Anyone who has used Office 365 knows that just creating your users or syncing them via Azure AD Connect really isn’t enough; instead we almost always have to run scheduled PowerShell scripts to manage tasks such as adding licenses or enabling features, like litigation hold.

Usually I would run these scripts on a management server, or an Azure AD Connect server, but what do you do if you have no on-premises environment? Or no Windows VM’s in Azure? With Azure Automation you have the option to run basic PowerShell scripts without the need to run a full Windows OS, saving on licensing and compute costs.

Recently I needed to do just this for a cloud only based company. The below steps will show you how I configured Office 365 PowerShell using Azure Automation.

Prerequisites

  • An active Azure subscription. You can create a free test account here https://azure.microsoft.com/en-us/free/
  • A PowerShell script. I have attached an example script which sends an email showing used licenses in Office 365

Step 1 – Create an Azure Automation Account

Log into the new Azure portal https://portal.azure.com and browse to More Services / Automation Accounts. Click Add to create a new Automation account or use an existing account.

Name the Automation account and select your active Azure subscription. I have chosen to create a new resource group as this account does not require access to other Azure resources. An Azure Run As account is also not required.

Step 2 – Add the MSOnline Module

If your script connects to Office 365 using Connect-MsolService you will need to add the MSOnline PowerShell module. If you are only using a remote PowerShell session to Exchange Online this would not be required.

After selecting your Azure Automation account, select Assets then Modules

Select Browse gallery and search for the MSOnline PowerShell module

Click on the MSOnline module and click Import to import the module as an asset.

Step 3 – Create a Credential Asset (Optional)

This step is optional but I prefer to not have usernames and passwords inside PowerShell scripts for all to see. On the Assets page select Credentials.

Select Add a Credential and type the Office 365 username and password that has permissions to run your script.

Step 4 – Create the Automation Runbook

Next we will create the Runbook which will execute the PowerShell script. Click your Azure Automation account and select Runbooks.

Click Add a runbook.

Click Quick Create, Create a new runbook

Enter a name for the runbook and select PowerShell as the runbook type

Copy your PowerShell script into the runbook or use the below script as an example.

If you are using your own PowerShell script and created a credential asset you will now need to modify the script to import the credential. Expand the assets tree in the left menu, we can now see the name of the credential asset we created. Use the Get-AutomationPSCredential command to import the credential into your script. For further information on available cmdlets https://msdn.microsoft.com/en-us/library/dn690262.aspx

Capture

Click Save to save the runbook

To test the runbook, select Test pane, then Start. The runbook should execute and anything that is written to the host will be shown in this window.

Step 5 –Publish and Schedule the Runbook

Once you are happy that the runbook is running correctly, select Publish which will make the runbook available to schedule.

To create a schedule, select Schedules, then Add a Schedule.

Select Link a schedule to your runbook and Create a new schedule. In the below example I have a schedule that runs daily at 7:00 AM.

Capture1

Once the schedule is created, highlight it and click OK. It should now be linked to your runbook.

That’s it. Hopefully this will help you easily move your PowerShell scripts to Azure Automation.

Category:
Azure Platform, PowerShell

Join the conversation! 6 Comments

  1. Great guide, thanks.
    One thing I would like to automate is a task to search for specific cmdlets that have been run against specific mailboxes. For some reason I cannot get Azure automation to recognise the ‘Search-AdminAuditLog’ cmdlet despite having AzureAD and MSOnline modules loaded/imported.
    Any ideas?

  2. Great Article. Thanks:)

  3. Hi Clayton,
    Can i use a CSV file with the script? The csv where need to be stored? Thanks

  4. What about for the account having MFA enabled? Any additional modules for MFA ?

Comments are closed.