You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/backup-windows-with-mars-agent.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -126,7 +126,7 @@ To run an on-demand backup, follow these steps:
126
126
127
127
[](./media/backup-configure-vault/backup-now.png#lightbox)
128
128
129
-
1. If the MARS agent version is *2.0.9269.0 or newer*, select a *subset of the volumes backed up periodically* for on-demand backup. Only the files/folders configured for periodic backup can be backed up on demand.
129
+
1. If the MARS agent version is *2.0.9254.0 or newer*, select a *subset of the volumes backed up periodically* for on-demand backup. Only the files/folders configured for periodic backup can be backed up on demand.
130
130
131
131
:::image type="content" source="./media/backup-configure-vault/select-subset-of-volumes-backed-up-periodically-for-mars-on-demand-backup.png" alt-text="Screenshot shows how to select a subset of volumes backed up periodically for on-demand backup.":::
Copy file name to clipboardExpand all lines: articles/backup/install-mars-agent.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -126,7 +126,7 @@ If you've already installed the agent on any machines, ensure you're running the
126
126
* Save the passphrase in a secure location. You need it to restore a backup.
127
127
* If you lose or forget the passphrase, Microsoft can't help you recover the backup data.
128
128
129
-
The MARS agent can automatically save the passphrase securely to Azure Key Vault. So, we recommend you create a Key Vault and grant permissions to your Recovery Services vault to save the passphrase to the Key Vault before registering your first MARS agent to the vault.
129
+
The MARS agent can automatically save the passphrase securely to Azure Key Vault. So, we recommend you create a Key Vault and grant permissions to your Recovery Services vault to save the passphrase to the Key Vault before registering your first MARS agent to the vault.[Learn more](save-backup-passphrase-securely-in-azure-key-vault.md).
130
130
131
131
After granting the required permissions, you can save the passphrase to the Key Vault by copying the *Key Vault URI* from the Azure portal and to the Register Server Wizard.
Copy file name to clipboardExpand all lines: articles/backup/save-backup-passphrase-securely-in-azure-key-vault.md
+7-9Lines changed: 7 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,10 +23,10 @@ Now, you can save your encryption passphrase securely in Azure Key Vault as a Se
23
23
## Before you start
24
24
25
25
-[Create a Recovery Services vault](backup-create-recovery-services-vault.md) in case you don't have one.
26
-
- You should use a single Azure Key Vault to store all your passphrases. [create a Key Vault](../key-vault/general/quick-create-portal.md) in case you don't have one.
27
-
- Azure Key Vault pricing is applicable when you create a new Azure Key Vault to store your passphrase.
26
+
- You should use a single Azure Key Vault to store all your passphrases. [Create a Key Vault](../key-vault/general/quick-create-portal.md) in case you don't have one.
27
+
-[Azure Key Vault pricing](https://azure.microsoft.com/pricing/details/key-vault/) is applicable when you create a new Azure Key Vault to store your passphrase.
28
28
- After you create the Key Vault, to protect against accidental or malicious deletion of passphrase, [ensure that soft-delete and purge protection is turned on](../key-vault/general/soft-delete-overview.md).
29
-
- This feature is supported only in Azure public regions with MARS agent version *9269* or above.
29
+
- This feature is supported only in Azure public regions with MARS agent version *2.0.9254.0* or above.
30
30
31
31
## Configure the Recovery Services vault to store passphrase to Azure Key Vault
32
32
@@ -105,7 +105,7 @@ Type : SystemAssigned
105
105
106
106
### Assign permissions to save the passphrase in Azure Key Vault
107
107
108
-
Now, you need to assign permissions to the Recovery Services vault to save the passphrase as a Secret in Azure Key Vault. This is done by allowing the Recovery Services vault's managed identity to access the Key Vault.
108
+
You need to follow the of the following sections based on the Key Vault permission model (either role-based access permissions or access policy-based permission model) configured for Key Vault.
109
109
110
110
#### Enable permissions using role-based access permission model for Key Vault
111
111
@@ -119,9 +119,9 @@ To assign the permissions, follow these steps:
119
119
120
120
2. Select **Access control (IAM)** > **+Add** to add role assignment.
121
121
122
-
3. The Recovery Services vault identity required the **Set permission on Secret** to create and add the passphrase as a Secret to the Key Vault.
122
+
3. The Recovery Services vault identity requires the **Set permission on Secret** to create and add the passphrase as a Secret to the Key Vault.
123
123
124
-
You can select a *built-in role* such as **Key Vault Secrets Officer** that has the permission (along with other permissions not required for this feature) or create a custom role with only Set permission on Secret.
124
+
You can select a *built-in role* such as **Key Vault Secrets Officer** that has the permission (along with other permissions not required for this feature) or [create a custom role](../key-vault/general/rbac-guide.md?tabs=azurepowershell#creating-custom-roles) with only Set permission on Secret.
125
125
126
126
Select **Details** to view the permissions granted by the role and ensure Set permission on Secret is available.
127
127
@@ -199,8 +199,6 @@ Follow these steps:
199
199
200
200
:::image type="content" source="./media/save-backup-passphrase-securely-in-azure-key-vault/check-access-policies.png" alt-text="Screenshot shows how to verify the access present.":::
201
201
202
-
>[!Note]
203
-
>If your organization uses Azure RBAC and not access policy for Key Vault, instead of using *Principal ID* and *access policy*, use [Azure role-based access control](../role-based-access-control/overview.md?WT.mc_id=Portal-Microsoft_Azure_KeyVault). Ensure that the role chosen has *Set permission for Secrets* on the Azure Key Vault.
204
202
205
203
# [PowerShell](#tab/powershell)
206
204
@@ -337,7 +335,7 @@ You can automate this process by using the new KeyVaultUri option in `Set-OBMach
337
335
338
336
## Save passphrase to Azure Key Vault for an existing MARS installation
339
337
340
-
If you have an existing MARS agent installation and want to save your passphrase to Azure Key Vault, [update your agent](upgrade-mars-agent.md) to version 9269 or greater and perform a change passphrase operation.
338
+
If you have an existing MARS agent installation and want to save your passphrase to Azure Key Vault, [update your agent](upgrade-mars-agent.md) to version *2.0.9254.0* or above and perform a change passphrase operation.
341
339
342
340
After updating your MARS agent, ensure that you have [configured the Recovery Services vault to store passphrase to Azure Key Vault](#configure-the-recovery-services-vault-to-store-passphrase-to-azure-key-vault) and you have successfully:
0 commit comments