Azure VM start up and shutdown on a schedule base

Question

Hi All,

I have a requirement to auto startup and shutdown the Azure VM in Business hours(i.e 9 AM- 5 PM ) Mon-Fri. Have created a Automation Accounts, Configured Runbook and created a schedule. I'm unable to link a runbook to schedule as it got depreciated in sep2023.

On Attempt-1, Throwing error as this.client.subscriptionId is null. However, have tried to hardcoded the subscription Id, still same error. In Below snippet, "Get Subscription" also throws the same error.

###################Attempt-1:##########################

$resourceGroupName = "XXX" $vmName = "YYY" try { "Logging in to Azure..." Connect-AzAccount -Identity } catch { Write-Error -Message $.Exception throw $.Exception }

Get subscription details

$subscriptions = Get-AzSubscription

Output subscription details

$subscriptions | Select-Object SubscriptionName, SubscriptionId Write-Output ("Subscription"+$subscriptions) Stop-AzVM -ResourceGroupName "XXX" -Name $vmName -Force

Result: It gives error as Subscription is null.

---

In Attempt-2, We have tried to authenticate the certificate by providing the tenant id, app_id unable to provide the thumbprint as I have no permissions to fetch.

Still it throws the same error "Subscription is null."

Used the authentication by Managed identity approach.

#######################Attempt-2:#####################################

$resourceGroupName = "XXX" $vmName = "YYY" $Cert = Get-AzAutomationCertificate -ResourceGroupName "XXX" -AutomationAccountName "VM-AutoStartandStop" -Name "AzureRunAsCertificate" Write-Output ("Cert"+$Cert) try { "Logging in to Azure..." Connect-AzAccount -Identity } catch { Write-Error -Message $.Exception throw $.Exception }

Connect-AzAccount -ServicePrincipal -Tenant "<TENANT_ID>" -ApplicationId "<APP_ID>" -CertificateThumbprint $Cert

Get subscription details

$subscriptions = Get-AzSubscription

Output subscription details

$subscriptions | Select-Object SubscriptionName, SubscriptionId Write-Output ("Subscription"+$subscriptions) Stop-AzVM -ResourceGroupName "XXX" -Name $vmName -Force

---

Request you to verify and suggest the solution.

Answer 1

HI @Guzzu, Navya X In the automation account, go to identity, click Azure role assignments, to give instructions for a managed identity to access subscription resources. Click add and give permissions to the resource group where your vms are.

With the identity account created, within the automation resource, click on runbook.

Param(
  [Parameter(Mandatory = $true)]
  [String]
  $TagName,
  [Parameter(Mandatory = $true)]
     
  [String]
  $TagValue,
  [Parameter(Mandatory = $true)]
  [Boolean]
  $Shutdown
)
# Autentication in Azure
## Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process
## Connect to Azure with System-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity).context
#Write-Output -InputObject $AzureContext
## Set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
#Write-Output -InputObject $AzureContext
## Start and Stop VMs
  $vms = Get-AzResource -TagName $TagName -TagValue $TagValue | Where-Object -FilterScript {
    $_.ResourceType -like 'Microsoft.Compute/virtualMachines' 
  }
  Foreach ($vm in $vms) 
  {
    if ($Shutdown -eq $true) 
    {
      Write-Output -InputObject "Stopping $($vm.Name)"        
      Stop-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName -Force
    }
    else 
    {
      Write-Output -InputObject "Starting $($vm.Name)"        
      Start-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName
    }
  }