Microsoft Azure Storage Setup

Setting up a Storage Bucket

1. Sign in to Microsoft Azure Home.
2. Open the Portal menu, using the Hamburger menu icon.
3. Select Storage Accounts.
4. On the Storage Accounts screen, select Create
5. On the Basic tab, enter the following information:
   • Subscription - Select the subscription for the new storage account.
   • Resource Group - Create a new resource group for this storage account, or select an existing one
   • Storage Account Name - Choose a unique name for the storage account. Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only.
   • Region - Select the appropriate region for the storage account.

6. On the Advanced tab, set Access Tiers to either HOT or COOL, as required. 
7. On the Data Protection tab, to configure data protection options for blob data in your new storage account. These options can also be configured after the storage account is created.
   • In CloudM Archive, the data retention rules can be rewritten using the Data Retention policies.
8. Once  configured these settings, select Review + Create, and then select Create again.
9. The Storage Account will be created. This process can take a couple of minutes to complete.
10. Navigate back to the Storage Accounts screen.
11. Click on the name of the newly created account in the list of Storage Accounts.
12. In the menu, scroll down and select Blob Services > Containers.
13. Now, select the + Container button,
14. In the pop up screen, enter:
    • Name - A unique name for the container
    • Public Access Level - Set to Private
    • Advanced Settings > Encryption Scope - Leave as default.
15. Click on Create.

16. On the same Storage Account page, select the Settings > Access Keys menu option.
17. In the Access Keys page, click on the name of the newly created key and then click again on the current version.
18. Select the Show Keys button at the top of the screen.
19. Copy the value in the Key 1 > Key field. Enter this value later so you should copy into a document or notepad application.

Setup Azure Key Value

1. In the Search bar at the top of the screen, enter Key Vaults and select the Key Vaults option.
2. On the Key Vaults screen, select Create.
3. Under the Basics tab, enter the Subscription, Resource Group and Name.
4. Select Create + Review, and then select Create again,
5. When the Key Vault is being created, you will be taken away from the Key Vaults section so navigate back to Key Vaults using the Search bar.
6. On the Key Vaults screen, select the newly created Key Vault.
7. Select Keys.
8. Select Generate.

9. Click on the newly created key, copy the key identifier without the version info at the end. This is the value for the CloudM Migrate Key Vault URL setting.

10. Navigate to Azure Active Directory -> App Registrations, and select New registration.

11. Fill out the details and select Register.
12. On the App Registration screen, click on the name of the newly registered application.
13. Select API permissions from the menu on the left side of the screen.

14. Select Add a permission and add either of the following:
    • User Read
    • user_impersonation

15. In the menu on the left, select the Certificates & Secrets option. 
16. Select New client secret and copy the Secret ID. This is the value for the CloudM Migrate Azure key vault client secret setting.

17. In the left side menu, select Overview, and copy the Application (client) ID for the CloudM Migrate Azure key vault client ID setting.

18. Return to Home > Key Vault,
19. Ensure that the Permission Model is set to Vault access policy,
20. Select + Add Access Policy,

21. On the Add access policy screen, make sure that the Select principal value is set to the required Application (as set in step 4 and 5),
22. Ensure that the Key Permissions field is set to Get, Decrypt, Encrypt and Unwrap Key.
23. Select Add.