Error message "Backup Service does not have authorization to access resources in your subscription"
Unfortunately something happened in Azure, because this error message was completely unknown for Azure Technical support team. Keep investigating what is the root cause and how to solve it.
Error message:
Root cause: The Backup Management Service does not have the proper permission to access to KeyVault which stores the bitlocker encryption keys.
Affected machines: All virtual machines which are encrypted with integrated Azure Bitlocker. The non-encrypted virtual machines are not affected.
Solution: Must create a new role definition including the proper permission. Add the Backup Management Service to KeyVault and assign this new role.
Steps:
- Create a new Role definition based on a previously created own role (just to not add the subscription again):
$role = Get-AzureRmRoleDefinition -Name "IaaS Team" $role.actions.Clear() $role.NotActions.Clear() $role.Id = $null $role.Name = "Backup Service KeyVault Access" $role.Description = "Backup Management Service access to KeyVault deploy action, otherwise restore function will not work properly" $role.Actions.Add("Microsoft.KeyVault/vaults/deploy/action") New-AzureRmRoleDefinition -Role $role - Add this role to your KeyVault service's Access control management (IAM):
- Save all changes, and try the restore again.