AvePoint Docs
Graph API
My support tickets
Graph API
My support tickets
English

Home > Get Started > Enable Infrastructure Resilience > Enable Microsoft Azure Resilience

Export to PDF

Enable Microsoft Azure Resilience

To enable Microsoft Azure resilience, complete the following steps:

  1. Go to Management > App management > App profile managementtab in the AvePoint Online Services interface to create a Cloud Cyber Recovery app profile. For details, refer to Create an App Profile and Grant Consent. For the permissions required by the app, refer to Default Permissions Granted to the Service App.

    *Note: To protect your Azure Kubernetes clusters:

    • If the authentication and authorization of the cluster is Microsoft Entra ID authentication with Kubernetes RBAC, the app must be added to the group with admin access within the cluster.

    • If the authentication and authorization of the cluster is Microsoft Entra ID authentication with Azure RBAC, the app must have the Azure Kubernetes Service RBAC Cluster Admin role assigned.

  2. Add this app to all the subscriptions where the Kubernetes services, SQL databases, storage accounts, and VMs to protect are running and grant this app the Contributor role. For details, refer to Add to Subscription and Grant Contributor Role. This guide will only introduce the steps of adding a role to a subscription through the Microsoft Azure Portal.

    Note the following:

    • The user to add the app to the subscription and grant it the Contributor role must be the subscription owner or the User access administrator of your tenant, and if your tenant has new subscriptions to protect after the initialization, you must follow the same steps to add this app as Contributor as well.

    • To protect encrypted MySQL flexible servers, PostgreSQL flexible servers, Virtual machines, and Virtual machine scale sets, the app needs to have the Key Vault Crypto User role granted**.**

  3. If you have set the authorized IP range in Azure Kubernetes Services (AKS), to ensure the protection of Kubernetes Service resources, add Cloud Cyber Recovery’s reserved IP address to the range. For more details on authorized IP range, refer to this . For details on downloading the reserved IP address, refer to .

  4. After you have completed all the settings above, go to Cloud Cyber Recovery > Infrastructure resilience and create resilience policies. After defining the protection scope and replication schedule in a policy, you can test or run actual failover jobs when required. Note that you can click the Refresh button in the upper-right corner of the service page to retrieve the latest status for the data to protect.

    For details on creating a resilience policy and operating failover, refer to Infrastructure Resilience.

Create an App Profile and Grant Consent

To enable infrastructure resilience for Microsoft Azure services and resources, you must create an app to connect to your tenant and grant consent for the permissions that this app requests.

Creating an app profile requires a Microsoft 365 Global Administrator account to consent.

Follow the steps below to create the app:

  1. On the Management > App management page in AvePoint Online Services, go to the App profile management tab and click Create on the action bar.

  2. In the Select services step, select Cloud Cyber Recovery (Preview).

    ![Select Cloud Cyber Recovery.]

  3. In the Choose setup method step, select Modern mode and click Next.

  4. In the Consent to apps step, click Consent next to the app.

  5. On the Microsoft 365 sign-in page, sign in with a Microsoft 365 Global Administrator account.

  6. On the Permissions required page, review the permissions required and click Accept to continue.

  7. The app profile you created will be displayed on the App management page, and the AvePoint Online Services – Delegated App will be added to your Azure enterprise applications.

Default Permissions Granted to the Service App

The following API permissions will be automatically added to the Cloud Cyber Recovery service app with consent from your Global administrator account.

APIPermissionTypeWhy You Need
Azure Resource ManagerUser_impersonationDelegatedAllows the application to access Azure Resource Manager and act as users in the organization.
Microsoft GraphUser.Read.AllDelegatedAllows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.

Add to Subscription and Grant Roles

After finishing the app profile creation in AvePoint Online Services, go to the Azure portal > Subscriptions. Follow the steps below to add the Cloud Cyber Recovery app to each subscription where the VMs, databases, storage accounts, and Kubernetes clusters you want to protect belongs to.

*Note: The user to add this app to the subscription and grant it the Contributor role must be the Owner of the subscription or the User access administrator of your tenant.

  1. On the Subscriptions page, find the list of subscriptions. You can filter the subscriptions in the list or search for subscriptions via keywords.

  2. Click a subscription.

  3. Click Access control (IAM) on the left pane.

    Click Access control (IAM) on the left pane.

  4. On the Access control (IAM) page, click Add on the action bar and select Add role assignment from the drop-down list.

  5. In the Add role assignment pane, go to the Privileged administrator roles tab, click Contributor or Key Vault Crypto User from the Role tab, and then click Next.

  6. In the Members list, find the Members field, and click Select members.

  7. In the Select members pane, enter a keyword in the Select box to search for the Cloud Cyber Recovery app. Click the app to add it to the Selected members field and click the Select button.

    Select member.

  8. Click the Review + assign button to review the role assignment and click this button again to add this app as Contributor for your subscription.