Delete Old FSLogix Profiles with Nerdio

Nerdio provides an Azure Runbook as a Scripted Action, which deletes profiles on a storage account if they are older than a defined number of days. The following parameters are required for execution:

  • StorageAccountName
  • ShareName
  • DaysOld
  • StorageKeySecureVar

I took a closer look and saw the potential for improvement.


With a Nerdio Manager for Enterprise, I usually also provide the storage accounts. The autoscaling of the storage account is also carried out by Nerdio as a premium feature in order to optimize size, performance and costs.

This gives the Nerdio service principal sufficient rights on the storage account to create a temporary shared access signature.

This means that we do not need to store a storage key as a variable and use it when executing the Scripted Action.

Scheduled task

Another option with Nerdio is to execute a Scripted Action as a scheduled task. Currently, there is still the restriction that a Scripted Action can only be executed with one configuration. This means that I can only clean up one storage account with the existing script. This restriction has been recognized and a solution is being worked on. Only several Scripted Actions can solve the problem.

I also wanted to avoid this limitation.


Before letting the Scripted Action delete data, I wanted to check what the script would delete. This was not possible with the existing variant.

And so I have also enabled this in the new variants.

New versions of the script

First, I developed a new version of the Scripted Action that does not require a Storage Access Key. I created another version to be able to operate several storage accounts. All information must be stored in a variable in order to be able to use these values. Both versions also make it possible to output only what is deleted and what is ignored without deleting data. I have now created two versions of the script, which I would like to share with you.

Extension with Shared Access Signature

In this version, I have taken advantage of the fact that I already have administrative access to the storage accounts with the Service Principal. However, it is still possible to work with a storage access key.

The script can be executed as follows:

Here is the script:

Extension with Secure Variable

In order to be able to clean up multiple storage accounts, I have created a secure variable in Nerdio, which stores the parameters in a JSON formatted string. When executing, the timeout must be increased depending on the number of storage accounts.

A variable is now required, this should also be restricted for the script:

This script can now be executed as follows (note the timeout):

Content of the variable:

Now also the script:


Both variants can be set up as scheduled tasks, the parameters are identical, only the corresponding time zone and time must be specified.

I hope one of the two scripts can help you to clean up your old profiles. We have the extended version with the Secure Variable in use at a large customer with over 20 storage accounts. If you like it, I look forward to comments and sharing in the community.