Forum Discussion
Chris Johnston
May 08, 2019Brass Contributor
Azure Automation connecting to Exchange with MFA enforced
I have a tenant with MFA a requirement for any account with elevated privileges. I can use Azure Automation PowerShell runbook for Azure AD using the service principal and certificate e.g. # Get ...
- Oct 08, 2019
Chris Johnston The answer is deceptively simple....
I published a Runbook script to get you started with the initial connection, then you can add your own script form there on.
MichaelMardahl
Copper Contributor
Chris Johnston The answer is deceptively simple....
I published a Runbook script to get you started with the initial connection, then you can add your own script form there on.
PhilRiceUoS
Aug 20, 2020Brass Contributor
I deployed this and the only thing I changed was the user account name (which is definately in Azure Automation Credentials) and it just gets stuck on
Logging in to Exchange Online...
and never stops. The account has permissions and can login using powershell.
Im finding every solution I have tried to use Exchange Online with Azure Automation does the same and gets stuck. Any ideas?
- TobiasBooneOct 07, 2020Copper Contributor
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName"Logging in to Azure RM..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint"Logging in to Azure AD..."
Connect-AzureAD -TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint"Logging into EXOL"
Connect-ExchangeOnline -CertificateThumbPrint "yourthumprintfromyourAzureAutomationregistrationasAnADapp" -AppID "foundonyourappinAAD" -Organization "tenant.com"
}- TobiasBooneOct 07, 2020Copper Contributor
You also need to make sure then your Automation account is given the Compliance Admin role to be able to connect to exchange online and do most things...