smsagent.blog
  • docs.smsagent.blog
  • Custom Reporting in Microsoft Intune
    • Delivery Optimization Report
    • Windows Update for Business Custom Reporting
      • Power BI Report Walkthrough
      • Known issues / limitations
      • Change log
      • Deploy the solution
        • Create Azure Resources
        • Configure Azure Resources
        • Deploy the client-side script
        • Deploy the Azure automation runbooks
        • Configure the Power BI report
      • Adding additional language support
      • Table schema reference
    • Automating Data Exports from Microsoft Graph
      • Azure Automation account
        • Create / configure an Azure automation account
        • Grant API permissions
        • Create an Azure automation runbook
      • Azure Storage account
      • Automate Data Export to Azure Storage Account
      • Automate Data Export to Azure Monitor Logs
      • Creating / Troubleshooting Runbooks
      • Power BI
        • Connect Power BI to an Azure storage account data source
        • Connect Power BI to an Azure log analytics workspace as a data source
    • Managed Devices Report
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create a PowerBI report
      • MEM Managed Device Report template
      • Bonus! Unhealthy MEMCM Clients email report
    • Intune Assignments Report
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create a Power BI report
      • Change log
    • Patch My PC Report
      • A look at the Power BI reports
      • Change log
      • Video guides
      • Things to know
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create the Power BI report
      • Feedback
    • Windows 11 Hardware Readiness Report
    • Gathering Custom Inventory with Intune
      • Set up the Azure Resources
      • Create a Proactive remediations script package
      • Create a runbook
  • PowerShell Scripts Online Help
    • Get-AzSubscriptionActivityLog
  • Azure Solutions
    • Automated Azure Table Storage Backups
      • Change log
      • Deploy the solution
        • Create the Azure resources
        • Set the backup schedule
        • Add storage tables to the backup
        • Add role assignments to the storage account/s
        • Create a lifecycle management rule
      • Run a manual backup
      • Restore a backup
Powered by GitBook
On this page
  • Create a storage account
  • Create a container
  • Create a custom role
  • Assign the role

Was this helpful?

  1. Custom Reporting in Microsoft Intune
  2. Managed Devices Report

Create / configure an Azure storage account

Here we will create and configure a storage account in Azure granting the automation account the necessary permissions and creating a container for the report data.

PreviousGrant API permissionsNextCreate an Azure automation runbook

Last updated 3 years ago

Was this helpful?

Create a storage account

If you don't have one already create a in Azure.

Create a container

Under Containers, create a container which we will use to store the data files exported from MS Graph. I've called mine intune-powerbi. Set the Public access level to private.

Create a custom role

Here we will create a custom role at the storage account level which has just the permissions we need to upload data to the container. We will assign this role to the managed identity or run as account.

  • In the storage account, top-level, open the Access Control (IAM) pane

  • On the Roles tab, locate the role Storage Blob Data Contributor

  • Click the 3 dots on the right of the role and choose Clone

  • Give the role a name. I've used Storage Account Reader and Blob Contributor

  • On the Permissions tab, add or remove the cloned permissions as required. I've added two permissions that are required by this solution and removed a couple that aren't. All permissions are found under Microsoft.Storage.

    • Add Microsoft.Storage/storageAccounts/read

    • Add Microsoft.Storage/storageAccounts/listkeys/action

  • On the Assignable scopes tab, leave the default scope which should be the storage account itself

  • Click Review + create

Assign the role

Back in the Access Control (IAM) pane:

  • Click Add role assignment under Grant access to this resource

  • Locate the role you just created, select it and click Next

Note even though you see Managed identity as an option here, you should not use it because at the time of writing an automation account is not yet a supported service for a storage account

  • Select user, group, or service principal and click Select members

  • Search for the managed identity or run as account and select it

  • Click Next, next and Review + assign

storage account