# Azure Storage account ## Video guide Here is a video guide which I created for the Patch My PC report which covers the steps outlined below. {% embed url="" %} ## Create a storage account If you don't have one already create a [storage account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal) in Azure. ## Create a container Under **Containers**, create a container or containers which you will use to store the data files exported from MS Graph. I've called mine **patchmypc-powerbi** in this example. Set the **Public access level** to **private**. ![](/files/-MdaxyIluuXQ5PPslEJH) ## Create a custom role Here we will create a custom role at the storage account level which has just the permissions we need to upload data to the container. We will assign this role to the managed identity or run as account of our Azure automation account. * In the storage account, top-level, open the **Access Control (IAM)** pane * On the **Roles** tab, locate the role **Storage Blob Data Contributor** * Click the 3 dots on the right of the role and choose **Clone** * Give the role a name. I've used **Storage Account Reader and Blob Contributor** ![](/files/-M_ROpYgyDqg---0R4g1) * On the **Permissions** tab, add or remove the cloned permissions as required. I've added two permissions that are required by this solution and removed a couple that aren't. All permissions are found under **Microsoft.Storage**. * Add **Microsoft.Storage/storageAccounts/read** * Add **Microsoft.Storage/storageAccounts/listkeys/action** ![](/files/-M_RP_ec2Svw0oywmCNC) * On the **Assignable scopes** tab, leave the default scope which should be the storage account itself * Click **Review + create** ## Assign the role Back in the **Access Control (IAM)** pane: * Click **Add role assignment** under **Grant access to this resource** * Locate the role you just created, select it and click **Next** {% hint style="warning" %} Note that even though you see Managed identity as an option here, you should not use it because at the time of writing an automation account is not yet a supported service for a storage account {% endhint %} * Select **user, group, or service principal** and click **Select members** * Search for the managed identity or run as account of the Azure automation account and select it * Click **Next**, **next** and **Review + assign** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.smsagent.blog/microsoft-endpoint-manager-reporting/automating-data-exports-from-microsoft-graph/azure-storage-account.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.