smsagent.blog
  • docs.smsagent.blog
  • Custom Reporting in Microsoft Intune
    • Delivery Optimization Report
    • Windows Update for Business Custom Reporting
      • Power BI Report Walkthrough
      • Known issues / limitations
      • Change log
      • Deploy the solution
        • Create Azure Resources
        • Configure Azure Resources
        • Deploy the client-side script
        • Deploy the Azure automation runbooks
        • Configure the Power BI report
      • Adding additional language support
      • Table schema reference
    • Automating Data Exports from Microsoft Graph
      • Azure Automation account
        • Create / configure an Azure automation account
        • Grant API permissions
        • Create an Azure automation runbook
      • Azure Storage account
      • Automate Data Export to Azure Storage Account
      • Automate Data Export to Azure Monitor Logs
      • Creating / Troubleshooting Runbooks
      • Power BI
        • Connect Power BI to an Azure storage account data source
        • Connect Power BI to an Azure log analytics workspace as a data source
    • Managed Devices Report
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create a PowerBI report
      • MEM Managed Device Report template
      • Bonus! Unhealthy MEMCM Clients email report
    • Intune Assignments Report
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create a Power BI report
      • Change log
    • Patch My PC Report
      • A look at the Power BI reports
      • Change log
      • Video guides
      • Things to know
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create the Power BI report
      • Feedback
    • Windows 11 Hardware Readiness Report
    • Gathering Custom Inventory with Intune
      • Set up the Azure Resources
      • Create a Proactive remediations script package
      • Create a runbook
  • PowerShell Scripts Online Help
    • Get-AzSubscriptionActivityLog
  • Azure Solutions
    • Automated Azure Table Storage Backups
      • Change log
      • Deploy the solution
        • Create the Azure resources
        • Set the backup schedule
        • Add storage tables to the backup
        • Add role assignments to the storage account/s
        • Create a lifecycle management rule
      • Run a manual backup
      • Restore a backup
Powered by GitBook
On this page
  • Create a storage account
  • Create a container
  • Create a custom role
  • Assign the role

Was this helpful?

  1. Custom Reporting in Microsoft Intune
  2. Intune Assignments Report

Create / configure an Azure storage account

Here we will create and configure a storage account in Azure granting the automation account the necessary permissions and creating a container for the report data.

PreviousGrant API permissionsNextCreate an Azure automation runbook

Last updated 1 year ago

Was this helpful?

Create a storage account

If you don't have one already create a in Azure.

Create a container

Under Containers, create a container which we will use to store the data files exported from MS Graph. I've called mine intune-assignments. Set the Public access level to private.

Create a custom role

Here we will create a custom role at the storage account level which has just the permissions we need to upload data to the container. We will assign this role to the managed identity.

  • In the storage account, top-level, open the Access Control (IAM) pane

  • On the Roles tab, locate the role Storage Blob Data Contributor

  • Click the 3 dots on the right of the role and choose Clone

  • Give the role a name. I've used Storage Account Reader and Blob Contributor

  • On the Permissions tab, add or remove the cloned permissions as required. I've added two permissions that are required by this solution and removed a couple that aren't. All permissions are found under Microsoft.Storage.

    • Add Microsoft.Storage/storageAccounts/read

    • Add Microsoft.Storage/storageAccounts/listkeys/action

  • On the Assignable scopes tab, leave the default scope which should be the storage account itself

  • Click Review + create

Assign the role

Back in the Access Control (IAM) pane:

  • Click Add role assignment under Grant access to this resource

  • Locate the role you just created, select it and click Next

  • Against Assign access to, select Managed Identity. Click Select members

  • Locate for the managed identity under Automation Account and select it

  • Click Review + assign

storage account