Forum Discussion
How to authenticate PowerShell cmdlets in Runbooks with managed identities?
Hi there.
This is regarding Azure Automation Runbooks.
I'm attempting to replace AzureRunAs connections with user/system managed identities.
One problem I ran into with this is that I have no idea how to get the PowerShell cmdlet's used
in those Runbooks to authenticate.
For example for a Runbook that relies on the ExchangeOnline cmdlet's I was able to use the
AzureRunAs connections credentials via Get-AutomationConnection –Name "AzureRunAsConnection".
Since this AzureRunAs connection is also an App Registration in Azure, I could assign API
permissions to them, like for ExchangeOnline. The AzureRunAs connection also comes with
a certificate that I could make use of for authentication purposes.
On way I thought I could achieve this is for example with:
Connect-ExchangeOnline -ManagedIdentity -Organization <tenant>.onmicrosoft.com -ManagedIdentityAccountId <id>
So to summarize, my question is: How should I authenticate PowerShell cmdlet's without
AzureRunAs connections in Runbooks?
Thanks for your help.
2 Replies
- You can authenticate PowerShell cmdlets without AzureRunAs connections in Runbooks by using managed identities in Azure Automation. You can create a PowerShell runbook in Azure Automation that uses a managed identity, rather than the Run As account to interact with resources. You can assign permissions to the managed identities to allow them to stop and start a virtual machine. You can also create credential assets and use them in a runbook or DSC configuration. The cmdlets in the following table create and manage Automation credentials with PowerShell: Get-AzAutomationCredential, New-AzAutomationCredential, Remove-AzAutomationCredential, and Set-AzAutomationCredential. The Get-AutomationPSCredential cmdlet gets a PSCredential object that you can use with a cmdlet that requires a credential.
Have a look here
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/automation/learn/powershell-runbook-managed-identity.md
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/automation/shared-resources/credentials.md
Let me know how it goes !! Below URL may provide you some insight:
