Creating an Azure Run As Account

I have to ship this information to various people from time to time, so, instead of having to go grab screenshots each time and detail out the process, just going to throw this here.

In my previous post (and subsequent presentations on the subject of Azure Runbooks), I often gloss over the use of an Azure Run As Account, as for the purposes of those presentations, this was not required. Azure Run As Accounts provide a means for authentication in Azure, so that your Azure Runbooks can manage Azure resources. Otherwise, you would need to authenticate to Azure in your Runbook scripts as you would from your own computer remotely. For more in-depth information, here’s a link to the documentation on it.

To create an Azure Run As Account in an existing Azure Automation account, perform the following actions.

First, go into your Automation Account

Then, scroll down to Account Settings, and choose Run as accounts

Then click on Create under Azure Run As Account (not the Classic one… unless you need a classic run as account)

Then click on Create, and Azure will handle the rest…

Then, in your code, you can easily authenticate to Azure using the following code in your scripts:

#region ConnectToAzure
try {
    $ServicePrincipalConnection=Get-AutomationConnection -Name "AzureRunAsConnection"

    "Logging in to Azure…"
    $AzureRmAccount = Add-AzureRmAccount `
         -ServicePrincipal `
        -TenantId $ServicePrincipalConnection.TenantId `
        -ApplicationId $ServicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $ServicePrincipalConnection.CertificateThumbprint
} catch {
    if (!$ServicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
         throw $_.Exception
    }
}
#endregion ConnectToAzure