Automation

Azure Automation allows you to automate the creation, monitoring, deployment, and maintenance of resources in your Azure environment using a highly-available workflow execution engine. Orchestrate time-consuming, error-prone, and frequently repeated tasks against Azure and third party systems to decrease time to value for your cloud operations.

Visit the Automation page to learn more about Automation and how to get started.

How can we improve Azure Automation service?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Automation should support using pre-existing Service Principals for RunAs connections

    Currently the only *supported* method for adding a RunAs connection to an Azure Automation account is to create a new Service Principal. By default the SP is created with Contributor access to the entire subscription.

    This is not ideal for several reasons:
    * Contributor access to a subscription is a relatively high level of access. I would like to ensure that my automation accounts are more tightly constrained.
    * The auto-generated name for the SP can cause problems in accounts that have applied a naming standard/governance model to SP accounts.
    * Since we are unable to reuse our existing SPs…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Role Based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Delete subscriptions without first removing RBAC role definitions /assignable scopes

    We have a custom RBAC role definition that we link to new subscriptions. If we delete a subscription without first removing the link with the RBAC role definition, we are unable to link this role definition to new subscriptions. This is blocking our environment, because we are not able to adapt our current role and rights model.

    So, it should be possible to remove subscriptions without first removing the link(s) with role definitions /assignable scopes.

    See ticket 117020815287840 for more information.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Role Based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow 'Protected' RunBook items in the Admin Portal

    Description : Until granular permissions for items becomes available per administrator, allow critical RunBooks to be marked as protected and with a password requirement.

    Reason : Critical runbooks need to be protected as much as possible from accidental deleted or editing. Mitigate possibility of human error.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Role Based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Beth Cooper responded

    Would role based access control solve this problem for you?

    Also, are you interested in protecting runbooks from being started or just edited and deleted?

    Thanks,
    Beth

  4. Automation Operator Status View

    We need a mechanism to allow automation operators to read the current status of the runbook. I was using the 'Output' stream to notify the automation operator of which step the runbook was on, but that stream has been removed. I don't want to write to the error or warning streams for status updates (this is counter-intuitive if the status is good). The output window was a perfect solution for this.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Role Based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. Automation Account: Lower default permissions for RunAs Account

    Instead of Contributor permissions on subscription level, the RunAs account should only have permissions in the scope of the resource group that holds the Automation Account. Imho, always start with least principle rather than the other way round.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. Trigger for Azure Automation Runbook needs Webhook writing permission.

    We want feature about RABC for action group.
    If Automation Runbook is selected in action group configuration, the user need permission for over Contributor at Subscription.

    If permission is Owner for Resource Group, we can not configure Automation trigger.
    This is because Automation trigger needs also webhook writing permission in configuration.

    Now, configuration is only permitted to Contributor or Owner of Subscription.
    It is very hard to permit these Role in every customer.
    If there is Webhook role for writing and reading, this issue will be resolved easily.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Role Based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base