This is the high-level view of the various components and features we often combine to help automate maintenance of Microsoft’s internal Intune environment. Below I will describe the key tools we use and where we integrate them together. This document is mostly meant to be a high-level overview/starting point. If there is interest, please add a comment and we can provide deeper dives into a particular area.
Starting point: Build a scheduler and gather data
Automation: PowerShell Runbooks
Our automation makes use of an automation account to execute runbooks. It takes in data from Flow in the form of a webhook. This automation account is the workspace used to create/manage runbooks for various automation scenarios. The runbook scripts hold the main application logic.
To expand the capability of the automation you can add additional modules to the automation account. By adding additional modules, you can add capability to connect to Azure AD, Graph, or other external resources.
Integrations: Other APIs
In certain scenarios we need to interface with partner resources. We prefer to use managed identity as the mechanism for automation for access to these resources/data sets. These managed identities eliminate the need for developers to manage credentials (like you would with registered applications). These managed identities can be given specific role assignments or graph permissions where they can only access the resources specified.
Reporting: App Insights
We use the App Insights workspace to collect all the logging for azure runbook processing. This workspace allows you to monitor Pass/Fail results, Availability, and other metrics.
This covers the basics of what tools our team uses to build automation. Depending on interest, we can take a deeper walkthrough into how we build up any of the resources mentioned above. Please add a comment if you would like more information on a particular area. Based on interest, we could add some code examples to our open source GitHub repository.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.