The Azure AD application is the connection Commvault Cloud uses to access data in your Azure AD tenant. Use the express configuration option to have Commvault Cloud automatically create the Azure AD application, assign it all permissions required to back up and restore objects to Azure AD, and authorize the application.
Permissions Assigned
The Express configuration wizard creates an application in the Azure AD tenant which is used to back up data from the tenant and restore objects. If you would rather create and configure the Azure AD application yourself, use the custom configuration option. The custom configuration option also allows you to assign the least privileges necessary to the application for backups so that elevated privileges required to restore data are only provided on an as needed basis.
The following permissions are assigned to the application by the Express configuration wizard:
|
Category |
Permission |
Description |
|
AdministrativeUnit |
AdministrativeUnit.ReadWrite.All |
Read and write all administrative units |
|
Application |
Application.ReadWrite.All |
Read and write all applications |
|
AppRoleAssignment |
AppRoleAssignment.ReadWrite.All |
Manage app permission grants and app role assignments |
|
AuditLog |
AuditLog.Read.All |
Read all audit log data |
|
DelegatedPermissionGrant |
DelegatedPermissionGrant.ReadWrite.All |
Manage all delegated permission grants |
|
Device |
Device.ReadWrite.All |
Read and write devices |
|
Directory |
Directory.ReadWrite.All |
Read and write directory data |
|
Directory |
Directory.AccessAsUser.All |
Access directory as the signed in user |
|
Domain |
Domain.ReadWrite.All |
Read and write domains |
|
Group |
Group.ReadWrite.All |
Read and write all groups |
|
Policy |
Policy.Read.All |
Read your organization's policies |
|
Policy |
Policy.ReadWrite.ConditionalAccess |
Read and write your organization's conditional access policies |
|
RoleManagement |
RoleManagement.ReadWrite.Directory |
Read and write all directory RBAC settings |
|
User |
User.ReadWrite.All |
Read and write all users' full profiles |
|
UserAuthenticationMethod |
UserAuthenticationMethod.ReadWrite.All |
Read and write all users' authentication methods |