Is there a way to use Connect-AzureAD in Azure Automation when integrating a hybrid worker? I have tried multiple ways to try to get it to work and have had zero success. What is best practice for connecting to Azure when integrating a hybrid worker into your automations?

Dodge-1350, yes, the error you're getting means you don't have the required module installed. You just have to run Install-Module -Name AzureADPreview from an elevated PowerShell in your Hybrid Worker. You can find instructions here.

Hi Ed Stalcup, From your description it isn't clear if your HRW are running on-prem or in Azure. If they do run in Azure, have you considered using Managed Identity instead? Azure Automation now supports System Assigned Managed Identities (in Preview) as a replacement for RunAs accounts. If your HRWs are hosted outside of Azure, you could consider using Azure Arc (onboard your HRWs to Arc) and use Managed Identities in a similar fashion. You would still need to assign correct API permissions for Microsoft Graph like you would do for Service Principal (MS graph permissions for managed identities need to be granted directly to the Service Principal.).

Dodge-1350, when using a Hybrid Worker to connect to Azure resources, the easiest way is to use the Run As Account certificate associated with the Automation Account. You must install first the certificate in the Hybrid Worker, by following the steps detailed here. Then you call Connect-AzureAD by using the certificate thumbprint, like this: Connect-AzureAD -Tenant <TenantID> -ApplicationId <ApplicationID> -CertificateThumbprint <CertificateThumbprint> Don't forget to install the AzureADPreview module in the Hybrid Worker. Hope this helps.

hspinto - I tried that along with many other methods known to work in Azure Automation. For your information, this is what I receive when I attempt to run that: Connect-AzureAD : The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:56 char:1 + Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –Appli ... + ~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Connect-AzureAD:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException So, based upon your comments and the error, maybe I do need to install the AzureADPreview module on the hybrid worker. Do you have any information on how that is done? A reference to the documentation that explains the steps necessary to get it done right and efficiently? Google is good, but 100 links to pour over to find a solution to a Microsoft installation issue is a bit much to have to pour over and determine efficacy. Any help with the documentation to get that done would be appreciated.

hspinto - perfect, thank you very much for your help and experience. Much appreciated!

Azure Automation - Hybrid Worker - Connect-Azure AD

11 Replies

hspinto
Microsoft
Apr 14, 2021
Dodge-1350, when using a Hybrid Worker to connect to Azure resources, the easiest way is to use the Run As Account certificate associated with the Automation Account. You must install first the certificate in the Hybrid Worker, by following the steps detailed here. Then you call Connect-AzureAD by using the certificate thumbprint, like this:

Connect-AzureAD -Tenant <TenantID> -ApplicationId <ApplicationID> -CertificateThumbprint <CertificateThumbprint>

Don't forget to install the AzureADPreview module in the Hybrid Worker.

Hope this helps.
- Dodge-1350
  Brass Contributor
  Apr 14, 2021
  hspinto - I tried that along with many other methods known to work in Azure Automation. For your information, this is what I receive when I attempt to run that:
  
  Connect-AzureAD : The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:56 char:1 + Connect-AzureAD –TenantId $servicePrincipalConnection.TenantId –Appli ... + ~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Connect-AzureAD:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
  
  So, based upon your comments and the error, maybe I do need to install the AzureADPreview module on the hybrid worker. Do you have any information on how that is done? A reference to the documentation that explains the steps necessary to get it done right and efficiently? Google is good, but 100 links to pour over to find a solution to a Microsoft installation issue is a bit much to have to pour over and determine efficacy. Any help with the documentation to get that done would be appreciated.
  - hspinto
    Microsoft
    Apr 14, 2021
    Dodge-1350, yes, the error you're getting means you don't have the required module installed. You just have to run Install-Module -Name AzureADPreview from an elevated PowerShell in your Hybrid Worker. You can find instructions here.

Forum Discussion

Azure Automation - Hybrid Worker - Connect-Azure AD

11 Replies

Resources