Forum Discussion
Azure Automation - Hybrid Worker - Connect-Azure AD
Is there a way to use Connect-AzureAD in Azure Automation when integrating a hybrid worker? I have tried multiple ways to try to get it to work and have had zero success. What is best practice for ...
Pretty sure this is the reference to get the AzureRunAsConnection involved in the action:
https://docs.microsoft.com/en-us/azure/automation/automation-hrw-run-runbooks
Please let me know if you know of other references for it or any additional issues that could result from missing modules in the hybrid runbook worker.
https://docs.microsoft.com/en-us/azure/automation/automation-hrw-run-runbooks
Please let me know if you know of other references for it or any additional issues that could result from missing modules in the hybrid runbook worker.
Dodge-1350 - Yeah, the link to register the certificate on the hybrid runbook worker was the key, once you install the certificate, the call to Connect-AzureADPreview works as expected.
Dodge-1350 Its a bad idea to use a Run As account to automate anything. That account is granted Contributor (overreaching) permissions at the Subscription level. We do not use a Run As account whatsoever. We have created service principals with specific, granular access. Why Microsoft reccomends this is beyond me. Even their document states it will alter subscription security.
- Can you explain a scenario whereby you would see the run as account being used in Azure Automation to access those permissions exceeding the necessary authority and providing access to someone that shouldn't have it? Wouldn't they need to do that from Azure Automation, where the credential is registered?
