Operational Defect Database
BugZero found this defect 476 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4406
How to Restrict Which Azure Subscriptions Are Accessible to an Azure Compute Account
Last update date:
12/6/2023
Affected products:
Veeam Backup & Replication
Affected releases:
12
Fixed releases:
No fixed releases provided.
Description:
Purpose
This article documents how to restrict which subscriptions will be accessible to an Azure Compute account used by Veeam Backup & Replication.
Use Case
By default, IAM roles are assigned to a newly created Microsoft Entra ID application on all subscriptions visible to the Microsoft Entra ID user logged in on the device log in page. Some customers may wish to restrict this and would otherwise have to remove role assignments from other subscriptions manually. In some cases, access to more subscriptions than is strictly necessary could cause delays when adding the Azure Compute account.
Solution
Create the following registry value on the Veeam Backup Server, replacing <SubscriptionIDs> with a list of Azure Subscriptions IDs that should be used by Veeam Backup & Replication when adding an Azure Compute account. Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\ Value Name: AzureSubscriptionIdsToInclude Value Type: Multi-String Value (REG_MULTI_SZ) Value Data: <SubscriptionIDs> Each Subscription ID should be on its own line. Example:
