LogoLogo
LogoLogo
  • Welcome
    • Navigation
  • RealmJoin Deployment
    • Onboarding
    • Required Permissions
    • Infrastructure Considerations
      • Multi User Devices
    • Migration to RealmJoin vNext
  • User, Group and Device Management
    • Overview
    • User Profile
    • Organization Details
    • User, Group and Device Lists
      • Advanced Search
      • User Details
      • Group Details
      • Device Details
    • User and Group Settings
      • Available RealmJoin Policies
  • App Management
    • Packages
      • Package Store
        • Application Store Details
      • Package Management
      • Package Details
      • Package Assignments
        • Package Migration
      • Package Settings
      • Packaging Requests
        • Organic Packages
    • AVD Templates
  • Automation
    • Connecting Azure Automation
      • Required Permissions
      • Runbook Parameters
    • Runbooks
      • Runbook Customization
      • Runbook Permissions
      • Naming Conventions
      • Runbook Scheduling
      • Runbook Logs
        • Runbook Job Details
      • Runbooks Changelog
    • Requirements
    • Remediation Scripts
  • RealmJoin Agent
    • Features
      • Local Admin Password Solution (LAPS)
        • KeyVault
        • Application Insights
      • Notifications
      • AnyDesk Integration
        • AnyDesk configuration
      • App Deployment using the Agent
        • RealmJoin ESP
    • Deploying the Agent
    • User Interface
  • Logs
    • Connecting Azure Log Analytics Workspace
    • Audit Log
  • RealmJoin Settings
    • Overview
    • General
    • Roles and Permissions
      • Pre-defined Roles
      • Custom Roles
        • Available Permissions
    • Group Namespaces
    • Workplace Cloud Storage
    • Self Service Forms
  • Developer Reference
    • RealmJoin API
      • Authentication
    • Interacting with Runbooks
    • Simulating a Runbook Environment
    • Local Admin Password Management
  • Other
    • FAQ
      • Security
    • Troubleshooting
      • Package Installation Issues
        • Collecting Logfiles
        • Logfiles Structure
        • Analysing chocolatey.log
        • Troubleshooting failed chocolatey packages
        • Troubleshooting failed craft packages
        • Fixes for common issues
        • Intunewin Debugging
      • LAPS Issues
        • LAPS account passwords cannot be retrieved
        • Requested LAPS Accounts are not being created
    • Changelog
  • Legal
    • Licensing
    • Support
  • RealmJoin Website
Powered by GitBook
On this page
  • Overview
  • Azure Environment
  • Subscription
  • Resource Group
  • Azure Automation Account
  • Connect to RealmJoin Portal
  • Entering Info - Part 1
  • Granting Access for RealmJoin to Azure Automation
  • Entering Information - Part 2
  • Granting Permissions to your Runbooks

Was this helpful?

Edit on GitHub
  1. Automation

Connecting Azure Automation

Last updated 7 months ago

Was this helpful?

Overview

To allow RealmJoin Portal to provide for automating daily tasks, you need to connect an Account. This Automation Account will host your runbooks as well as the needed for the runbooks to function in your environment.

This guide will help you to onboard either a new or existing Automation Account.

Azure Environment

Subscription

An Azure Subscription is needed to host your Automation Account. It is recommended to choose a subscription where only dedicated administrators will have access.

Please note down the Subscription Id as it will be needed later.

Resource Group

Choose or create an Azure Resource Group in your Azure Subscription, e.g. rjrb-automation.

Please note down the Resource Group's name as it will be needed later.

Azure Automation Account

Create an Azure Automation Account in the given Resource Group. In this example we will use the name c4a8toydariaazacc01 for the Automation Account. It will host your shared and private runbooks.

Please note down the Automation Account's name as it will be needed later.

Connect to RealmJoin Portal

Entering Info - Part 1

Granting Access for RealmJoin to Azure Automation

az provider register --namespace Microsoft.Automation
az ad sp create-for-rbac -n "RealmJoin Runbook Management" --role contributor --scopes /subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/rjrb-automation-01
  • Create, List and Update Runbooks

  • Start Runbooks

  • Display Jobs and Output

Please execute these two lines of code using AZ CLI with an administrative account that can create App Registrations and also grant contributor permissions on the chosen Resource Group.

The command will return multiple values. Please note down the values for appId and password.

You can review the resulting App Registration in Entra ID. It will be named "RealmJoin Runbook Management".

Entering Information - Part 2

  1. Press "Save" to start the initial import of runbooks. Please leave this window open until you see the message "Sync completed".

Granting Permissions to your Runbooks

Please be aware, the Automation Account (its , to be more precise) will potentially have far reaching in your environment, like the ability to modify group or user objects in Entra ID or mailboxes in Exchange Online. Please carefully limit the number of people with access to this Automation Account to prevent unwanted usage of the given permissions.

When reusing an existing Automation Account, be aware that RealmJoin Portal automates the creation, updating and removal of runbooks coming from the . This might not be possible for an existing Automation Account. If in doubt, it is recommended to create a dedicated Azure Automation Account for RealmJoin Runbooks.

It is assumed you already finished .

In RealmJoin Portal go to ''.

Fill in the Azure Tenant ID, Subscription ID and Resource Group name. You can review your Azure Tenant ID at To choose Subscription ID and Resource Group name, see .

Please leave the windows / wizard open for now. We will return shortly in .

RealmJoin Portal will create two lines of Code beneath ResourceGroup. Example (with anonymized example values):

Executing those lines will create an (Service Principal) in AzureAD that can interact with the your Automation Account. This is needed, so that RealmJoin can

RealmJoin Portal automatically included the information given .

You can use , so you don't need to install and authenticate a local copy of AZ CLI.

In RealmJoin Portal return to the open window/wizard for ''.

Continue filling in the missing values for appId and password we created in the . Also fill in the name of the Automation Account from .

Choose the Branch of the shared runbook repository you want to follow. If unsure, please choose production All runbook branches may be viewed here:

Choosing the location to make sure your runbooks are executed in the correct .

Please continue with Requirements in to allow your runbooks to interact with objects in your environment.

Managed Identity
permissions
shared online repository of runbooks
https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade
https://portal.azure.com/#create/Microsoft.ResourceGroup
https://portal.azure.com/#create/Microsoft.AutomationAccount
onboarding RealmJoin Portal
Settings -> Runbooks
AZ CLI
App Registration
Azure CloudShell
Settings -> Runbooks
https://github.com/realmjoin/realmjoin-runbooks
Azure region
Process Automation
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
above
part 2
above
last step
before
runbooks
Azure Automation
permissions
Create an Azure Resource Group
Automation Account Connection in RealmJoin Portal
Azure CloudShell - Create the App Registration
App Registrations in Azure Portal
Automation Account Connection in RealmJoin Portal