Use of system-assigned Managed Identity in Azure Automation for Exchange activities

Rajkumar Pawar 0 Reputation points
2023-05-26T05:41:04.33+00:00

We are migrating our runbooks from Azure automation account that uses runas account for authentication to account which uses Managed Identity.

We have already granted Exchange.ManageAsApp and Exchange Admin permission on managed identity. It authenticate and successfully establish connection to ExchangeOnline but when used with commands to perform some activities, it throws below error.

"exception calling "shouldprocess" with "3" argument(s): "a command that prompts the user failed because the host program or the command type does not support user interaction. the host was attempting to request confirmation with the following message: are you sure you want to perform this action? "

Below is the code.

$azureContext = Connect-AzAccount -Identity
$azureContext = Set-AzContext -SubscriptionName $azureContext.context.Subscription -DefaultProfile $azureContext.context
$graphToken = Get-AzAccessToken -ResourceUrl "https://graph.microsoft.com/"
$aadToken = Get-AzAccessToken -ResourceUrl "https://graph.windows.net"
Connect-AzureAD -AccountId $azureContext.account.id -TenantId $azureContext.tenant.id -AadAccessToken $aadToken.token -MsAccessToken $graphToken.token

Connect-ExchangeOnline -ManagedIdentity -Organization "****.com"

##Enable remote PowerShell for users

$EnableUsers = @(Get-AzureADGroupMember -ObjectId "*****" -All $true| Select DisplayName, UserPrincipalName)
foreach($user in $EnableUsers)
{
        Set-User -identity $user.UserPrincipalName -RemotePowerShellEnabled $true
}
Microsoft Exchange Online
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,191 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,373 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AnuragSingh-MSFT 21,246 Reputation points
    2023-05-31T09:09:20.7333333+00:00

    @Rajkumar Pawar , Thank you for posting this question.

    Based on the error that you are getting as available in the question, the error is related to one of the script line prompting for response from use (note the highlighted section in the error below)

    "a command that prompts the user failed because the host program or the command type does not support user interaction. the host was attempting to request confirmation with the following message: are you sure you want to perform this action?"

    This is happening because Azure Automation does not allow user interaction during script execution. Based on the script, it looks like the message is being prompted for the line below:

    Set-User -identity $user.UserPrincipalName -RemotePowerShellEnabled $true

    I would suggest using the -Force and -confirm parameters with the set-user cmdlet, so that the script does not attempt to read user inputs during script execution. For more details, see the links below:

    I would also suggest adding try{} catch{} blocks in the script so that you can get additional information about the error. For details about try, catch in powerhsll, see about_Try_Catch_Finally.

    A sample catch block that I generally use in runbook as below:

     catch  
       {  
       	write-error $_.Exception.Message  
           
           #Response Code received
           $StatusCode = $_.Exception.Response.StatusCode.value__  
           write-error "Error Code - $StatusCode"
       
       	#The scriptStackTrace would contains the line number for faulting code  
       	write-error $_.ScriptStackTrace    
       	throw ($_)  
       }  
    

    Hope this helps.

    If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

    0 comments No comments