Azure Automation

Flow and Azure Automation, working in harmony!

Microsoft Flow

Recently, the Microsoft Flow action Azure Automation was released, allowing us to interact with Azure Automation from Flow.

Although since early releases of Microsoft Flow we’ve been able to interact with Azure Automation by creating WebJobs, it has proved that many technical staff are not yet familiar with these. I believe this partly has a hand in why we haven’t yet heard the amount of integration stories between Microsoft Flow and Azure Automation as first anticipated.

To me, the integration between Microsoft Flow and Azure Automation means we can now fill in the gaps where there may not be a Microsoft Flow action available yet. It allows us to run scripts on demand or on a schedule. All that being said, let’s focus on the now.

Today, I’ll be creating a Flow that is triggered manually and requires user input; on execution of Flow it will start a run job in Azure Automation. This job will be executing a PowerShell script to reset a user’s password.

If we think of the scenario where a Desktop Support Technician is walking by the good old water cooler and a staff member pulls them aside and says ‘Hey, IT guy… can you help? I can’t login. I forgot my password… again. Can you reset my password?’ Rather than the wonderful person in support being required to go back to their desk and log back into Office 365 to reset the user’s password, they can simply enter the user’s email and execute the Microsoft Flow to reset it for the forgetful employee. Super simple! While this example is valid for the moment, there may well be an action released to reset a user’s password in the near future. But the focus of this blog post is that, while there are many actions available in Microsoft Flow, there may not yet always be one available to meet your particular business need – that’s where Azure Automation could fill the gaps!

Okay, let’s start – we will need to have an Azure tenancy, along with Azure Automation Service added. I won’t go into these basic steps as there is plenty of information about these on the web.

Right, so you’re now in Azure and you’ve added the Azure Automation Service and created a runbook. For this Demo, I’ve created a runbook called ‘ResetUserPassword’

Before we can start, we will be requiring the MSOnline Module so we can access the Office 365 tenancy, so let’s go ahead and add this in.

Access your Azure Automation account and click Assets > Modules

I can now either browse or search the Gallery to find the MSOnline module I’m looking for. Click Import and the module is now available for use.

Next, we will be required to set up our credentials for our Office 365 tenancy. From the Azure Automation left hand panel click Credentials > Add a credential. When adding your credentials, you will be required to provide a friendly name (this is important for when we are creating our script), and the username and password for the Office 365 tenancy. In this example as I am resetting a users password I have an account with Administrator privileges. Depending you’re requirement you may need to use a service account or equivalent with elevated privileges.

Now that both the module and credentials have been set up for the Office 365 tenancy, we can begin writing the PowerShell script that will be resetting the user’s password.

For demo purposes, I have written this script directly into the browser and tested with the testing panel, which proves a little slow and clunky at times, but overall an okay way to test.

When creating Azure Automation scripts that are to include parameters to be provided from other applications, I find it best to start by adding in these parameters as the first things to write.

As I am looking to reset a user’s password, I want to pass the user’s email, so I will be setting up a string variable named $UserEmail – pay particular attention to this parameter name as it will be required in Flow to pass the parameter to Azure Automation.

 Param
     (
         [Parameter (Mandatory= $false)
         [String] $UserEmail = "",
     )

Once you have added your parameter it’s time to add the authentication details to connect to your Office 365 tenancy. In this example I’m doing this in two small lines of code.

 $creds = Get-AutomationPSCredential -Name 'MyDemoTenant’

Note: the name ‘MyDemoTenant’ is the friendly name created when you first added your Office 365 credentials above; this adds the credentials to a secure variable that we can use to connect to Office 365.

 Connect-MsolService -Credential $creds

If you happen to jump ahead and are testing as you go, you will most likely find that you cannot access and pass the parameters through Microsoft Flow to Azure as intended. I find that the parameters are not available either for consumption in Azure Automation or transmitting to Microsoft Flow until both the Azure runbook and a version of the Flow is published. This could be a bug and something soon to be ironed out, but it did require me to publish both before I could work with the parameters.

TIP: You may need to publish your runbook and Flow to access the parameters.

Now that the script is written and ready to go, let’s head over to Flow and provision a new personal Flow.

Login to Flow from: https://flow.microsoft.com/

Click Create new Flow > Create from Blank.

Now that a new Flow has been provisioned we can begin to configure our Flow.

As I am intending to reset a user’s password, I have selected ‘Flow button for mobile’ which will be used to pass on the user email address on the user account’s password to be reset.

.

