Operational Defect Database

BugZero found this defect 447 days ago.

Veeam | kb4406

How to Restrict Which Azure Subscriptions Are Accessible to an Azure Compute Account

Last update date:


Affected products:

Veeam Backup & Replication

Affected releases:


Fixed releases:

No fixed releases provided.



This article documents how to restrict which subscriptions will be accessible to an Azure Compute account used by Veeam Backup & Replication.

Use Case

By default, IAM roles are assigned to a newly created Microsoft Entra ID application on all subscriptions visible to the Microsoft Entra ID user logged in on the device log in page. Some customers may wish to restrict this and would otherwise have to remove role assignments from other subscriptions manually. In some cases, access to more subscriptions than is strictly necessary could cause delays when adding the Azure Compute account.


Create the following registry value on the Veeam Backup Server, replacing <SubscriptionIDs> with a list of Azure Subscriptions IDs that should be used by Veeam Backup & Replication when adding an Azure Compute account. Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\ Value Name: AzureSubscriptionIdsToInclude Value Type: Multi-String Value (REG_MULTI_SZ) Value Data: <SubscriptionIDs> Each Subscription ID should be on its own line. Example:

Additional Resources / Links


BugZero® Risk Score

What's this?

Coming soon




Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Have you ever...

had your data corrupted from a