Reputation: 345
Best way to authenticate an Azure Automation Powershell script
I'm trying to implement a fairly simple PowerShell query, hosted in Azure Automation, to manage External Identities
I've set up a System Managed Identity and have successfully connected using Connect-AzAccount -Identity
But when I run it, it says You must call the Connect-AzureAD cmdlet before calling any other cmdlets
The next cmdlet is Get-AzureADPolicy, which I think triggered the above message
Following this blog, I tried this:
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext -ErrorAction Stop
Connect-AzureAD -TenantId $AzureContext.Tenant.TenantId -AccountId $AzureContext.Account.Id
and I get this: Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'
Am not at all sure now what to do; any help appreciated
PS: I'm aware there are quite few related questions, but I have not been able to find an answer to this particular query ...
Upvotes: 0
Views: 893
Answers (2)
Reputation: 345
With help from M/S support, I can now clarify the issue. The core point is that it is not possible to authenticate for AzureAD (with Connect-AzureAD) using Managed Identity; a Run As account must be used, at least currently
Further, for our use case, the Run As account had to have "Global Admin" role; "Owner" was not sufficient
It is of course possible to use Managed Identity for managing other Azure Resources (using Connect-AzAccount)
Upvotes: 1
Reputation: 1019
I was having the same issue and I resolved it by using the below commands. I have added comments to underline what each statement is meant for.
# Ensures you do not inherit an AzContext in your runbook. Out-Null is used to disable any output from this Cmdlet.
Disable-AzContextAutosave -Scope Process | Out-Null
# Connect to Azure with system-assigned managed identity.
$AzureContext = (Connect-AzAccount -Identity).context
# set and store context. Out-Null is used to disable any output from this Cmdlet.
Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext | Out-Null
Upvotes: 1
Related Questions
- Invoking PowerShell script from within dotnet with authentication using Connect-AzAccount service principal
- Azure Automation / Runbooks / Authentication
- How can I established credentials in PowerShell script running in an Azure Automation Account
- Using System Managed Identity in Azure Automation Account with PowerShell module MicrosoftTeams
- Azure Powershell passwordless authentication
- Authenticate powershell script using AccessToken
- Authenticating to Microsoft.Azure.Management.Automation.AutomationManagementClient without using management certificates
- Automate Authentication to Azure as Service Principal using Windows Powershell
- Azure automation - credentials delivered by Get-PSAutomationCredential don't work with Add-AzureAccount?
- Best way to authenticate powershell script for Azure resource managment