Forum Discussion
Azure Automation - Hybrid Worker - Connect-Azure AD
Is there a way to use Connect-AzureAD in Azure Automation when integrating a hybrid worker? I have tried multiple ways to try to get it to work and have had zero success. What is best practice for ...
Dodge-1350 Its a bad idea to use a Run As account to automate anything. That account is granted Contributor (overreaching) permissions at the Subscription level. We do not use a Run As account whatsoever. We have created service principals with specific, granular access. Why Microsoft reccomends this is beyond me. Even their document states it will alter subscription security.
Can you explain a scenario whereby you would see the run as account being used in Azure Automation to access those permissions exceeding the necessary authority and providing access to someone that shouldn't have it? Wouldn't they need to do that from Azure Automation, where the credential is registered?