You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/batch/batch-account-create-portal.md
+13-3Lines changed: 13 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -120,13 +120,13 @@ For detailed steps, see [Assign Azure roles by using the Azure portal](../role-b
120
120
121
121
### Create a key vault
122
122
123
-
User subscription mode requires [Azure Key Vault](/azure/key-vault/general/overview). The key vault must be in the same subscription and region as the Batch account and use a [Vault Access Policy](/azure/key-vault/general/assign-access-policy).
123
+
User subscription mode requires [Azure Key Vault](/azure/key-vault/general/overview). The key vault must be in the same subscription and region as the Batch account.
124
124
125
125
To create a new key vault:
126
126
127
127
1. Search for and select **key vaults** from the Azure Search box, and then select **Create** on the **Key vaults** page.
128
128
1. On the **Create a key vault** page, enter a name for the key vault, and choose an existing resource group or create a new one in the same region as your Batch account.
129
-
1. On the **Access configuration** tab, select **Vault access policy** under **Permission model**.
129
+
1. On the **Access configuration** tab, select either **Azure role-based access control** or **Vault access policy** under **Permission model**, and under **Resource access**, check all 3 checkboxes for **Azure Virtual Machine for deployment**, **Azure Resource Manager for template deployment** and **Azure Disk Encryption for volume encryption**.
130
130
1. Leave the remaining settings at default values, select **Review + create**, and then select **Create**.
131
131
132
132
### Create a Batch account in user subscription mode
@@ -157,8 +157,18 @@ To create a Batch account with authentication mode settings:
157
157
158
158
### Grant access to the key vault manually
159
159
160
-
You can also grant access to the key vault manually.
160
+
You can also grant access to the key vault manually in [Azure portal](https://portal.azure.com).
161
161
162
+
#### If the Key Vault permission model is **Azure role-based access control**:
163
+
1. Select **Access control (IAM)** from the left navigation of the key vault page.
164
+
1. At the top of the **Access control (IAM)** page, select **Add** > **Add role assignment**.
165
+
1. On the **Add role assignment** screen, under **Role** tab, under **Job function roles** sub tab, select either **Key Vault Secrets Officer** or **Key Vault Administrator** role for the Batch account, and then select **Next**.
166
+
1. On the **Members** tab, select **Select members**. On the **Select members** screen, search for and select **Microsoft Azure Batch**, and then select **Select**.
167
+
1. Click the **Review + create** button on the bottom to go to **Review + assign** tab, and click the **Review + create** button on the bottom again.
168
+
169
+
For detailed steps, see [Assign Azure roles by using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
170
+
171
+
#### If the Key Vault permission model is **Vault access policy**:
162
172
1. Select **Access policies** from the left navigation of the key vault page.
163
173
1. On the **Access policies** page, select **Create**.
164
174
1. On the **Create an access policy** screen, select a minimum of **Get**, **List**, **Set**, and **Delete** permissions under **Secret permissions**. For [key vaults with soft-delete enabled](/azure/key-vault/general/soft-delete-overview), also select **Recover**.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments