Copy Files from a Computer to Azure Files Over CMG

With many employees now working remote, the situation may arise where you need to copy files from a remote computer to a location where they can be accessed by IT staff. When a computer is not remote, this is usually done by just accessing the computer’s admin share, but this is not always possible when a computer is remote.

This post will detail a method of using the ConfigMgr scripts feature to copy directories to a Azure Files. This post will detail setting up the Azure Files share, and provide a sample script to use to copy the files. You will need ConfigMgr with a CMG setup to complete this post.

Setup Azure Files

First, we need to configure an Azure Files share. Azure Files is a good solution to use since it can be made available from the internet and does not require a domain login. Though using a domain login is possible, I would recommend NOT doing this, and instead use a shared access signature, which you can and should set to expire when not in use.

To create the Azure Files share, you will first need a storage account. If you already have a storage account and want to reuse it, you can proceed to the next section.

  1. In the Azure portal, search for Storage Accounts and open its service.
  2. Click Add.
  3. Select the Subscription and Resource group for your storage account. Give your storage account a name and Location. Leave Performance, Account kind, and Replication as-is.
  1. Click Review + create to create your storage account.

Now that you have your storage account, we need to create the Azure Files share.

  1. Open your storage account and select File shares from the left pane.
  2. Click the add File share button.
  1. Give your file share a Name and set a Quota. I also recommend setting the Tiers to Hot or Cool, as we shouldn’t be actively doing much with these files.
  1. Click Create.

Azure Files is now set up.

Obtain Shared access signature

Now that we have our Azure file share, we need to generate a Shared access signature (SAS). This will allow us to access the file share without the need for domain credentials.

  1. In your storage account, select Shared access signature from the left pane.
  1. Uncheck all boxes under Allowed Services EXCEPT File.
  2. Under Allowed resource types, select Object.
  3. Leave Allowed permissions as-is. Technically you can dial back the permissions here, but that is out of the scope of this post.
  4. Set a Start and expiry date/time. I would suggest not allowing this SAS key for longer than 1 day. Ideally this key would only work for time needed.
  5. Leave the remaining settings as-is and click Generate SAS and connection string.
  1. Copy the SAS token to Notepad (we’ll need it later).

ConfigMgr Script

This process uses ConfigMgr Run Scripts to execute a script on the computer. The computer will go out and download the AZ Copy utility from Microsoft and use this utility to copy up the Documents and Desktop folders for each user on a computer. You can modify the copy part of the script to copy whichever directories you want. Prior to uploading into Azure Files, the script will zip what’s being copied and upload the zip. This is to save bandwidth and consume less storage in Azure.

Here is the script:


$az_files_url = ""

$comp_name = $env:COMPUTERNAME
$date = get-date -format yyyy-MM-ddTHH-mm-ss

$WebClient = New-Object System.Net.WebClient

Expand-Archive -LiteralPath "$env:SystemRoot\TEMP\" -DestinationPath "$env:SystemRoot\TEMP\azcopy" -force
$extract_dir = (get-childitem "$env:SystemRoot\TEMP\azcopy").name
$azcopy = "$env:SystemRoot\TEMP\azcopy\" + $extract_dir

cd $azcopy

$user_folders = (get-childitem $env:systemdrive\users | where-object -filterscript {$_.Name -ne "ADMINI~1"}).name

$output_dir = "$env:SystemRoot\TEMP\azcopy$comp_name-$date"
new-item -type directory $output_dir | out-null

ForEach ($user in $user_folders) {
new-item -type directory "$output_dir$user-desktop" | out-null
copy-item -path "$env:systemdrive\users$user\Desktop\*" -destination "$output_dir$user-desktop" -recurse

new-item -type directory "$output_dir$user-documents" | out-null
copy-item -path "$env:systemdrive\users$user\Documents\*" -destination "$output_dir$user-documents" -recurse

$archive_file = "$env:SystemRoot\TEMP\azcopy$comp_name-$"
compress-archive -path $output_dir -destinationpath $archive_file

$dest_path = $az_files_url + $saskey
$arguement_list_doc = 'copy "' + $archive_file + '" "' + $dest_path + '" --recursive --cap-mbps 20'
start-process -filepath "azcopy.exe" -ArgumentList $arguement_list_doc -wait -windowstyle:hidden

sleep -s 1

cd $env:SystemRoot
remove-item -path $env:SystemRoot\TEMP\azcopy -recurse -force
remove-item -path $env:SystemRoot\TEMP\ -recurse -force

At each launch, the script will prompt you for the SAS key. On line 6, you need to change the az_files_url variable to match your storage account and file share name. Just replace azsccmfiles with the name of your storage account and sccmcmgfiles with the name of the file share. HINT: you can get this entire URL by going to the storage account in Azure, selecting the file share, and clicking Properties.

All you should have to do now is add this as a script in ConfigMgr. Once added, you can execute it against computers that are remote.


All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.