Enabling Managed Identities and Setting Mandatory Permissions in Azure

Azure Managed Identities enables security best practices by allowing you to grant unique security credentials to users, groups and resources. Managed Identities is secure by default; users have no access to Azure resources until permissions are explicitly granted.

For installation of the ZCA to succeed in Azure, Manged Identities on the VM running the ZCA must be enabled and the permission level must be set to Contributor, or greater, at the Subscription level.

!

Important:   

When adding or deleting role assignments, it can take up to 30 minutes for changes to take effect. The following error message will appear: “The ZCA was not assigned a role.”

For further details, see https://docs.microsoft.com/en-us/azure/role-based-access-control/troubleshooting#rbac-changes-are-not-being-detected.

To enable Managed Identities on the ZCA VM:

1. In the Azure Portal, navigate to Virtual Machines.

2. If you already have a VM with ZCA, proceed with Step 4.
3. If you do not have a VM with ZCA, see Deploy Zerto Cloud Appliance from Azure Marketplace Portal.
4. In the list of available VMs, select the VM that will be used to install the ZCA.
5. In the Settings area of the VM you selected, click Identity.

6. In the System assigned tab, change Status from Off to On.

7. Click Save.

Managed Identities is now enabled on the VM. A role can be assigned to this VM.

To set the role on the ZCA VM:

 
1. Navigate to All Services and click Subscriptions.

2. Select the Subscription to which the ZCA is associated.
3. Click Access control (IAM).

4. In the Add a role assignment area, click Add.

The Add role assignment window appears.

5. In the Add role assignment window, configure the following:
Role:Contributor
Assign access to:Virtual Machine
Subscription:The subscription to which the ZCA is associated
Select:Click to move the ZCA VM to the Selected members area.

6. Click Save.
7. Now proceed to install or upgrade the ZVM for Azure environments.