Microsoft plans to retire Azure Automation Run As Accounts on September 30, 2023 and replace them with managed identities. I don’t have any issue with the proposal because managed identities are more secure and a better overall solution. It would have been nice if Microsoft had communicated the change more broadly. I guess if you were in the know, you found out about this development, but maybe the average Microsoft 365 tenant administrator might have struggled to discover what’s happening.
This article explains how to make Teams policy assignments using an Azure Automation runbook and some of the modernized cmdlets available in the Teams PowerShell module. Not everything worked as smoothly as we’d like, but like most PowerShell scenarios, there’s usually a workaround available to get the job done. It just needs to be found.
Before an app or an Azure Automation account can use the Teams PowerShell cmdlets in a script or runbook, it must have the permission to act as an administrator. In this article, we cover how to assign the necessary role to a service principal.
This article describes how to use the Exchange.ManageAsApp permission to allow Azure AD apps to run Exchange Online PowerShell cmdlets. You can do this in the Azure AD admin center for registered apps, but when the time comes to allow Azure Automation runbooks to sign into Exchange Online with a managed identity, you must assign the permission to the automation account with PowerShell. Easy when you know how, hard when you don’t!