Select the trigger ‘Flow button for mobile – Manually trigger a flow’

Once you’ve added the manual trigger action you will need to give the input a name and description; in this example I will be using UserEmail as the input name.

Now that the trigger is added, it’s time to add an action. In this example i’ll be using the Azure Automation (Create Job) action which allows me to fill out start my ‘ResetUserPassword’ runbook created earlier  and pass on the UserEmail parameter

So, we now have all the components we need to start wiring everything up!

As the Azure Automation action is added, you will need to logon with an account to your Azure tenancy. This can be the Azure tenancy connected with your Office 365 account or separate, it’s entirely up to you.

Fill out the details for the Subscription, Resource Group, Automation Account & Runbook Name.

The bit we are paying attention to is the Runbook Parameter that is now available to us: ‘UserEmail’. This becomes available once we have selected the RunBook name and it has recognised that the Runbook is requiring a parameter.

Select inside of the parameter input field and you will see that a whole range of options become available on the right hand side of the page. Select as the input name the name you created as part of the ‘Flow button for mobile – Manually trigger a flow’ trigger that you created.

IMPORTANT – I’m not sure if this is a bug while the Azure Automation action is in preview, but to get this working I did need to publish the Azure Automation PowerShell script first so that the parameter was available for consumption.

So now we have the parameter (user email address) executing and passing to our runbook, it’s time to finish off the script by adding in the Office 365 PowerShell goodness.

Param 
 (
 [Parameter (Mandatory= $false)]
 [String] $UserEmail = ""
 )

Write-Output "connecting to the demo tenant"
$creds = Get-AutomationPSCredential -Name 'MyDemoTenant'
Connect-MsolService -Credential $creds

#Resets the user password to Password1 temporarily, but is forced to reset the password on next logon
Set-MsolUserPassword -UserPrincipalName $UserEmail -NewPassword "Password1" -ForceChangePassword $true


So, now that both our flow & azure runbook’s are published it’s time to give it a go. I’ve installed the Flow app on my mobile, and as you can see there’s an awesome interface to start a new manually executed flow.

 

How easy is that!!!! If you have any questions please leave a comment.

Until next time.

See another one of our recent posts about – Azure Automation – What it is? Why should I use it?

Office 365

How I keep up to date with Office 365

Office 365 offers a wide variety of business productivity tools and is constantly releasing new features and tools. Just in the last few months we’ve seen Teams, Flow, PowerApps, and StaffHub, all launched for general availability. This isn’t even counting the constant updates released for existing O365 tools.

With all of these releases, you might feel that it’s too hard to keep up-to-date. I’ll share a few ways I use to keep up with new Office 365 features and tools. This can be applied to other industries and topics of interest, so feel free to pick and choose what works best for you.

Follow Microsoft’s official blogs

Office Blog

Microsoft provides a wealth of knowledge in their Office Blogs, covering topics from updates, customer success stories and feature updates, to education and adoption pieces. Did you know they recently released printable Office training roadmaps? That can help save some time in creating a training plan for your team.

If you don’t want to see everything, you can filter the posts based on what tools you use, which industry you’re in, or the kinds of topics you’re interested in knowing more about.

Follow non-Microsoft blogs

While Microsoft’s blogs are a useful way to hear the official message, it’s just as important to hear from industry professionals giving insights into how they use these tools in real life scenarios. Marc D Anderson writes insightful posts on SharePoint and Office 365, with posts targeted towards end-user scenarios, best practice advice, and developer tips.

We’ll also be sharing our expertise on O365 best practice and adoption tips, so why not subscribe to our feed while you’re at it!

How to get notified about new updates (RSS feeds are your best friend)

It’s great to have a lot of blogs to follow, but I don’t like having to periodically check for new posts; I want to be able to see them all in one view. RSS feeds have been around for a while and it’s still my go-to method for staying up-to-date with topics I care about.

If you aren’t familiar with RSS feeds, you might recognise the orange wireless signal icon sites on the edges of their site. It’s a universal standard that can be used in a number of sites and apps to create a feed of the latest published news from a site.

RSS

You can group these together using different aggregators (I’m a big fan of Feedly) to make it easy to see what’s new across many sites. It’s nice just to take out my phone while I’m in line or on the bus and quickly catch-up on a few new posts.

Feedly

What about your team? What about your investment in Office 365? RSS loves Office 365 as well.

You can create a Flow that posts new updates from an RSS feed to a Yammer Group. This has been an easy way for our team to engage (slipped it in perfectly) in discussions on new updates.

