Azure Automation using Azure Active Directory Account
Microsoft Azure Automation provides Administrators ability to run long-running, repeatable, error prone tasks in completely automated and tested way using Azure Automation. Azure Automation uses Windows PowerShell or PowerShell workflow and can access any Cloud resource.
In this example, we will create a Azure-AD account, provide it with necessary permissions to run Runbooks & write a sample Runbook to get number of Azure VMs running in the environment.
Create New User
We first need to create a New user in Azure. Select option “New user in your organization” and type a user name. Note down the full username including what is shown after “@” symbol.
Azure will now temporary password of the new user. Note down the password, because this password can’t be used for Azure Automation since it expires after the first logon and needs to be changed. You need to login to Azure and change the password.
Login to https://manage.windowsazure.com with new username and password, and when prompted change the password of the Automation account.
On the Azure Portal, go to Settings on left pane and go to Administrators section to add new co-administrator. Type the full username of the Automation account that was created above. This will provide account permission to access Cloud resources and run Automation scripts or Runbooks in Azure Automation.
Azure Automation – Create Account and Write Runbook
On the Azure Portal, Select Automation in the left hand side pane and click on “Create An Automation Account”
Fill the details and select the region where you want your Automation account to reside. Select Azure region where you most of the resources to manage.
Once Azure Automation Account is created, you now need to add Azure Active Directory credential that we added above.
Select Azure Automation Account, and then go to ASSETS page and then click on ADD SETTING button below to ADD CREDENTIAL
Once you specify name “Azure-Cred” as your Credential name, on the next screen, type the Azure Active Directory username and password and save them for future reference in the Runbooks.
Create, Execute RunBook
Once Azure Automation Account (Azure-Auto) is created and Azure Credentials (Azure-Cred) have been saved, we now need to create Runbook in Azure, as shown below
Your next job is to Author the Azure Runbook. The Syntax of PowerShell workflow is same as typical PowerShell. In this Runbook, we will –
- Save Azure Credential (Azure-Cred) that we created above to a variable $cred
- Add-AzureAccount using the credential $cred
- Please note that if you have more than one subscription tied to the account then you need to select your Subscription by using Select-AzureSubscription command. We are not using this command in the example below.
- Later we are getting all Azure VMs in the environment (Get-AzureVM) and Writing the output on the screen showing count of the VMs in the environment.
Schedule the Azure Runbook
Now we have working Azure Runbook. Publish the Azure Runbook before it can be published.
Select the Runbook and go to Schedule tab to create a new schedule job.
In the next screen, you can schedule the job with options listed below.
Please note that if you had declared variable in the Runbook, Azure Scheduler gives option to pass the script parameters so that scripts can leverage them.
This completes the Azure Automation, Runbook creation and scheduling it using Azure Active Directory account. Once I write some real world Azure Automation example then I will share it with the forum.