I am met with the following error details when investigating why an Azure encrypted VM backup failed, but the link provided with the error (https://docs.microsoft.com/en-in/azure/backup/backup-azure-vms-encryption) doesn't resolve my question: exactly which permissions should I grant? All it says is that "The required permissions are prefilled for Key permissions and Secret permissions." Well, that's not a lot of help! I had those permissions already set as default I thought, because I do have lots of backups/snapshots; obviously backups have been working in the past. If I am missing some permission now, is it a Key permission, or a Secret permission? It's not clear! I do see I have the following set up right now:
Key permissions:
Key Management Operations
Get (checked)
List (checked)
- Update
- Create
- Import
- Delete
- Recover
- Backup (checked)
- Restore
Cryptographic Operations:
Decrypt
Encrypt
Unwrap Key
Wrap Key
Verify
Sign
Privileged Key Operations
- Purge
Secret permissions:
Secret Management Operations
Get (checked)
List (checked)
Set
Delete
Recover
Backup
Restore
Privileged Secret Operations
- Purge
Certificate permissions:
Certificate Management Operations
Get
List
- Update
- Create
- Import
- Delete
- Recover
- Backup
- Restore
- Manage Contacts
- Manage Certificate Authorities
- Get Certificate Authorities
- List Certificate Authorities
- Set Certificate Authorities
- Delete Certificate Authorities
Privileged Certificate Operations
- Purge
Below is the error I see for my backup:
Error Code
UserErrorKeyVaultPermissionsNotConfigured
Error Message
Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines.
Recommended Action
Please grant the required permissions to the Azure Backup Service. Refer https://azure.microsoft.com/en-in/documentation/articles/backup-azure-vms-encryption/
Related Links
https://azure.microsoft.com/en-in/documentation/articles/backup-azure-vms-encryption
