diff --git a/.github/workflows/e2e-tests-manual.yaml b/.github/workflows/e2e-tests-manual.yaml
index 482d97c6..7cad544d 100644
--- a/.github/workflows/e2e-tests-manual.yaml
+++ b/.github/workflows/e2e-tests-manual.yaml
@@ -33,8 +33,9 @@ jobs:
       env:
         BRANCH: "${{ github.event.inputs.branch }}"
 
-        AZURE_RESOURCE_GROUP_NAME: "${{ secrets.AZURE_RESOURCE_GROUP_NAME }}"
         AZURE_LOCATION: "${{ secrets.AZURE_LOCATION }}"
+        AZURE_MANAGED_IDENTITY: "${{ vars.AZURE_MANAGED_IDENTITY }}"
+        AZURE_RESOURCE_GROUP_NAME: "${{ secrets.AZURE_RESOURCE_GROUP_NAME }}"
 
   test-run:
     needs: 'suite-setup'
diff --git a/.github/workflows/e2e-tests-scheduled.yaml b/.github/workflows/e2e-tests-scheduled.yaml
index fb10608c..68c721a5 100644
--- a/.github/workflows/e2e-tests-scheduled.yaml
+++ b/.github/workflows/e2e-tests-scheduled.yaml
@@ -45,8 +45,9 @@ jobs:
       env:
         BRANCH: "${{ matrix.branch }}"
 
-        AZURE_RESOURCE_GROUP_NAME: "${{ secrets.AZURE_RESOURCE_GROUP_NAME }}"
         AZURE_LOCATION: "${{ secrets.AZURE_LOCATION }}"
+        AZURE_MANAGED_IDENTITY: "${{ vars.AZURE_MANAGED_IDENTITY }}"
+        AZURE_RESOURCE_GROUP_NAME: "${{ secrets.AZURE_RESOURCE_GROUP_NAME }}"
 
   test-run:
     if: "github.repository == 'Azure/iot-identity-service'"
diff --git a/ci/e2e-tests/helper-functions.sh b/ci/e2e-tests/helper-functions.sh
index 247aa586..7d690ae2 100644
--- a/ci/e2e-tests/helper-functions.sh
+++ b/ci/e2e-tests/helper-functions.sh
@@ -100,7 +100,21 @@ setupCustomAllocationPolicy() {
             --location $AZURE_LOCATION \
             --resource-group $AZURE_RESOURCE_GROUP_NAME \
             --sku Standard_LRS \
-            --tags "suite_id=$suite_id"
+            --tags "suite_id=$suite_id" \
+            --allow-shared-key-access false
+
+        # Give managed identity Storage Blob Data Contributor access to the storage account
+        object_id="$(az identity show --ids "$AZURE_MANAGED_IDENTITY" --query principalId --output tsv)"
+
+        scope_id="$(
+            az storage account show \
+                --name "$dps_allocation_storage_account" \
+                --resource-group $AZURE_RESOURCE_GROUP_NAME \
+                --query id \
+                --output tsv
+        )"
+
+        az role assignment create --assignee "$object_id" --role "Storage Blob Data Contributor" --scope "$scope_id"
 
         # Create function app
         az functionapp create \
@@ -112,7 +126,8 @@ setupCustomAllocationPolicy() {
             --name "$dps_allocation_functionapp_name" \
             --disable-app-insights \
             --storage-account "$dps_allocation_storage_account" \
-            --tags "suite_id=$suite_id"
+            --tags "suite_id=$suite_id" \
+            --assign-identity "$AZURE_MANAGED_IDENTITY"
 
         # Publishing the app sometimes fails, so retry up to 3 times
         for retry in {0..3}; do
diff --git a/ci/e2e-tests/suite-common.sh b/ci/e2e-tests/suite-common.sh
index 2d0481b4..b2d0b378 100755
--- a/ci/e2e-tests/suite-common.sh
+++ b/ci/e2e-tests/suite-common.sh
@@ -14,3 +14,7 @@ dps_allocation_function_name='DpsCustomAllocation'
 dps_allocation_functionapp_name="alloc-app-${suite_common_resource_name}"
 foo_devices_iot_hub="${suite_common_resource_name}-foo-devices"
 dps_allocation_storage_account="$(printf '%s' "$suite_id" | tr '[:upper:]' '[:lower:]' | tr -d -C 'a-z0-9')"
+# storage accounts names can't be longer than 24 chars; truncate (from the front of the string) if necessary
+if [[ ${#dps_allocation_storage_account} -gt 24 ]]; then
+    dps_allocation_storage_account="${dps_allocation_storage_account: -24}"
+fi