Intune Management Extension - Script security advice

%3CLINGO-SUB%20id%3D%22lingo-sub-2317268%22%20slang%3D%22en-US%22%3EIntune%20Management%20Extension%20-%20Script%20security%20advice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2317268%22%20slang%3D%22en-US%22%3E%3CP%3EI%20need%20to%20deploy%20a%20PowerShell%20script%20via%20Intune%20Management%20Extension%20that%20uploads%20output%20to%20blob%20storage.%20Using%20a%20storage%20key%20is%20the%20easiest%20way%20to%20authenticate%20but%20the%20key%20would%20be%20displayed%20in%20plain%20text%20in%20the%20IME%20log%20file.%20What%20is%20the%20best%20method%20to%20secure%2Fobscure%20the%20key%2C%20or%20what%20is%20a%20better%20method%20to%20securely%20authenticate%20to%20the%20storage%20account%20to%20upload%20the%20output%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2317268%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%20Management%20Extension%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2325419%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Management%20Extension%20-%20Script%20security%20advice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2325419%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EJust%20maybe%20a%20stupid%20%22thought%22%3CBR%20%2F%3EYou%20could%20convert%20the%20powershell%20script%20to%20an%20exe%20file%20and%20deploy%20it%20as%20an%20win32%20app%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcall4cloud.nl%2F2021%2F04%2Fpowershell-the-killer-queen%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcall4cloud.nl%2F2021%2F04%2Fpowershell-the-killer-queen%2F%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I need to deploy a PowerShell script via Intune Management Extension that uploads output to blob storage. Using a storage key is the easiest way to authenticate but the key would be displayed in plain text in the IME log file. What is the best method to secure/obscure the key, or what is a better method to securely authenticate to the storage account to upload the output?

1 Reply
Hi,

Just maybe a stupid "thought"
You could convert the powershell script to an exe file and deploy it as an win32 app?

https://call4cloud.nl/2021/04/powershell-the-killer-queen/