Getting error "UserErrorKeyVaultPermissionsNotConfigured" while enabling backup on encrypted VM using Azure role-based access control access policy in Key vault

Question

I am getting error below error while enabling the backup on encrypted VM. I am using Azure role-based access control in Keyvault.

"error": {
"code": "UserErrorKeyVaultPermissionsNotConfigured",
"message": "Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines."
}

I have also enabled managed identity on recovery service vault and given custom role to it on keyvault, but still getting the same error. Can anyone help me with the RBAC roles which I can use to fix this issue?

Answer 1

@Sushmita Pandey
Thank you for your post!

Based off your error message Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines, and our Backup and restore encrypted Azure virtual machines documentation, it looks like you have to Provide Permissions to the Azure Backup Service by adding it to the Key Vault Access Policies.

To set permissions:
1.Within the Azure portal, select All services, and search for Key vaults.
2.Select the key vault associated with the encrypted VM you're backing up.
3.Select Access policies > Add Access Policy.

4.Add access policy > Configure from template (optional), select Azure Backup.

• The required permissions are prefilled for Key permissions and Secret permissions. Get, List, and Backup
• If your VM is encrypted using BEK only, remove the selection for Key permissions since you only need permissions for secrets.
  

5.Select Add. Backup Management Service is added to Access policies.

If you're still running into issues, please let me know.
Thank you for your time and patience throughout this issue.

---

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.