KB50016 - EnsureDR prerequisites settings in Microsoft Azure

Home > Knowledge Base Article List > KB50016 - EnsureDR prerequisites settings in Microsoft Azure

EnsureDR prerequisites settings in Microsoft Azure

 

  1. Portal Azure: Home > Subscription > Overview
  • Collect Subscription ID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

 

  1. Portal Azure: HOME > Microsoft Entra ID (former Azure Active Directory)
  • Collect Tenant ID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

 

  1. Portal Azure: HOME > Microsoft Entra ID > App registrations
  • Click on “+ New registration” to create new App
    • Set application name
    • Select “Accounts in this organizational directory only (EnsureDR only - Single tenant)”
    • Click Register button
    • Save Application (client) ID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) for future usage as Client ID in EnsureDR job settings form

 

  1. Portal Azure: HOME > Microsoft Entra ID > App registrations
  • Select All applications and search for application name you configured in point 3
  • In App setting of selected application click on API permissions
  • Click on “+ Add a permission”
    • In section Request API permissions
    • Click on Azure Rights Management Services
    • Select Delegated permissions
    • Select user_impersonation (Create and access protected content for users)
    • Click on button Add permissions

 

  1. Portal Azure: HOME > Microsoft Entra ID > App registrations
  • Select All applications and search for application name you configured in point 3
  • In App setting of selected application click on Certificates & secrets
  • Click on “+ New client secret”
    • In section Add a client secret add Description and set the Expire date of the secret
    • Click on Add button
  • Save the following data in your password manager
    • Secret ID
    • Value
      • This value will be used as Client Secret in EnsureDR job settings form

 

  1. Portal Azure: Home > Subscription > Access control (IAM)
  • Select Role assignments and click on “+ Add” button
    • In drop down menu choose Add role assignment
      • In Role section select Privileged administrator roles
        • Select Owner from the list
        • Click on Next button
      • In Members section Click on “+ Select members”
        • Search and select application name you configured in point 3
        • Click on Select button
        • Click Next
      • In Conditions section
        • Select Delegation type “Not constrained
        • Click on Next button
      • In Review + assign section
        • Click on Review + assign button

 

Now all prerequisites are configured and data necessary for EnsureDR job are collected.

Updated:

Other Articles