Comment on page

Create an Azure automation runbook

Here we will create a runbook in the automation account that will retrieve data from Microsoft Graph using the REST API and export the data to the Azure storage account.

Import Modules

We will need a couple of PowerShell modules added to the automation account for the runbook to use.
  • In the Azure portal in the automation account, go to the Modules gallery pane
  • Search for and import the following modules:
    • Az.Accounts
    • Az.Storage
    • MSAL.PS (only required if using a Run as account)

Create a Runbook

  • Click on the Runbooks pane and choose Create a runbook
  • Enter a name for the runbook, select PowerShell for the runbook type and click Create
  • Copy the PowerShell code below into the runbook and edit it as described below
    • If you wish to test the runbook before publishing to make sure it works, use the Test pane
    • Alternatively, Publish the runbook, then click Start from the runbook menu. This option will give you the full output of the script.
  • When ready, Publish the runbook


This PowerShell script should be used as-is as the source for your runbook to work properly with the Power BI template.
Populate the following parameters at the top of the script:
  • $ResourceGroup. This is the name of the resource group that hosts your storage account in Azure
  • $StorageAccount. This is the name of the storage account to which you will export data
  • $Container. The name of the container to use in the storage account

Managed Identity vs Run as account

The script is configured to run using a managed identity, but code is also included to use a Run as account instead. To use a Run as account, in the Authentication section of the script, simply uncomment the code blocks that start with #Run as account, and comment out the sections that start with #Managed Identity.

What the Runbook does

Get Graph data
Export and Upload
First we authenticate to MS Graph and obtain an access token to make our REST API calls with. We also authenticate to Azure AD in order to send data to the storage account.
We query MS Graph using the REST API. First we get a list of apps and updates in Intune managed by Patch My PC. Then we request status overview reports and device install status reports for both apps and updates from Microsoft Graph.
Lastly we export the data we retrieved into CSV files and upload these to our container in Azure blob storage.

Download the runbook

Schedule the Runbook

Schedule the Runbook to execute at regular intervals to keep the data updated.
  • In the Azure portal, in the automation account, open the Runbook you created
  • Click Link to schedule
  • In the Schedule section, select an existing schedule or create a new one