Monitoring with PowerShell: Monitoring Azure File Shares

So a while back someone asked me if it’s possible to monitor Azure File Shares. the reason for this question was due to a crashing WVD farm because the Azure File Share reached its quota real quick. After some consideration and tests I’ve first tried to use the connection string to extract this data but figured that was a fairly futile attempt.

Instead, I’ve used the Secure Application Model and Azure Lighthouse to connect to all tenants, and compare the quota used vs the actual usage, that way it becomes fairly easy to alert on any Azure Storage that’s running out of space. This script is designed to loop through all your tenants, but can easily be modified to do a single tenant too.

The Script

######### Secrets #########
$ApplicationId = 'ApplicationID'
$ApplicationSecret = 'ApplicationSecret' | ConvertTo-SecureString -Force -AsPlainText
$TenantID = 'YourTenantID'
$RefreshToken = 'Refreshtoken'
$UPN = "A-Valid-UPN"
$MinimumFreeGB = '50'
######### Secrets #########

$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret)

Try {
    $azureToken = New-PartnerAccessToken -ApplicationId $ApplicationID -Credential $credential -RefreshToken $refreshToken -Scopes '' -ServicePrincipal -Tenant $TenantId
    $graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes ''
catch {
    write-DRMMAlert "Could not get tokens: $($_.Exception.Message)"
    exit 1
Connect-Azaccount -AccessToken $azureToken.AccessToken -GraphAccessToken $graphToken.AccessToken -AccountId $upn -TenantId $tenantID
$Subscriptions = Get-AzSubscription  | Where-Object { $_.State -eq 'Enabled' } | Sort-Object -Unique -Property Id
$fileShares = foreach ($Sub in $Subscriptions) {
    $null = $sub | Set-AzContext
    Get-AzStorageAccount | where-object { $_.PrimaryEndpoints.file } | ForEach-Object {
        $usage = (Get-AzMetric -ResourceId "$($" -MetricName "FileCapacity" -AggregationType "Average").data.average
        $Quota = ($_ | Get-AzStorageShare).Quota | select-object -last 1
            Name              = $_.StorageAccountName
            Sub               = $sub.Name
            ResourceGroupName = $_.StorageAccountName
            PrimaryLocation   = $_.PrimaryLocation
            'Quota GB'        = [int64]$Quota
            'usage GB'        = [math]::round($usage / 1024 / 1024 / 1024)


$QuotaReached = $fileShares | Where-Object { $_.'quota GB' - $_.'usage GB' -lt $MinimumFreeGB -and $_.'Quota gb' -ne 0 }

if (!$QuotaReached) {
    write-host 'Healthy'
else {
    write-host "Unhealthy. Please check diagnostic data"

and that’s it! as always, Happy PowerShelling.


  1. Elliot May 7, 2021 at 4:38 pm

    Hi, I ran the script to generate the tokens but when running this, I’m getting AADSTS65001 error. Investigation looks to be related to some sort of permission with v2.0 endpoints. Anything I’m missing?

    1. Marc June 28, 2021 at 1:21 pm

      Hi , I am running into the same thing here.
      I also get a AADSTS65001: The user or administrator has not consented…. error.

      1. Kelvin Tegelaar June 28, 2021 at 5:09 pm

        Check if you do not have an existing guest user in that client’s tenant that has the same UPN as you’ve used to create the tokens.

        1. Marc July 6, 2021 at 8:29 am

          I used the admin account to create the tokens and still i am getting this error.

  2. Slava May 11, 2021 at 12:03 am

    Could you help me please. “$usage = (Get-AzMetric -ResourceId “$($” -MetricName “FileCapacity” -AggregationType “Average”).data.average” gets average capacity for all shares. That means if I have two fileshares (with 1 Gb used capacity per share) on storage account, it will get 2Gb used capacity. How can I monitor each fileshares on my storage account. Can I get capacity for separate file share?

    1. Slava May 12, 2021 at 11:01 am

      I have found solution. You just need to add “-MetricFilter $f3” parameter for Get-AzMetric. And specify filter – $f3 = New-AzMetricFilter -Dimension FileShare -Operator eq -Value “YourFileShareName”. Glad if it had been helpful.

  3. Mark Dayton September 22, 2021 at 3:05 pm

    Hi, sorry i’ve got some questions here. Relatively new to Azure, we have recently setup Azure Virtual Desktop and yes the alerts are not very versatile. We have two file shares both with 100GB quotas that we need to monitor, i’m presuming I need to run the Secure Application Model script? I have owner rights on our subscription do i still need to run the Lighthouse setup? Thanks in advance.

    1. Kelvin Tegelaar September 24, 2021 at 9:18 am

      For your internal sub, you do not need to run lighthouse, but you do need to run the Secure Application Model setup.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.