Manage Office 365 services
You can use Azure Automation for management of Office 365 subscription services, for products such as Microsoft Word and Microsoft Outlook. Interactions with Office 365 are enabled by Microsoft Entra ID. See Use Microsoft Entra ID in Azure Automation to authenticate to Azure.
Prerequisites
You need the following to manage Office 365 subscription services in Azure Automation.
- An Azure subscription. See Subscription decision guide.
- An Automation object in Azure to hold the user account credentials and runbooks. See An introduction to Azure Automation.
- Microsoft Entra ID. See Use Microsoft Entra ID in Azure Automation to authenticate to Azure.
- An Office 365 tenant, with an account. See Set up your Office 365 tenant.
Install the MSOnline and MSOnlineExt modules
Use of Office 365 within Azure Automation requires Microsoft Entra ID for Windows PowerShell (MSOnline module). You'll also need the module MSOnlineExt, which simplifies Microsoft Entra management in single- and multi-tenant environments. Install the modules as described in Use Microsoft Entra ID in Azure Automation to authenticate to Azure.
Note
To use MSOnline PowerShell, you must be a member of Microsoft Entra ID. Guest users can't use the module.
Create an Azure Automation account
To complete the steps in this article, you need an account in Azure Automation. See Create an Azure Automation account.
Add MSOnline and MSOnlineExt as assets
Now add the installed MSOnline and MSOnlineExt modules to enable Office 365 functionality. Refer to Manage modules in Azure Automation.
- In the Azure portal, select Automation Accounts.
- Choose your Automation account.
- Select Modules Gallery under Shared Resources.
- Search for MSOnline.
- Select the
MSOnlinePowerShell module and click Import to import the module as an asset. - Repeat steps 4 and 5 to locate and import the
MSOnlineExtmodule.
Create a credential asset (optional)
It's optional to create a credential asset for the Office 365 administrative user who has permissions to run your script. It can help, though, to keep from exposing user names and passwords inside PowerShell scripts. For instructions, see Create a credential asset.
Create an Office 365 service account
To run Office 365 subscription services, you need an Office 365 service account with permissions to do what you want. You can use one global administrator account, one account per service, or have one function or script to execute. In any case, the service account requires a complex and secure password. See Set up Office 365 for business.
Connect to the Microsoft Entra online service
Note
To use the MSOnline module cmdlets, you must run them from Windows PowerShell. PowerShell Core does not support these cmdlets.
You can use the MSOnline module to connect to Microsoft Entra ID from the Office 365 subscription. The connection uses an Office 365 user name and password or uses multi-factor authentication (MFA). You can connect using the Azure portal or a Windows PowerShell command prompt (does not have to be elevated).
A PowerShell example is shown below. The Get-Credential cmdlet prompts for credentials and stores them in the Msolcred variable. Then the Connect-MsolService cmdlet uses the credentials to connect to the Azure directory online service. If you want to connect to a specific Azure environment, use the AzureEnvironment parameter.
$Msolcred = Get-Credential
Connect-MsolService -Credential $MsolCred -AzureEnvironment "AzureCloud"
If you don't receive any errors, you've connected successfully. A quick test is to run an Office 365 cmdlet, for example, Get-MsolUser, and see the results. If you receive errors, note that a common problem is an incorrect password.
Note
You can also use the AzureRM module or the Az module to connect to Microsoft Entra ID from the Office 365 subscription. The main connection cmdlet is Connect-AzureAD. This cmdlet supports the AzureEnvironmentName parameter for specific Office 365 environments.
Create a PowerShell runbook from an existing script
You access Office 365 functionality from a PowerShell script. Here's an example of a script for a credential named Office-Credentials with user name of admin@TenantOne.com. It uses Get-AutomationPSCredential to import the Office 365 credential.
$emailFromAddress = "admin@TenantOne.com"
$emailToAddress = "servicedesk@TenantOne.com"
$emailSMTPServer = "outlook.office365.com"
$emailSubject = "Office 365 License Report"
$credObject = Get-AutomationPSCredential -Name "Office-Credentials"
Connect-MsolService -Credential $credObject
$O365Licenses = Get-MsolAccountSku | Out-String
Send-MailMessage -Credential $credObject -From $emailFromAddress -To $emailToAddress -Subject $emailSubject -Body $O365Licenses -SmtpServer $emailSMTPServer -UseSSL
Run the script in a runbook
You can use your script in an Azure Automation runbook. For example purposes, we'll use the PowerShell runbook type.
- Create a new PowerShell runbook. Refer to Create an Azure Automation runbook.
- From your Automation account, select Runbooks under Process Automation.
- Select the new runbook and click Edit.
- Copy your script and paste it into the textual editor for the runbook.
- Select ASSETS, then expand Credentials and verify that the Office 365 credential is there.
- Click Save.
- Select Test pane, then click Start to begin testing your runbook. See Manage runbooks in Azure Automation.
- When testing is complete, exit from the Test pane.
Publish and schedule the runbook
To publish and then schedule your runbook, see Manage runbooks in Azure Automation.
Next steps
- For details of credential use, see Manage credentials in Azure Automation.
- For information about modules, see Manage modules in Azure Automation.
- If you need to start a runbook, see Start a runbook in Azure Automation.
- For PowerShell details, see PowerShell Docs.
Feedback
Submit and view feedback for