Create an App Profile and Grant Consent

To use backup and restore services for Azure VM, Azure Storage, or Azure SQL, it is necessary to create a delegated app or a custom Azure app with delegated permissions. This app must connect to your tenant and receive consent for the requested permissions.

Before you begin

Creating a delegated profile requires a Microsoft 365 Global Administrator account to consent. However, to re-authorize an app with delegated permission, you can choose to end-user consent. For details, refer to Re-authorize an App Profile.

Procedure

To create the delegated app, complete the following steps:

  1. On the App Management page, click Create on the action bar.
  2. In the Select services step, select IBM® Storage Protect for Cloud Azure VMs, Storage, and Entra ID.
  3. In the Choose setup method step, select Modern mode if you want to consent a delegated app directly. You can also select Custom Mode if you want to manually create and maintain a custom app with delegated permissions in your tenant. For details on creating a custom app with delegated permission for IBM Storage Protect for Cloud Azure VMs, Storage, and Entra ID, refer to Create a Custom Azure App.
  4. Click Next
  5. In the Consent to apps step for a Microsoft tenant, clickConsent next to the IBM Storage Protect for Cloud Azure VMs, Storage, and Entra ID– Delegated App.
  6. On the Microsoft 365 sign-in page, sign in with a Microsoft 365 Global Administrator account.
  7. On the Permissions required page, review the permissions required and click Accept to continue. This delegated app must have the following Microsoft Azure API permissions:
    • Access Azure Service Management as you (Preview) – Allows the application to access Azure Service Management as you.
    • View your basic profile– Allows the app to see your basic profile (name, picture, username).
    • Maintain access to data you have given it access to – Allows the app to see and update the data that you gave access to, even when you are not currently using the app. This does not give the app any additional permissions. For example, for the functioning of IBM Storage Protect for Cloud Azure VMs, Storage, and Entra ID, you also need to add this app to the subscription where the VMs you want to protect are running as Contributor. The Contributor role in subscription allows the app to access and manage resources. This permission allows IBM Storage Protect for Cloud Azure VMs, Storage, and Entra ID to access and manage the resources via this app.
  8. The app profile you created will be displayed on the App Management page, and the IBM Storage Protect for Cloud– Delegated App will be added to your Azure enterprise applications.