📝NOTE: The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact support. |
To discover and back up workspaces in the Druva console, you must complete specific configurations in your Microsoft Azure and Power BI environments. These steps enable the Druva Service Principal to access the required APIs.
Step 1: Create/update Azure Security Group
Objective: Create a standard Security Group in Azure to house the Druva service principal.
Access Azure: Log in to the Azure Portal.
Create Security Group: Navigate to Entra ID > Groups > New group.
Group type: Select Security.
Group name: Assign a descriptive name (e.g., Power BI Service Principle).
Group Description: Provide a description for this group.
Add Druva Application Member:
Open the newly created group and select Members > Add members.
Search Criteria: Search for the application name
Druva Powerplatform.Action: Select the application and click Select to add it to the group.
Summary: You have created a container (Security Group) and added the Druva service principal (Druva powerplatform app) as a member to enable identity-based permissions.
Step 2: Authorize Power BI Admin and Fabric Public APIs
Objective: Grant the Security Group created in Part 1 permission to access Power BI Admin read-only APIs.
Access Admin Settings: Log in to the Power BI Admin Portal.
Locate API Settings: Navigate to Tenant settings > Admin API settings.
Configure ‘Service Principal settings’:
Find the setting:
Service principals can call Fabric public APIsunder Developer Settings section.Set the toggle to Enabled.
Define Access Scope:
Under Apply to, select the radio button for Specific security groups.
Search: Enter the name of the Security Group created in Step 1.
Click Apply.
Find the setting:
Service principals can access read-only admin APIsunder Admin API Settings section.Set the toggle to Enabled.
Define Access Scope:
Under Apply to, select the radio button for Specific security groups.
Search: Enter the name of the Security Group created in Step 1.
Click Apply.
Summary: By enabling the Service Principal setting for a specific group, you have authorized the Druva application to call Power BI APIs without granting tenant-wide administrative rights.
📝NOTE: If the Azure environment setup is complete but discovery is not working, ensure that KMS is configured. Without KMS enabled, discovery will not initiate.
Step 3: Adding the Service Principal to the Power BI Workspace
📝 Note: If this step is not completed, the backup operation will still be marked as successful. However, only the metadata is backed up, and the actual report file is not included in the backup.
Navigate to the required Workspace.
In the top-right corner, click Manage access.
Click + Add people or groups.
Search for the Service Principal by name and select it.
From the permissions dropdown, select Contributor.
Click Add to save changes.
Important: Synchronization Latency Microsoft may require up to 24 hours to synchronize permission changes across the environment.
Verify Discovery Status
After configuration, Druva automatically scans the tenant. Check the Status Indicators:
Connected: The app is successfully authenticated.
Discovery Not Started: This status appears if the Azure prerequisites (Security Group/API settings) are not detected. You must complete the steps before discovery can proceed.
Once all prerequisites are met, discovery begins automatically. After the environment scan is complete, the system populates the list of workspaces.