Edit

Manage Office 365 services

  • Article

You can use Azure Automation for management of Office 365 subscription services, for products such as Microsoft Word and Microsoft Outlook. Interactions with Office 365 are enabled by Microsoft Entra ID. See Use Microsoft Entra ID in Azure Automation to authenticate to Azure.

Prerequisites

You need the following to manage Office 365 subscription services in Azure Automation.

Install Microsoft Graph PowerShell

Use of Office 365 within Azure Automation requires the Microsoft Graph PowerShell module.

Install-Module Microsoft.Graph -Scope CurrentUser

Note

To use Microsoft Graph PowerShell, you must be a member of Microsoft Entra ID. Guest users can't use the module.

Create an Azure Automation account

To complete the steps in this article, you need an account in Azure Automation. See Create an Azure Automation account.

Create a credential asset (optional)

It's optional to create a credential asset for the Office 365 administrative user who has permissions to run your script. It can help, though, to keep from exposing user names and passwords inside PowerShell scripts. For instructions, see Create a credential asset.

Create an Office 365 service account

To run Office 365 subscription services, you need an Office 365 service account with permissions to do what you want. You can use one global administrator account, one account per service, or have one function or script to execute. In any case, the service account requires a complex and secure password. See Set up Office 365 for business.

Connect to the Microsoft Entra online service

Note

To use the Microsoft Graph PowerShell module cmdlets, you must run them from Windows PowerShell. PowerShell Core does not support these cmdlets.

You can connect to Microsoft Entra ID from the Office 365 subscription. The connection uses an Office 365 user name and password or uses multi-factor authentication (MFA). You can connect using the Azure portal or a Windows PowerShell command prompt (does not have to be elevated).

A PowerShell example is shown below. For more information, see Connect-MgGraph.

Connect-MgGraph -Scopes "Directory.Read.All"

If you don't receive any errors, you've connected successfully. A quick test is to run an Office 365 cmdlet, for example, Get-MgUser, and see the results.

Create a PowerShell runbook from an existing script

You access Office 365 functionality from a PowerShell script.

$emailFromAddress = "admin@TenantOne.com"
$emailToAddress = "servicedesk@TenantOne.com"
$emailSMTPServer = "outlook.office365.com"
$emailSubject = "Office 365 License Report"
$credObject = Get-AutomationPSCredential -Name "Office-Credentials"

Connect-MgGraph -Scopes "Directory.Read.All"

$O365Licenses = Get-MgSubscribedSku | Out-String
Send-MailMessage -Credential $credObject -From $emailFromAddress -To $emailToAddress -Subject $emailSubject -Body $O365Licenses -SmtpServer $emailSMTPServer -UseSSL

Run the script in a runbook

You can use your script in an Azure Automation runbook. For example purposes, we'll use the PowerShell runbook type.

  1. Create a new PowerShell runbook. Refer to Create an Azure Automation runbook.
  2. From your Automation account, select Runbooks under Process Automation.
  3. Select the new runbook and click Edit.
  4. Copy your script and paste it into the textual editor for the runbook.
  5. Select ASSETS, then expand Credentials and verify that the Office 365 credential is there.
  6. Click Save.
  7. Select Test pane, then click Start to begin testing your runbook. See Manage runbooks in Azure Automation.
  8. When testing is complete, exit from the Test pane.

Publish and schedule the runbook

To publish and then schedule your runbook, see Manage runbooks in Azure Automation.

Next steps