Manage Office 365 services
You can use Azure Automation for management of Office 365 subscription services, for products such as Microsoft Word and Microsoft Outlook. Interactions with Office 365 are enabled by Microsoft Entra ID. See Use Microsoft Entra ID in Azure Automation to authenticate to Azure.
You need the following to manage Office 365 subscription services in Azure Automation.
- An Azure subscription. See Subscription decision guide.
- An Automation object in Azure to hold the user account credentials and runbooks. See An introduction to Azure Automation.
- Microsoft Entra ID. See Use Microsoft Entra ID in Azure Automation to authenticate to Azure.
- An Office 365 tenant, with an account. See Set up your Office 365 tenant.
Install the MSOnline and MSOnlineExt modules
Use of Office 365 within Azure Automation requires Microsoft Entra ID for Windows PowerShell (
MSOnline module). You'll also need the module
MSOnlineExt, which simplifies Microsoft Entra management in single- and multi-tenant environments. Install the modules as described in Use Microsoft Entra ID in Azure Automation to authenticate to Azure.
To use MSOnline PowerShell, you must be a member of Microsoft Entra ID. Guest users can't use the module.
Create an Azure Automation account
To complete the steps in this article, you need an account in Azure Automation. See Create an Azure Automation account.
Add MSOnline and MSOnlineExt as assets
Now add the installed MSOnline and MSOnlineExt modules to enable Office 365 functionality. Refer to Manage modules in Azure Automation.
- In the Azure portal, select Automation Accounts.
- Choose your Automation account.
- Select Modules Gallery under Shared Resources.
- Search for MSOnline.
- Select the
MSOnlinePowerShell module and click Import to import the module as an asset.
- Repeat steps 4 and 5 to locate and import the
Create a credential asset (optional)
It's optional to create a credential asset for the Office 365 administrative user who has permissions to run your script. It can help, though, to keep from exposing user names and passwords inside PowerShell scripts. For instructions, see Create a credential asset.
Create an Office 365 service account
To run Office 365 subscription services, you need an Office 365 service account with permissions to do what you want. You can use one global administrator account, one account per service, or have one function or script to execute. In any case, the service account requires a complex and secure password. See Set up Office 365 for business.
Connect to the Microsoft Entra online service
To use the MSOnline module cmdlets, you must run them from Windows PowerShell. PowerShell Core does not support these cmdlets.
You can use the MSOnline module to connect to Microsoft Entra ID from the Office 365 subscription. The connection uses an Office 365 user name and password or uses multi-factor authentication (MFA). You can connect using the Azure portal or a Windows PowerShell command prompt (does not have to be elevated).
A PowerShell example is shown below. The Get-Credential cmdlet prompts for credentials and stores them in the
Msolcred variable. Then the Connect-MsolService cmdlet uses the credentials to connect to the Azure directory online service. If you want to connect to a specific Azure environment, use the
$Msolcred = Get-Credential Connect-MsolService -Credential $MsolCred -AzureEnvironment "AzureCloud"
If you don't receive any errors, you've connected successfully. A quick test is to run an Office 365 cmdlet, for example,
Get-MsolUser, and see the results. If you receive errors, note that a common problem is an incorrect password.
You can also use the AzureRM module or the Az module to connect to Microsoft Entra ID from the Office 365 subscription. The main connection cmdlet is Connect-AzureAD. This cmdlet supports the
AzureEnvironmentName parameter for specific Office 365 environments.
Create a PowerShell runbook from an existing script
You access Office 365 functionality from a PowerShell script. Here's an example of a script for a credential named
Office-Credentials with user name of
admin@TenantOne.com. It uses
Get-AutomationPSCredential to import the Office 365 credential.
$emailFromAddress = "admin@TenantOne.com" $emailToAddress = "servicedesk@TenantOne.com" $emailSMTPServer = "outlook.office365.com" $emailSubject = "Office 365 License Report" $credObject = Get-AutomationPSCredential -Name "Office-Credentials" Connect-MsolService -Credential $credObject $O365Licenses = Get-MsolAccountSku | Out-String Send-MailMessage -Credential $credObject -From $emailFromAddress -To $emailToAddress -Subject $emailSubject -Body $O365Licenses -SmtpServer $emailSMTPServer -UseSSL
Run the script in a runbook
You can use your script in an Azure Automation runbook. For example purposes, we'll use the PowerShell runbook type.
- Create a new PowerShell runbook. Refer to Create an Azure Automation runbook.
- From your Automation account, select Runbooks under Process Automation.
- Select the new runbook and click Edit.
- Copy your script and paste it into the textual editor for the runbook.
- Select ASSETS, then expand Credentials and verify that the Office 365 credential is there.
- Click Save.
- Select Test pane, then click Start to begin testing your runbook. See Manage runbooks in Azure Automation.
- When testing is complete, exit from the Test pane.
Publish and schedule the runbook
To publish and then schedule your runbook, see Manage runbooks in Azure Automation.