Configure an Azure Automation Account – An Addendum

Recently, I wrote a series of articles on getting started with Azure Automation.

Configure an Azure Automation Account – Part 1 – Start Me Up

Configure an Azure Automation Account – Part 2 – Credentials and Variables

Configure an Azure Automation Account – Part 3 – Validation Run Book


The Azure Active Directory account from Part 1 is created with a complex password which is configured to not expire.

New-MsolUser -UserPrincipalName -DisplayName "Anne Droid" -FirstName Anne -LastName Droid -PasswordNeverExpires:$true -StrongPasswordRequired:$true -Password rd1gq!9518MYte£t7SfaGd7y0ycHYT


However, with one of my existing Azure Automation Accounts, I'd failed to set the password to not expire. Consequently, a number of my jobs failed and actually cost me money! Real money.

I won't make that mistake again and here's how I remedied it with the Azure Active Directory cmdlets:

Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true


To err is human, to dream of electric sheep is android.


Comments (3)

  1. JJ says:

    I don’t think this is an elegant way of provisioning automation accounts in AAD. It should be suggested by the author, to provision a service principal via New-AzureRmADApplication, New-AzureRmADServicePrincipal and using RBAC for the service principal as needed via New-AzureRmRoleAssignment.
    Security first…

  2. Indeed. Azure SM is dead (well, nodding off to an eternal sleep); long live Azure RM!

    The posts were a long time in being published and reflect actions I took before certain Azure RM capabilities were available. There’s also value in this post as many folks will have Azure SM setup and may encounter this issue.

    Anyway, thanks for the excellent feedback – I’m with you all the way, JJ

  3. BTW – when I wrote the posts, the Azure RBAC role – “Owner” – didn’t grant the necessary permissions against the subscription for the Automation account. Not sure if that’s now changed – best check…

Skip to main content