Add Roles to Microsoft Azure User Account
Cohesity DataProtect as a Service accesses your Microsoft Azure domain with a user account to back up your Azure data. You can either add these roles to an existing user account or create a new user account with these roles.
-
To create an app registration:
You must have an Entra ID (tenant-level) role - Global Administrator or Privileged Role Administrator.
-
To create and assign roles within a subscription:
You must have a subscription-scoped role, such as an Owner or Custom Role, with minimum permissions defined.
Required Permissions
| Resource Provider | Operation Name |
|---|---|
| Microsoft.Authorization |
Microsoft.Authorization/roleAssignments/read Microsoft.Authorization/roleAssignments/delete Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleDefinitions/read Microsoft.Authorization/roleDefinitions/write Microsoft.Authorization/roleDefinitions/delete |