Do you use Teams? You can also use the RSS connector in Microsoft Teams to send updates to your Team’s conversation feed.

Create a Twitter list

Twitter list

A Twitter list is a handy way to follow specific accounts in a single feed. I’ve added a couple of accounts I’m interested in such as Office 365, Microsoft Office and Microsoft SharePoint, and while there is some overlap with the posts from the Office blogs, there’s enough unique content and retweets featured to make it useful.

I’ve even embedded the list to our intranet’s home page so everyone can see new tweets. Just as a side-note: to embed the list you’ll need to make it public so you should either use a company twitter account to do this or feel ok with your colleagues seeing your account.

Turn on first-release for O365 tenant

Reading about new features and updates can only take you so far – sometimes you just need to start using new features to see how they’ll best work. You can turn on First Release for your O365 tenant to receive updates early. This has helped me identify use-cases for tools/features that I might not have thought about until I’ve spent some time with it.

This is great if your organisation likes to be early adopters of new tools and features. If you like to wait until the full release, however, you can always designate individuals to receive the updates first, such as an IT team or pilot group, to make sure the new features are working as expected and provide feedback to Microsoft.

Check out the Office 365 roadmap

While most of my updates come from the methods above, I do look at the Office 365 Roadmap from time-to-time to see an overall view of planned and rolling out features. It’s also a good way to find out what happened to features that didn’t make it to general availability.

O365 Roadmap

Get involved in the community

The Microsoft Tech Community connects O365 enthusiasts and professional around the world to discuss current challenges and ideas with O365 tools.

Staff from Microsoft are on the site quite often and it’s an easy way to connect with them to clarify existing/planned functionality. They also sometimes post about new features before the accompanying full blog post is created so you can get a sneak peek.

Tech Community

There’s a lot of ways you can find out what’s new in Office 365 and at times it can get hard to keep up with everything – the important part is to pick and choose which works best for you. Even if you fall behind,  at the very least it’s good to check out the Office blogs monthly features post to see the biggest highlights.

Azure Automation

Azure Automation – What is it? Why should I use it?

After spending a fantastic week learning some of the new features of Office 365 and Azure at Ignite Australia 2016 on the Gold Coast it’s time to give back some of the learnings to the community.

So, what is Azure Automation and should you be using it?

Azure Automation was released in 2016 but it’s adoption and use is still low. This is because it’s seen as a relatively new addition to most enterprise customers’ Azure suite. Azure Automation brings the capability to create and execute run books that are essentially PowerShell scripts on a schedule, on demand or even integrated with HTTP enabled systems that can communicate with the book.  Azure Automation is free up to 500 hours of run time per month, which will satisfy most customers while trying out the service. After that the costs are 0.003 per minute,  more information on costs can be found https://azure.microsoft.com/en-au/pricing/details/automation/

Now the traditional techs would say but we can do this on a windows server and have it scheduled using Windows Task Scheduler. While this is true there is a truck load of features and benefits Azure Automation provides you by default that you just can’t get with your traditional server approach.

No more servers required to run a script 

In many cases a primary function of a server or machine is to run a script on a schedule or even worse the script is scheduled to run on a server that has nothing to do with the script and activities. Either way both scenarios aren’t desirable and ultimately are not the best way we could be Automating our processes.

Credentials managed in a secure way 

As an IT professional you need to ask yourself, how many times have you seen credentials baked into a PowerShell script? For me, I’ve seen it far too often and as the industry on a whole continues to heavily invest to SaaS offerings and a cloud first mentality security is as critical as ever. The Azure Automation Credentials Manager allows you enter your username/password which can be used in the PowerShell script by making a simple call to the azure automation credential manager

Scripts managed in runbooks

A runbook is essentially a script that can be run on a defined schedule. However, the awesome thing is you’re not limited to just setting a defined date and time. You can configure the runbook to have custom triggers using web hook. Web hook allows you to connect and pass on information through a simple http request.

There are so many use cases of how web hooks could be useful to your organisation.  Imagine a scenario where you have a Web based HR system where HR submits all the details of a new on-boarding staff member. Once those details are submitted and approved we can do a simple REST Post to the Webhook. This passes on the information of the user to the PowerShell script that runs some simple Azure Active Directory cmdlets to create a user. This is an example of a simple and achievable automation of what is generally an IT heavy process, where with Azure Automation would require zero IT intervention to have these users on-boarded.

In Summary, Azure Automation is a powerful tool. To connect and automate repeatable processes whether they are in the cloud or on premises is achievable with Azure Automation.