Manage Office 365 services

You can use Azure Automation for management of Office 365 subscription services, for products such as Microsoft Word and Microsoft Outlook. Interactions with Office 365 are enabled by Azure Active Directory (Azure AD). See Use Azure AD in Azure Automation to authenticate to Azure.

Prerequisites

You need the following to manage Office 365 subscription services in Azure Automation.

Install the MSOnline and MSOnlineExt modules

Use of Office 365 within Azure Automation requires Microsoft Azure Active Directory for Windows PowerShell (MSOnline module). You'll also need the module MSOnlineExt, which simplifies Azure AD management in single- and multi-tenant environments. Install the modules as described in Use Azure AD in Azure Automation to authenticate to Azure.

Note

To use MSOnline PowerShell, you must be a member of Azure AD. Guest users can't use the module.

Create an Azure Automation account

To complete the steps in this article, you need an account in Azure Automation. See Create an Azure Automation account.

Add MSOnline and MSOnlineExt as assets

Now add the installed MSOnline and MSOnlineExt modules to enable Office 365 functionality. Refer to Manage modules in Azure Automation.

  1. In the Azure portal, select Automation Accounts.
  2. Choose your Automation account.
  3. Select Modules Gallery under Shared Resources.
  4. Search for MSOnline.
  5. Select the MSOnline PowerShell module and click Import to import the module as an asset.
  6. Repeat steps 4 and 5 to locate and import the MSOnlineExt module.

Create a credential asset (optional)

It's optional to create a credential asset for the Office 365 administrative user who has permissions to run your script. It can help, though, to keep from exposing user names and passwords inside PowerShell scripts. For instructions, see Create a credential asset.

Create an Office 365 service account

To run Office 365 subscription services, you need an Office 365 service account with permissions to do what you want. You can use one global administrator account, one account per service, or have one function or script to execute. In any case, the service account requires a complex and secure password. See Set up Office 365 for business.

Connect to the Azure AD online service

Note

To use the MSOnline module cmdlets, you must run them from Windows PowerShell. PowerShell Core does not support these cmdlets.

You can use the MSOnline module to connect to Azure AD from the Office 365 subscription. The connection uses an Office 365 user name and password or uses multi-factor authentication (MFA). You can connect using the Azure portal or a Windows PowerShell command prompt (does not have to be elevated).

A PowerShell example is shown below. The Get-Credential cmdlet prompts for credentials and stores them in the Msolcred variable. Then the Connect-MsolService cmdlet uses the credentials to connect to the Azure directory online service. If you want to connect to a specific Azure environment, use the AzureEnvironment parameter.

$Msolcred = Get-Credential
Connect-MsolService -Credential $MsolCred -AzureEnvironment "AzureCloud"

If you don't receive any errors, you've connected successfully. A quick test is to run an Office 365 cmdlet, for example, Get-MsolUser, and see the results. If you receive errors, note that a common problem is an incorrect password.

Note

You can also use the AzureRM module or the Az module to connect to Azure AD from the Office 365 subscription. The main connection cmdlet is Connect-AzureAD. This cmdlet supports the AzureEnvironmentName parameter for specific Office 365 environments.

Create a PowerShell runbook from an existing script

You access Office 365 functionality from a PowerShell script. Here's an example of a script for a credential named Office-Credentials with user name of admin@TenantOne.com. It uses Get-AutomationPSCredential to import the Office 365 credential.

$emailFromAddress = "admin@TenantOne.com"
$emailToAddress = "servicedesk@TenantOne.com"
$emailSMTPServer = "outlook.office365.com"
$emailSubject = "Office 365 License Report"

$credObject = Get-AutomationPSCredential -Name "Office-Credentials"
Connect-MsolService -Credential $credObject

$O365Licenses = Get-MsolAccountSku | Out-String
Send-MailMessage -Credential $credObject -From $emailFromAddress -To $emailToAddress -Subject $emailSubject -Body $O365Licenses -SmtpServer $emailSMTPServer -UseSSL

Run the script in a runbook

You can use your script in an Azure Automation runbook. For example purposes, we'll use the PowerShell runbook type.

  1. Create a new PowerShell runbook. Refer to Create an Azure Automation runbook.
  2. From your Automation account, select Runbooks under Process Automation.
  3. Select the new runbook and click Edit.
  4. Copy your script and paste it into the textual editor for the runbook.
  5. Select ASSETS, then expand Credentials and verify that the Office 365 credential is there.
  6. Click Save.
  7. Select Test pane, then click Start to begin testing your runbook. See Manage runbooks in Azure Automation.
  8. When testing is complete, exit from the Test pane.

Publish and schedule the runbook

To publish and then schedule your runbook, see Manage runbooks in Azure Automation.

Next steps