Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this quickstart, you learn how to use Azure PowerShell to create a storage task and assign it to an Azure Storage account. Then, you'll review the results of the run. The storage task applies a time-based immutability policy on any Microsoft Word documents that exist in the storage account.
Prerequisites
An Azure subscription. See create an account for free.
An Azure storage account. See create a storage account. As you create the account, make sure to enable version-level immutability support and that you don't enable the hierarchical namespace feature.
During the public, you can target only storage accounts that are in the same region as the storage tasks.
The Storage Blob Data Owner role is assigned to your user identity in the context of the storage account or resource group.
A custom role assigned to your user identity in the context of the resource group which contains the RBAC actions necessary to assign a task to a storage account. See Permissions required to assign a task.
.NET Framework is 4.7.2 or greater installed. For more information, see Download .NET Framework.
PowerShell version
5.1or higher.
Install the PowerShell module
Make sure you have the latest version of PowerShellGet installed.
Install-Module PowerShellGet -Repository PSGallery -ForceClose and then reopen the PowerShell console.
Install version 7.1.1-preview or later of the Az.Storage PowerShell module. You might need to uninstall other versions of the PowerShell module. For more information about installing Azure PowerShell, see Install Azure PowerShell with PowerShellGet.
Install-Module Az.Storage -Repository PsGallery -RequiredVersion 7.1.1-preview -AllowClobber -AllowPrerelease -ForceInstall Az.StorageAction module.
Install-Module -Name Az.StorageAction -Repository PSGallery -ForceFor more information about how to install PowerShell modules, see Install the Azure PowerShell module
Sign in to your Azure account
Open a Windows PowerShell command window, and then sign in to your Azure account with the
Connect-AzAccountcommand and follow the on-screen directions.Connect-AzAccountIf your identity is associated with more than one subscription, and you aren't prompted to select the subscription, then set your active subscription to subscription of the storage account that you want operate upon. In this example, replace the
<subscription-id>placeholder value with the ID of your subscription.Select-AzSubscription -SubscriptionId <subscription-id>
Create a storage task
Define a condition by using JSON. A condition is a collection of one or more clauses. Each clause contains a property, a value, and an operator. In the following JSON, the property is
Name, the value is.docx, and the operator isendsWith. This clause allows operations only on Microsoft Word documents.$conditions = "[[endsWith(Name, '.docx')]]"For a complete list of properties and operators, see Storage task conditions.
Tip
You can add multiple conditions to the same string and separate them with a comma.
Define each operation by using the
New-AzStorageActionTaskOperationObjectcommand.The following operation creates an operation that sets an immutability policy.
$policyoperation = New-AzStorageActionTaskOperationObject ` -Name SetBlobImmutabilityPolicy ` -Parameter @{"untilDate" = (Get-Date).AddDays(1); "mode" = "locked"} ` -OnFailure break ` -OnSuccess continueThe following operation sets a blob index tag in the metadata of a Word document.
$tagoperation = New-AzStorageActionTaskOperationObject -Name SetBlobTags ` -Parameter @{"tagsetImmutabilityUpdatedBy"="StorageTaskQuickstart"} ` -OnFailure break ` -OnSuccess continueCreate a storage task by using the
New-AzStorageActionTaskcommand, and pass in the conditions and operations that you defined earlier. This example creates a storage task namedmystoragetaskin resource groupmystoragetaskresourcegroupin the West US region.$task = New-AzStorageActionTask ` -Name mystoragetask ` -ResourceGroupName mystoragetaskresourcegroup ` -Location westus ` -Enabled ` -Description 'my powershell storage task' ` -IfCondition $conditions ` -IfOperation $policyoperation,$tagoperation ` -EnableSystemAssignedIdentity:$true
Create an assignment
A storage task assignment specifies a storage account. After you enable the storage task, the conditions and operations of your task will be applied to that storage account. The assignment also contains configuration properties which help you target specific blobs, or specify when and how often the task runs. You can add an assignment for each account you want to target.
Create a storage task assignment by using the
New-AzStorageTaskAssignmentcommand. The following assignment targets themycontainercontainer of an account namedmystorageaccount. This assignment specifies that the task will run only one time, and will save execution reports to a folder namedstorage-tasks-report. The task is scheduled to run10minutes from the present time.$startTime = (Get-Date).AddMinutes(10) New-AzStorageTaskAssignment ` -ResourceGroupName mystoragetaskresourcegroup ` -AccountName mystorageaccount ` -name mystoragetaskAssignment ` -TaskId $task.Id ` -ReportPrefix "storage-tasks-report" ` -TriggerType RunOnce ` -StartOn $startTime.ToUniversalTime() ` -Description "task assignment" ` -Enabled:$true ` -TargetPrefix "mycontainer/" ` -TargetExcludePrefix ""Give the storage task permission to perform operations on the target storage account. Assign the role of
Storage Blob Data Ownerto the system-assigned managed identity of the storage task by using theNew-AzRoleAssignmentcommand.New-AzRoleAssignment ` -ResourceGroupName mystoragetaskresourcegroup ` -ResourceName mystorageaccount ` -ResourceType "Microsoft.Storage/storageAccounts" ` -ObjectId $task.IdentityPrincipalId ` -RoleDefinitionName "Storage Blob Data Owner"
View the results of a task run
After the task completes running, get a run report summary for each assignment by using the Get-AzStorageActionTasksReport command.
Get-AzStorageActionTasksReport `
-ResourceGroupName mystoragetaskresourcegroup `
-StorageTaskName mystoragetask | Format-List
The SummaryReportPath field of each report summary contains a path to a detailed report. That report contains comma-separated list of the container, the blob, and the operation performed along with a status.
Clean up resources
Remove all of the assets you've created. The easiest way to remove the assets is to delete the resource group. Removing the resource group also deletes all resources included within the group. In the following example, removing the resource group removes the storage account and the resource group itself.
Remove-AzResourceGroup -Name $ResourceGroup