question

MODAdministrator-9533 avatar image
0 Votes"
MODAdministrator-9533 asked AnuragSingh-MSFT commented

How can I run Get-AzRoleDefinition | ? {$_.IsCustom -eq $true} | FT Name, IsCustom on Azure AUtomation Runbook?

Hello.

I have one question regarding Azure Automation and Powershell Script.

I want regularly to get E-mail about the Azure custom owner accounts which I can do with the following script:

Connect-AzAccount
Get-AzRoleDefinition | ? {$_.IsCustom -eq $true} | FT Name, IsCustom

It works perfectly.

Now I want to do this as scheduled and in Azure Automation in Runbook.

Maybe anyone before has done the same or similar Configuration?

Should I add credentials to Script itself or should I add credentials to Azure Automation?
If I can get the Output how can I then send it to E-mail as a notification?


Thanks in Advance

Regards,
Farhad





azure-automation
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MODAdministrator-9533, I wanted to check if you had a chance to review my answer below. Please let me know if you have any queries or concerns.

Please 'Accept as answer' if it helped so that it can help others in the community looking for help on similar topics.

0 Votes 0 ·

@MODAdministrator-9533, Thank you for the response on this thread.

Please 'Accept as answer' if it helped so that it can help others in the community looking for help on similar topics.

0 Votes 0 ·

1 Answer

AnuragSingh-MSFT avatar image
0 Votes"
AnuragSingh-MSFT answered FarhadKhankishiyev-6384 commented

Hi @MODAdministrator-9533,

Welcome to Microsoft Q&A! Thanks for posting the question.

I understand that you are trying to create a runbook that executes based on the set schedule --> queries the custom Azure RBAC roles --> send email. I am not sure if a solution exists already for it, but the following steps should help you achieve it:

1. Once you have the Azure Automation Account created, enable Managed Identity on it. This will serve for the authentication and authorization with other resources in Azure. Please note the Managed Identity only works in Azure and if you are executing the same script locally on your machine, you will need the credential to be entered.

2. After enabling the managed identity, ensure that the correct role assignment is done for this identity to be able to query RBAC roles. Please refer to this link for steps to assign role to Automation Account's managed identity.

3. In the runbook, you can set the context using this identity as mentioned in this link: Authenticate access with system-assigned managed identity. Note that it will not require any userId/password for the authentication.

4. Now you can add the commandlets/script to this runbook (after adding authentication related details as mentioned in step 3 in the same script). You may even run the runbook to ensure that you are getting the required output.

5. To be able to send email from this runbook with details, follow this tutorial - Send an email from am Automation runbook. This uses SendGrid for sending emails.

6. The last part is to attach schedule to this runbook. You may refer to this link for details on it: Manage schedules in Azure Automation

Hope it helps. Please let me know if you have any questions.


Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I want to do the same config.

I will try it. Thanks for your response. @AnuragSingh-MSFT SFT

0 Votes 0 ·