Azure Storage account
In this section we'll create and configure a Storage account in Azure. This is only needed if you want to use a storage account as a location to export your Graph data in CSV format to.
Last updated
In this section we'll create and configure a Storage account in Azure. This is only needed if you want to use a storage account as a location to export your Graph data in CSV format to.
Last updated
Here is a video guide which I created for the Patch My PC report which covers the steps outlined below.
If you don't have one already create a storage account in Azure.
Under Containers, create a container or containers which you will use to store the data files exported from MS Graph. I've called mine patchmypc-powerbi in this example. Set the Public access level to private.
Here we will create a custom role at the storage account level which has just the permissions we need to upload data to the container. We will assign this role to the managed identity or run as account of our Azure automation account.
In the storage account, top-level, open the Access Control (IAM) pane
On the Roles tab, locate the role Storage Blob Data Contributor
Click the 3 dots on the right of the role and choose Clone
Give the role a name. I've used Storage Account Reader and Blob Contributor
On the Permissions tab, add or remove the cloned permissions as required. I've added two permissions that are required by this solution and removed a couple that aren't. All permissions are found under Microsoft.Storage.
Add Microsoft.Storage/storageAccounts/read
Add Microsoft.Storage/storageAccounts/listkeys/action
On the Assignable scopes tab, leave the default scope which should be the storage account itself
Click Review + create
Back in the Access Control (IAM) pane:
Click Add role assignment under Grant access to this resource
Locate the role you just created, select it and click Next
Note that even though you see Managed identity as an option here, you should not use it because at the time of writing an automation account is not yet a supported service for a storage account
Select user, group, or service principal and click Select members
Search for the managed identity or run as account of the Azure automation account and select it
Click Next, next and Review + assign
