EnsureDR prerequisites settings in Microsoft Azure
- Portal Azure: Home > Subscription > Overview
- Collect Subscription ID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
- Portal Azure: HOME > Microsoft Entra ID (former Azure Active Directory)
- Collect Tenant ID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
- Portal Azure: HOME > Microsoft Entra ID > App registrations
- Click on “+ New registration” to create new App
- Set application name
- Select “Accounts in this organizational directory only (EnsureDR only - Single tenant)”
- Click Register button
- Save Application (client) ID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) for future usage as Client ID in EnsureDR job settings form
- Portal Azure: HOME > Microsoft Entra ID > App registrations
- Select All applications and search for application name you configured in point 3
- In App setting of selected application click on API permissions
- Click on “+ Add a permission”
- In section Request API permissions
- Click on Azure Rights Management Services
- Select Delegated permissions
- Select user_impersonation (Create and access protected content for users)
- Click on button Add permissions
- Portal Azure: HOME > Microsoft Entra ID > App registrations
- Select All applications and search for application name you configured in point 3
- In App setting of selected application click on Certificates & secrets
- Click on “+ New client secret”
- In section Add a client secret add Description and set the Expire date of the secret
- Click on Add button
- Save the following data in your password manager
- Secret ID
- Value
- This value will be used as Client Secret in EnsureDR job settings form
- Portal Azure: Home > Subscription > Access control (IAM)
- Select Role assignments and click on “+ Add” button
- In drop down menu choose Add role assignment
- In Role section select Privileged administrator roles
- Select Owner from the list
- Click on Next button
- In Members section Click on “+ Select members”
- Search and select application name you configured in point 3
- Click on Select button
- Click Next
- In Conditions section
- Select Delegation type “Not constrained”
- Click on Next button
- In Review + assign section
- Click on Review + assign button
- In Role section select Privileged administrator roles
- In drop down menu choose Add role assignment
Now all prerequisites are configured and data necessary for EnsureDR job are collected.