![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 44%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENJ%3C/text%3E%3C/svg%3E)
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,171 questions
Hi @Nusrat Jahan Shaikh ,
I have tried to reproduce the error (parsing_wstrust_response_failed: Parsing WS-Trust response failed) but was not able to see any such error.
If you are trying to authenticate to the tenant using ADFS credentials from an Azure Automation runbook then AFAIK it is not supported.
Azure Automation Run As Account is a great way to authenticate securely with certificates and a service principal name without needing to store a username and password in a credential object. So, we could use this same Azure Automation Run As Account to log in to your Azure AD tenant for the possibility to run Azure AD PowerShell commands. Below is a sample runbook to connect to Azure AD tenant and get users.
#Login to Azure AD PowerShell With Admin Account
$connectionName="AzureRunAsConnection"
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
#Now you can login to Azure PowerShell with your Service Principal and Certificate
Connect-AzureAD -TenantId $servicePrincipalConnection.TenantId -ApplicationId $servicePrincipalConnection.ApplicationId -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
Get-AzureADUser | Select ObjectType, UserPrincipalName
Disconnect-AzureAD
Make sure the Azure Automation Run As Account (App) has sufficient permissions i.e., in this case
- add User.Read.All API permission (Azure portal -> Azure AD -> API permissions -> Microsoft Graph -> Application permissions -> User.Read.All ) and
- assign the directory readers role (Azure portal -> Azure AD -> roles and Administrator -> Directory Readers role -> assign this role) to it.
Similarly you may have to add Group.Read.All app permission, etc. if you want to read AD group information as well, etc.
On the other hand, if you want us to troubleshoot or deep dive regarding "parsing_wstrust_response_failed: Parsing WS-Trust response failed" error then to fast-track resolution of your issue, please send mail to AzCommunity@microsoft.com include your subscriptioin ID and a link to this thread (for context) and my team will work with you via our technical support channel. Please include "Attn:Krishna" in the subject line so we can engage asap. Alternatively, you can raise a technical support request if you have a support plan.
Sources of above response:
Use Azure AD to authenticate to Azure
Manage Office 365 services
Using the Azure Run As Account in Azure Automation to Connect to Azure AD with a Service Principal
Using a Service Principal to connect to a directory in PowerShell
Connect Azure Automation Runbook script with service principal for AzureAD
Authorization_RequestDenied