How to use EasyLife PowerShell in Azure Automation
You can use the EasyLife365.Collaboration PowerShell module in an Azure Automation runbook.
Prerequisites
You need an Azure Automation account with a system assigned managed identity. If you don't have an Automation Account in your subscription you can create one using the Az
Powershell module. The following example first creates a new resource group with the name easylife-automation
in the location West Europe
and then creates an automation account with the name azautomation1
in the new resource group.
$accountName = 'azautomation1'
$rgName = 'easylife-automation'
$location = 'West Europe'
Connect-AzAccount
New-AzResourceGroup -Name $rgName -Location $location
New-AzAutomationAccount -Name $accountName -ResourceGroupName $rgName -Location $location
After creating the account, enable the system assigned managed identity and get its object id in the Entra ID Portal or with the following commands:
Set-AzAutomationAccount -Name $accountName -ResourceGroupName $rgName -AssignSystemIdentity
# it can take a moment before the following command returns anything
# make a note of the Id in my case it's da9ea79a-55d4-463f-b1a2-4b5ab1060909
Get-AzADServicePrincipal -DisplayName $accountName
You will be using the system assigned managed identity to connect to the Graph API. To assign the required permissions to the managed identity you can use the following commands:
Install-Module Microsoft.Graph.Authentication,Microsoft.Graph.Applications
Import-Module Microsoft.Graph.Authentication,Microsoft.Graph.Applications
Connect-MgGraph -Scopes AppRoleAssignment.ReadWrite.All, Application.Read.All
Grant-EasyAppPermissions -ServicePrincipalId da9ea79a-55d4-463f-b1a2-4b5ab1060909
The EasyLife PowerShell module uses four modules of the Microsoft Graph PowerShell SDK, Azure Automation does not automatically install dependencies. You can add the modules manually using the Entra ID Portal or with the following PowerShell command. Please install the module Microsoft.Graph.Authentication
first as the other modules depend on it.
$moduleNames = @('Microsoft.Graph.Authentication','Microsoft.Graph.Groups','Microsoft.Graph.Users','Microsoft.Graph.Teams')
$moduleVersion = '1.21.0'
$moduleNames | ForEach-Object {
New-AzAutomationModule -AutomationAccountName $accountName -ResourceGroupName $rgName -Name $_ -ContentLinkUri "https://www.powershellgallery.com/api/v2/package/$_/$moduleVersion"
}
Once the installation of the Microsoft Graph modules is finished, you can install the module EasyLife365.Collaboration. Like with modules above, you can install it using the Entra ID Portal or with the following command:
New-AzAutomationModule -AutomationAccountName $accountName -ResourceGroupName $rgName -Name EasyLife365.Collaboration -ContentLinkUri "https://www.powershellgallery.com/api/v2/package/EasyLife365.Collaboration/1.0.4"
Create the runbook
After installing the required modules, you can create a new runbook of type PowerShell. Please select version 5.1
if you create the runbook in the portal, alternatively you can use the following command:
New-AzAutomationRunbook -Name 'easylife' -Type PowerShell -AutomationAccountName $accountName -ResourceGroupName $rgName