How to switch Forest Recovery from a connection account to an Entra application account

Overview

When you let Cayosoft Guardian create the Entra application, an Entra ID Global Administrator must grant consent to the required Microsoft Graph API permissions. Alternatively, you can re-add the subscription using a service principal that you pre-create yourself; this method does not require Global Administrator. For both options, see Cloud Services.

Use this procedure to switch Forest Recovery from a legacy connection account to an Entra application account.
An Entra ID Global Administrator must grant consent to the required Microsoft Graph API permissions for Entra application accounts. Learn more: Connection accounts in Cayosoft Guardian.

Procedure

You can migrate your Azure subscription in Cayosoft Guardian from a user account to an Entra application account by re-adding the subscription in the Cloud Services node.

1. Open the Cloud Services node in Cayosoft Guardian.
2. Add the existing Azure subscription again, this time using the Entra application account method. You can add the subscription using a Cayosoft Guardian-created Entra application or a customer-provided application account (Client ID with a Client secret or certificate). See Cloud Services for both methods.
3. After adding the subscription, verify that the Entra application account is set as the active credential for that subscription.
   For more information, see: Cloud Services.

Backup locations associated with the subscription are automatically updated to use the Entra application account for access.

• If needed, add a new backup location.
• Before running an AD Backup plan or AD Forest Recovery plan, ensure that the correct subscription is selected for each plan.