operations such as backup and restore.