Get-AzAutomationAccount doesn't currently return the resource id as of version 1.4.0. It should! :-) Should be an easy update.
Currently it returns these properties:
Thanks for the feedback. We will get this reviewed internally and share an update.
Just like the Automation resource page, a circle graph that demonstrates degree of compliance.1 vote
Thanks for the feedback. This is something we’ve been planning to add to the service. Monitoring\compliance for Automation. Please share if you have any specifc area you’d want to have captured that will impact your overall Automation Compliance.
We have multiple custom powershell modules. All are in CI/CD in Azure Devops.
I now have created a workaround to keep modules in Azure Automation up-to-date.
Publishing our modules to the PowerShell Gallery is not an option.
Please provide a way to link PowerShell modules to Azure DevOps Artifacts using a service connection / webhook / whatever, or to any other private repository for that matter.22 votes
Great suggestion. We will definately add this to our improvement plan around CI\CD integration.
Currently there is no alerting mechanism to alert when jobs in automation accounts get Completed with errors. The job shows completed, which means the runbook script has executed ok, but when we go inside the job we can see errors. There should be some alerting configured to know that the Automation job has completed with errors.1 vote
Thanks for your suggestion. This is under review.
It would be helpful if you allow terraform script to create a runbook in Azure Automation.21 votes
Thanks for the feedback. We are exploring ways of making Automation platform extensible to support other languages too.
Add a banner to the Azure portal - informing customers of impending webhook expiry - in a similar way to the banner for expiring runas accounts4 votes
Thanks for the feedback. The Product Group has identified it as an improvement & will add the capability if resourcing allows.
Azure DSC node configuration (MOF files) are currently limited to 1 MB in size. This limitation does not allow for significantly detailed or complex configurations.
In my specific scenario, we have several IIS websites in a our web farm and we've hit the limit of how many unique websites we can configure per server because the MOF file is larger than 1 MB. The resulting error is that the MOF cannot be encrypted by Azure DSC Automation.100 votes
Great feedback. We will consider this a bug to be addressed in the future.
Our runbooks crash because of the 400Mb RAM limit in Azure Automation. They do not crash when Running on a Hybrid Runbook Worker. The problem with the Hybrid Runbook worker is that it's not a Serverless model with pay per use. It would be good if we could:
1) Runbooks in Azure Automation that will not crash because of the 400 Mb limit
2) We can somehow remove the default PS Modules in an Automation Account which we don't need to lower the memory consumption. At the moment these modules cannot be removed.18 votes
Thanks for the feedback . The Product team has identifed this as one of the enhancements and improvement area in the service. It will be picked up as resourcing allows.
the Azure automation ip range should be added as an Azure trusted service so when I use vnet endpoints on storage accounts, etc and tell it to allow azure trusted services automation works.76 votes
The ask is under review. Storage team would be able to add Azure Automation as a trusted service, once Automation supports managed identity which is planned for March-End CY21.
I would like to use to Linux configuration by Ansible.22 votes
Thanks for the suggestion. We are exploring options to make the Automation platform extensible.
Say you have a configuration that applies to two servers behind a load balancer and it includes the installation of some software.
You now want to upgrade that software so you update the product ID and link to MSI.
Once the servers pick up the change and attempt to apply it, they could both do it simultaneously causing a system outage.
Having DSC respect Availability Groups and Zones would prevent this happening and allow the use of DSC for automatic upgrades.3 votes
This scenario is already addressed by Azure DevOps environments, however we have not done our part to make sure it is easy to understand how to integrate the two services. We will address this in our documentation.
We recently ran into an issue where the AzureRunAs cert expired and caused most automations to fail due to a connectivity error. The client hadn't checked on AA for a bit and didn't see the portal warning.
Would be nice to have an email alert option to alert admins when certificates stored in AA are nearing expiration, or generate a log we which we can use to build Azure Alerts or feed into OMS. As of now, we had to create an AA runbook that pulls cert info on a schedule and alerts if necessary.171 votes
The Product Group is coming up with the support of managed identity for Automation to be used instead of Runas account with a tentative ETA of CY21 March-End. All our investments would be towards moving customers to use managed identity rather than RunAs. With the support of managed identity , customers would not have to worry about the overhead of certificate management.
We will , however , prioritize email notification for cert expiry if resourcing allows.
System Center Service Manager (SCSM) only has connectors to SMA and Orchestrator. To be able to shift to Azure Automation for all our automations there have to be an Azure Automation SCSM connector. Please add this soon!63 votes
Great Feedback. We will get the ask triaged.
Sometimes when running code in a PS runbook something seems to hang. I'm getting the following error although the job probably finished long time ago:
"BadRequest: Test job is already running."
I would like to have the opportunity to clear any running test jobs to bypass this bug.107 votes
Great feedback that is currently under review
It would be very helpful to have the ability to "pause" a hybrid worker so that it can complete any running jobs without accepting new jobs. This would allow the worker to become passive for maintenance/patching.
We could then automate the rolling maintenance between hybrid workers to ensure availability and zero runbook downtime.14 votes
Great Feedback. We will pick this up as resourcing allows. More votes would help us priortize it better.
Today once you publish a runbook there is no way to put it in maintenance mode and prevent new jobs from being accepted. You only choices seem to be to delete the runbook so it is not shown as published (which loses all job history), or comment out the runbook code and publish that version so it basically does nothing. Would like to see a new menu option to Pause or Disable/Enable a published runbook.23 votes
Thats an excellent feedback. We will pick this up as resourcing allows.
This is currently not supported, but we are investigating possible implementations.
It would be nice to have an option to use an existing SPN instead of creating new SPN for each Azure Automation account for easy maintenance36 votes
Great Feedback. We are in the process of reviewing this ask.
Currently, i'm using azureKeyVault for account and secret but it didn't work in DSC automation configuration so i need to push to AzureAutomationCredential to access. Is it possible to allow access keyvault from automation ?16 votes
We are in the process of reviewing the ask internally.
You can define inconsistent types between runbook parameter type and the type of the parameter associated with a schedule. For example, if you have a runbook RB0, it has a parameter P0 of type Boolean.
You can actually use Register-AzureRmAutomationScheduledRunbook cmdlet to associate a schedule with parameter P0 of a string type.1 vote
Thanks for reporting this. We will look to address in a future cmdlet release.
- Don't see your idea?