Configure an Azure Automation Account – An Addendum


Recently, I wrote a series of articles on getting started with Azure Automation.

Configure an Azure Automation Account – Part 1 – Start Me Up

Configure an Azure Automation Account – Part 2 – Credentials and Variables

Configure an Azure Automation Account – Part 3 – Validation Run Book

 

The Azure Active Directory account from Part 1 is created with a complex password which is configured to not expire.

New-MsolUser -UserPrincipalName AnneDroid@ninja-injury.com -DisplayName “Anne Droid” -FirstName Anne -LastName Droid -PasswordNeverExpires:$true -StrongPasswordRequired:$true -Password rd1gq!9518MYte£t7SfaGd7y0ycHYT

 

However, with one of my existing Azure Automation Accounts, I’d failed to set the password to not expire. Consequently, a number of my jobs failed and actually cost me money! Real money.

I won’t make that mistake again and here’s how I remedied it with the Azure Active Directory cmdlets:

Set-MsolUser -UserPrincipalName skynet@ninja-injury.com -PasswordNeverExpires $true

 

To err is human, to dream of electric sheep is android.

th2DC29C4O

Comments (3)

  1. JJ says:

    I don’t think this is an elegant way of provisioning automation accounts in AAD. It should be suggested by the author, to provision a service principal via New-AzureRmADApplication, New-AzureRmADServicePrincipal and using RBAC for the service principal as needed via New-AzureRmRoleAssignment.
    Security first…

  2. Indeed. Azure SM is dead (well, nodding off to an eternal sleep); long live Azure RM!

    The posts were a long time in being published and reflect actions I took before certain Azure RM capabilities were available. There’s also value in this post as many folks will have Azure SM setup and may encounter this issue.

    Anyway, thanks for the excellent feedback – I’m with you all the way, JJ

  3. BTW – when I wrote the posts, the Azure RBAC role – “Owner” – didn’t grant the necessary permissions against the subscription for the Automation account. Not sure if that’s now changed – best check…

Skip to main content