Welcome to "my-azure"

Simply Stay Ahead !

Azure Key Vault and adding Access Policies via Service Principal name.

To enable the protection on encrypted VMs (encrypted using BEK and KEK), you need to give the Azure Backup service permission to read keys and secrets from key vault.

PS C:\> Set-AzureRmKeyVaultAccessPolicy -VaultName “KeyVaultName” -ResourceGroupName “RGNameOfKeyVault” -PermissionsToKeys backup,get,list -PermissionsToSecrets get,list -ServicePrincipalName 262044b1-e2ce-469f-a196-69ab7ada62d3

PS C:\> $pol=Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name “NewPolicy”

PS C:\> Enable-AzureRmRecoveryServicesBackupProtection -Policy $pol -Name “V2VM” -ResourceGroupName “RGName1”

Note

If you are using the Azure Government cloud, then use the value ff281ffe-705c-4f53-9f37-a40e6f2c68f3 for the parameter -ServicePrincipalName in Set-AzureRmKeyVaultAccessPolicy cmdlet. Aslo you may have to register resouce provider: Microsoft.RecoveryService in order for 1st PS to work correctly. Let get the name of registered and unregistered services.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-supported-services#portal

 

 

 

 

Recent Comments

    Archives

    Schedule

    August 2019
    M T W T F S S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  

    Categories

    Recent Comments

      Archives

      Schedule

      August 2019
      M T W T F S S
      « Jun    
       1234
      567891011
      12131415161718
      19202122232425
      262728293031  

      Categories

      Kirit Parmar (Azure Solutions Architect – Microsoft IAM)

      • United States

      Categories

      Copyright © 2019 Welcome to "my-azure"