Loading...
Loading...
When attempting to add an Azure Stack HCI OS cluster or node to Veeam Backup & Replication, the following error occurs: Your organization used Device Guard to block this app. Contact your support person for more info. Failed to start service 'VeeamDeploySvc'. Host: 'x.x.x.x'. Failed to start deployment service on the target host
By default, Azure Stack HCI OS 23H2 and newer has Windows Defender Application Control (WDAC) enabled and running in the enforcement mode. WDAC is a software-based security layer that reduces the attack surface by enforcing an explicit list of software that is allowed to run. WDAC limits the applications and the code that can run on the core platform. To allow third-party non-Microsoft signed software to run on Azure Stack HCI nodes, a WDAC supplemental policy provided by the third-party software vendor must be installed.
Supported Scenarios Veeam provides a tested supplemental WDAC policy that enables Azure Local clusters or nodes to be added to Veeam Backup & Replication as Hyper-V clusters or hosts. This is the only scenario that has been tested and approved for Azure Local machines. Assigning any other role, such as Repository, Mount Server, or WAN Accelerator, is not supported by the supplemental WDAC policy and may result in unexpected behavior or errors.
Download Policy XML Filename: KB4456-VBR-AZHCI-supplemental-policy-1.0.0.4.zip Updated: 2025-03-27 MD5: C745A895B1C706AF5D1454DFD37278E8 SHA1: 3B01D9569A35DC93EFEC771E43936930DA743B99
Windows Defender Application Control for Azure Stack HCI (preview) Manage Windows Defender Application Control for Azure Stack HCI, version 23H2 KB4047: Veeam Support for Azure Stack HCI
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.