smsagent.blog
  • docs.smsagent.blog
  • Custom Reporting in Microsoft Intune
    • Delivery Optimization Report
    • Windows Update for Business Custom Reporting
      • Power BI Report Walkthrough
      • Known issues / limitations
      • Change log
      • Deploy the solution
        • Create Azure Resources
        • Configure Azure Resources
        • Deploy the client-side script
        • Deploy the Azure automation runbooks
        • Configure the Power BI report
      • Adding additional language support
      • Table schema reference
    • Automating Data Exports from Microsoft Graph
      • Azure Automation account
        • Create / configure an Azure automation account
        • Grant API permissions
        • Create an Azure automation runbook
      • Azure Storage account
      • Automate Data Export to Azure Storage Account
      • Automate Data Export to Azure Monitor Logs
      • Creating / Troubleshooting Runbooks
      • Power BI
        • Connect Power BI to an Azure storage account data source
        • Connect Power BI to an Azure log analytics workspace as a data source
    • Managed Devices Report
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create a PowerBI report
      • MEM Managed Device Report template
      • Bonus! Unhealthy MEMCM Clients email report
    • Intune Assignments Report
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create a Power BI report
      • Change log
    • Patch My PC Report
      • A look at the Power BI reports
      • Change log
      • Video guides
      • Things to know
      • Create / configure an Azure automation account
      • Grant API permissions
      • Create / configure an Azure storage account
      • Create an Azure automation runbook
      • Create the Power BI report
      • Feedback
    • Windows 11 Hardware Readiness Report
    • Gathering Custom Inventory with Intune
      • Set up the Azure Resources
      • Create a Proactive remediations script package
      • Create a runbook
  • PowerShell Scripts Online Help
    • Get-AzSubscriptionActivityLog
  • Azure Solutions
    • Automated Azure Table Storage Backups
      • Change log
      • Deploy the solution
        • Create the Azure resources
        • Set the backup schedule
        • Add storage tables to the backup
        • Add role assignments to the storage account/s
        • Create a lifecycle management rule
      • Run a manual backup
      • Restore a backup
Powered by GitBook
On this page
  • Enable a managed identity
  • Enable Log Analytics workspace access for the managed identity
  • Log Analytics data retention

Was this helpful?

  1. Custom Reporting in Microsoft Intune
  2. Windows Update for Business Custom Reporting
  3. Deploy the solution

Configure Azure Resources

In this step, we'll configure the Azure Automation account with the necessary permissions to access the Log Analytics workspace, and configure the data retention period of the workspace.

PreviousCreate Azure ResourcesNextDeploy the client-side script

Last updated 2 years ago

Was this helpful?

Enable a managed identity

If you have not already done so, enable a system-managed identity for the automation account.

  • In the automation account, go to Account Settings > Identity

  • In the System assigned tab, set the Status to On.

You could also use a user-managed identity if you prefer.

Enable Log Analytics workspace access for the managed identity

To allow the automation account to read and write data to the log analytics workspace, assign it the appropriate permission.

  • In the Log Analytics workspace, go to the Access control (IAM) blade.

  • Click Add > Add role assignment

  • Select the Log Analytics Contributor role and click Next

  • Next to Assign access to, select Managed identity, then click Select members

  • Under Managed identity, select Automation Account

  • Select the automation account from the list and click Select.

  • Click Review + assign twice to finish.

Log Analytics data retention

By default, a log analytics workspace in the Pay as you go tier includes 31 days of free data retention. If you wish, you can increase this, but there are some things to consider if doing so:

  • You will be charged for data retention beyond the free 31 days

  • The retention period affects how much historic data you will be able to see in your software updates report, for example in the trend charts.

  • Longer retention times means your report queries will need to process more data and return more rows and increases the risk of hitting API service limits.

To change the data retention period:

  • In the Log Analytics workspace, go to General > Usage and estimated costs

  • Click Data retention at the top

  • Set the desired retention period and click OK.

If you are willing to pay for it, a 60-day retention period is recommended.