In the fast-paced world of IT operations and cloud management, the ability to automate repetitive tasks is no longer a luxury; it’s a necessity. That’s where Azure Automation comes into play. Whether you’re managing thousands of virtual machines, rotating credentials, or applying patches, setting up an Azure Automation Account provides you with a scalable, serverless automation platform.
But before diving into scripts and runbooks, let’s start with the foundational step: Setup Azzure automation Account. In this guide, you’ll not only learn how to set it up properly but also get real-world insights and strategies to avoid common pitfalls.
What Is Azure Automation and Why It Matter
Azure Automation is a Microsoft cloud service that allows IT pros and DevOps engineers to automate frequent, time-consuming, and error-prone cloud management tasks. It’s part of Azure’s ecosystem but flexible enough to operate across hybrid environments.
Key features include:
- PowerShell and Python runbooks
- Process automation
- Configuration management (DSC)
- Update management
- Shared resources and hybrid worker support
Azure Automation vs Logic Apps vs Azure Functions
| Feature / Service | Azure Automation | Azure Functions | Logic Apps |
|---|---|---|---|
| Target Audience | IT Ops, Sysadmins | Developers | Business Analysts, IT integrators |
| Best For | Runbooks, patching, DSC | Event-driven custom code | Workflow-based integration |
| Languages | PowerShell, Python | C#, JavaScript, Python | Declarative JSON-based workflows |
| Trigger Type | Scheduled or webhook | HTTP/event-based | Triggers and connectors |
| Hybrid Support | ✅ Yes (via Hybrid Runbook Worker) | ❌ Limited | ❌ Not designed for on-prem tasks |
➡️ When your goal is deep automation of infrastructure tasks across hybrid environments, Azure Automation is your best bet.
How to Setup Azure Automation Account (Step-by-Step)
Before you begin, ensure you have the following:
- An active Azure subscription
- Contributor or Owner role on the target resource group
🔹 Step 1: Navigate to Azure Automation
- Go to portal.azure.com.
- In the search bar, type “Automation Accounts”.
- Click “Create”.
🔹 Step 2: Configure Basic Settings
| Field | Description |
|---|---|
| Subscription | Select your Azure subscription |
| Resource Group | Choose an existing group or create new |
| Automation Account Name | Unique name (e.g., OpsAutomation01) |
| Region | Choose the closest region for latency |
✅ Best Practice: Choose the same region as the resources you’ll automate to reduce execution latency.
🔹 Step 3: Advanced Configuration
You’ll see options for enabling Managed Identity, Diagnostic Settings, and Public Network Access.
- Managed Identities → Choose System Assigned
- This is essential for accessing Azure resources securely
- Public Network Access → Enabled (recommended for development environments)
🔐 Security Tip: In production, use private endpoints and restrict access using Azure Firewall or NSGs.
🔹 Step 4: Review + Create
Review your settings and hit Create. The deployment usually completes in under 60 seconds.
🔹 Step 5:Allow Azure Automation Account Access Key Vault
To securely access secrets stored in Azure Key Vault from your runbooks, you must grant your Automation Account’s Managed Identity the appropriate permissions using Azure Role-Based Access Control (RBAC) instead of manually creating access policies.
Here’s how to do it:
Prerequisites
- Ensure System-Assigned Managed Identity is enabled on your Automation Account (you did this in Step 2). Or you can go to Identity and make sure System Assigned is On
- A Key Vault already exists.
Check the Azure Key Vault Setup Tutorial blog on how to create Azure Key Vault
Assign the Role in the Azure Portal
- Go to the Automation Account in the Azure portal.
- In the left pane, select Account Settings → Identity → Azure Role Assignment
- Click + Add role assignment.
- Fill the following field and click on Save
| Field | Description |
|---|---|
| Scope | Select Key Vault |
| Subscription | Select the Subscription for the Key Vault |
| Resource | Select the resource group for the Key Vault |
| Role | Choose Key Vault Secret User (or the Preferred option) |
- After 60 seconds, you should see the premises
💡 Why use RBAC instead of Access Policies?
Azure recommends using RBAC for Key Vault access for fine-grained, scalable, and auditable control, especially in enterprise and automated environments.
Inside the Azure Automation Account: What You Get
Once provisioned, your account comes with:
- Runbooks: Where you write and execute automation scripts.
- Assets: Includes variables, credentials, certificates, connections.
- Modules: PowerShell modules like
AzorMicrosoft.Graph. - Hybrid Workers: Extend automation to on-prem servers.
- Update Management: Manage patching across Azure and non-Azure VMs.
Creating Your First Runbook
🔸 Step 1: Go to the Azure Automation Runbooks Section
- Click on Runbooks.
- Select + Create a runbook.
- Fill the below fields
- Name:
UpdateIntuneDevicesPrimaryUser - Runbook Type: PowerShell
- Runtime version: PowerShell 7.2 (recommended)
- Name:
🔸 Step 2: Add a Simple Script
You can add any script that you would like to automate. For example, you can use the script to automate setting the Intune device’s primary user to the last logged-on user.
Once done, you can save, test the script, or publish it to be ready for scheduling
🔸 Step 3: Create and Schedule Your Runbook
To automate the runbook, you need to link it to a schedule:
- Open your runbook and click Link to schedule.
- Select + Add a schedule.
- Set the schedule:
- Name:
DailyReport - Recurrence: Recurring → Daily at 7:00 PM (for example)
- Name:
- Click Create, then OK to link the schedule to the runbook.
🔄 Bonus Tip: You can link the same runbook to multiple schedules for different environments (e.g., dev/test/prod).
Personal Insights: Lessons from Real-World Deployment
During a cloud migration project at a large facilities management firm, we relied heavily on Azure Automation for:
- Restarting services nightly on legacy VMs
- Syncing user groups between Azure AD and on-prem AD
- Auto-scaling lab environments outside business hours
Here’s what we learned:
- Modularise Scripts: Keep your runbooks modular—smaller scripts are easier to debug and reuse.
- Use Source Control: Integrate with GitHub or Azure DevOps to track changes.
- Leverage Schedules: Combine with
Scheduleassets to automate routine jobs.
Key Best Practices for Azure Automation Account Management
| Best Practice | Why It Matters |
|---|---|
| Enable Diagnostic Logs | Helps troubleshoot failed runbooks |
| Use Azure Key Vault for secrets | Avoid storing credentials in plain text |
| Tag your assets | Reduce the risk of accidental impact |
| Separate Dev and Prod Automation | Reduce risk of accidental impact |
| Monitor with Log Analytics | Track performance and failure rates over time |
Useful Integrations to Enhance Your Azure Automation
- Azure Monitor: Trigger runbooks from alerts
- Azure Logic Apps: Use a runbook as part of a broader workflow
- Azure Key Vault: Securely reference secrets or certificates
- Azure DevOps: Integrate CI/CD pipelines with runbooks
Conclusion
The ability to setup an Azure Automation Account properly can make or break your infrastructure automation efforts. From simple PowerShell scripts to orchestrating enterprise-wide patching schedules, Azure Automation is your go-to solution for scalability, security, and control.
By following this guide, you’ve not only learned how to get started but also how to optimise your use of Azure Automation with real-world context, security considerations, and operational efficiency in mind.
