Forum Discussion

thinkhaven's avatar
thinkhaven
Copper Contributor
Mar 24, 2020

Azure Automation: issues connecting to security and compliance center in remote session

I'm at a loss here. I'm trying to use a Azure Automation PowerShell runbook to connect to the Security and Compliance Center. Specifically I am looking to use the Get-RetentionCompliancePolicy and Set-RetentionCompliancePolicy commands.

 
I've tried a number of different modules to attempt to connect but none seem to work. I have code that works locally, but when put into a runbook and load the same module there, it won't connect properly. Instead it redirects and seems to loop on the connect and import step.
 
When I finally got it to appear to connect and import once (not loop), it does not recognize the Get-RetentionCompliancePolicy command and I can't find it in a Get-Commands call.

Any tips on how to get this to work? below is the code I'm using to connect and import.

 

 

 

$cred = Get-AutomationPSCredential -Name "Admin"
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking -AllowClobber | Out-Null

Get-RetentionCompliancePolicy

Get-PSSession | Remove-PSSession

 

 

 

  • It turned out to be a permission issue on my service account. I had it setup as a Security Center Admin but apparently that is not enough for this to work. After giving the account more capabilities under the Security and Compliance center it started working.

    I have not tested exactly what minimum permissions is required but when I checked all these it started working. Previously I only had Security admin checked.

     

    So lesson here is don't assume Security Admin role means they can do everything in the Security and Compliance center. Seems backwards but there you have it.

  • thinkhaven's avatar
    thinkhaven
    Copper Contributor

    It turned out to be a permission issue on my service account. I had it setup as a Security Center Admin but apparently that is not enough for this to work. After giving the account more capabilities under the Security and Compliance center it started working.

    I have not tested exactly what minimum permissions is required but when I checked all these it started working. Previously I only had Security admin checked.

     

    So lesson here is don't assume Security Admin role means they can do everything in the Security and Compliance center. Seems backwards but there you have it.

Resources