Automation Account

Question

Hi Team, I have an automation account in one subscription, and auto-start powershell is setup in the runbook on the same subscription virtual machine. My question is that I have another virtual machine that is in a different subscription, so do I need to create another automation account to set up the start process for this virtual machine? I have tried with existing automation, but unfortunately, it does not work for different subscriptions.

So,what is solution for that?

Answer 1

@Nitin Parmar-Tss consultancy Welcome to Microsoft Q&A Platform and thanks for your query. From the information provided, I interpret that using the Runbook(R1) from Subscription(S1), you are trying to start the virtual machine which is in Subscription(S2). Assuming that you are system managed identity, you can use below code at the start of your PowerShell script so that the runbook does not inherit AzContext.

# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process
# Connect to Azure with system-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity).context
# Set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext

If you are using user managed identity, you need to use below code.

# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process

# Connect to Azure with system-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity -AccountId <ClientId>).context

# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription `
    -DefaultProfile $AzureContext

Also, make sure you provide appropriate permissions for the managed identity by following document mentioned here. Kindly note that both subscriptions must be same Azure Active Directory tenant.