Meteen naar de inhoud

Connect with an App trough Azure Automation Runbook

0
(0)

It’s been a while since i posted something. I have been gathering pieces from the internet to get a working script. The objective of today: Connect with an App Registration in Azure, using an Azure Automation Runbook. I turned to MS Graph to hunt down inactive guest users in our Azure AD. 

Small disclaimer: I do expect you to have some PowerShell knowledge and global Azure knowledge.

Requirements

  • A Subscription and Azure Automation Resource
  • Azure Premium P1 works fine
  • Global Admin (to grant Admin consent)

Why use Graph?

MSGraph seems to slowly replace the current PowerShell libraries and provides different information than the current PowerShell module I needed. Since Microsoft announced it will stop support on ‘Run As‘-accounts in Runbooks, I needed a different approach.

Let’s start: Creating the App

As said, we will use an app with sufficient rights to authenticate and execute commands. Create a new App Registration and come up with a fancy name. Use Single Tenant and leave Reply URL empty

After creating the App Registration, navigate to the API Permissions and add select ‘Graph’, which is currently a huge banner. Click Application Permissions, and add the permissions you require from Graph. Whatever you need depends on your script and which Scopes you require from MSGraph.

Do not forget to grant consent

Creating and adding a self-signed Certificate

To connect with MSGraph, we will need a certificate, else the connection will end up with an error message ‘A socket operation encountered a dead network’

Creating the certificate

Using this tutorial of Microsoft, you can create a self-signed certifcate.

$certname = "{certificateName}"    ## Replace {certificateName}
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256

$mypwd = ConvertTo-SecureString -String "{myPassword}" -Force -AsPlainText  ## Replace {myPassword}

Export-PfxCertificate -Cert $cert -FilePath "C:\tmp\$certname.pfx" -Password $mypwd   ## Specify your preferred location
Export-Certificate -Cert $cert -FilePath "C:\tmp\$certname.cer"   ## Specify your preferred location

Upload the certificate

The application requires a public certificate. Upload the certificate without the Private key. This should be the .cer file

After adding the certificate your Application is ready to connect to. The Thumbprint which will be showed after uploading the certificate, is needed. You can try this by connecting to the application using PowerShell on your laptop.

Connect-MgGraph -TenantId 'YOURTENANTID' -ClientId 'CLIENTIDOFTHEAPPLICATION' -CertificateThumbprint "THUMBPRINTOFCERT"
Disconnect-MgGraph

You should see something like this, note that the ApplicationName and the Scopes you assigned to it earlier are named:

Creating the Runbook and adding the certificate

Assuming you have already created an Automation Account, you start with uploading the .pfx as certificate here.

The pfx contains the private key you’ve created. Uploading the .cert file (as done before in the App Registration) will result in an error.

 

Importing the modules

Import the necessary modules for Powershell 5.1. Using Graph on Powershell 7.1 will result in the error ‘Could not load file or assembly Newtonsoft.Json’

For my Runbook I used the following libraries, the modules you need depends on what you aim to do with your application. Google is your best friend in this case 😉.

Create the Runbook

Create a new runbook and use Runtime version 5.1 and connect to Graph using the following code:

Connect-MgGraph -TenantId 'YOURTENANTID' -ClientId 'APPLICATIONID' -CertificateThumbprint "THUMBPRINTOFCERT" 

Disconnect-MgGraph

Use the ‘Test Pane’ and execute the code. If succesfull, you will see the confirmation, on your screen.

Done!

Well that’s it, depending on what you want to do. Add the code and requests you need Graph to do.

Hoe goed vond je dit artikel?

Stem

Gemiddelde waardering 0 / 5. Aantal stemmen: 0

Nog geen sterren vergeven, wees de eerste!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?