Introduction
Azure Automation enables administrators to automate recurring cloud management tasks that can be time-consuming and problematic, as a result, it’s effective at reducing operating costs and improving efficiency. In this article, I will go over how to use PnP PowerShell to connect to SharePoint with Azure Automation. This will demonstrate how to create the Azure Automation account, Run Book, install modules and configure the variables and credentials required and connect to SharePoint.
Steps
- Create an Azure AD App Registration using PnP.Powershell
- Create an Azure Automation
- Create a PowerShell Runbook
- Test
Create an Azure AD App
Step 1
Install PnP.PowerShell if not installed,
Install-Module -Name PnP.PowerShell
Step 2
Register a new Azure AD app registration using the below command, In this case, my password is "password", keep ut handy as we need this in further steps.
Register-PnPAzureADApp -ApplicationName sp1226Automation -Tenant sp1226.onmicrosoft.com -OutPath c:\users\lovy.jain -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) -CommonName MyCertificate -DeviceLogin
Step 3
Authenticate using your tenant admin account and click OK
Step 4
After sign-up and verification, it will start consent flow.
Step 5
After that, you must consent to the default permission applied to this App. Check out the default permission applied to the app.
Step 6
After this step, the App is created successfully in Azure Portal and the Certificates (pfx,cer) are generated in the local folder specified. Save the path of the file as we need the pfx file in further steps.
Create an Azure Automation account and configure the settings
Step 1
Browse through the Azure resources in the marketplace and search for “Automation” and create it.
Step 2
After the successful creation of the Azure Automation account, we need to add the pnp.powershell module which will be used to authenticate SharePoint in PowerShell. Select the module tab in the left tab.
Step 3
Now after clicking on Browse Gallery, select the pnp.powershell as this module is not available by default.
Step 4
And click on import to include in your Automation account.
Step 5
Now create the certificate - Go to the Certificate tab in your Shared Resources of Automation account. Upload the certificate(pfx) generated at the end of Step 1 and enter the password given while creating the Azure AD app in Step 1.
Step 6 - Create the credentials
Go to the Credentials, and add the new credential. We can add a new user name and password (which is the same which we have given while creating an Azure AD app in this case it's "password").
Create a new runbook and authenticate SharePoint using PnP.PowerShell
Step 1
Create a new Azure runbook with the type PowerShell.
Step 2
Edit the runbook created and paste the below code. In this, we are connecting with SharePoint using PnP.PowerShell.
Change the below code to include your appid (created in step 1) and appAdTenant (name of your tenant). For best practice store these in the Automation variable but let's use them here only.
$azureAutomateCreds = Get-AutomationPSCredential -Name 'AzureAppCertPassword'
$appCert = Get-AutomationCertificate -Name "AzureAppCertificate"
$baseSite = "https://sp1226.sharepoint.com/sites/portal"
$appId = "81ea6af4-0b27-4b8f-9f82-9e06954d6244"
$appAdTenant = "sp1226.onmicrosoft.com"
$base64Cert = [System.Convert]::ToBase64String($appCert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $azureAutomateCreds.Password))
# Connect to the standard SharePoint Site
$siteConn = Connect-PnPOnline -ClientId $appId -CertificateBase64Encoded $base64Cert -CertificatePassword $azureAutomateCreds.Password -Url $baseSite -Tenant $appAdTenant -ReturnConnection
$web = Get-PnPWeb -Connection $siteConn
$web.Title
$list = New-PnPList -Title "Demo List" -Url "lists/DemoList" -Template Announcements
$list.Title
Test the solution
Now you can save the Azure runbook created and publish it. It's now ready to be used, We can test it using the Test pane. In this code, we are getting the Title of the Site and creating a new list on the same site. As you can see here “Portal” is the title of the site collection and “Demo List” is the title of the newly created List.
Final Thoughts
In this exercise, we see how we can use the Azure Automation account to create a runbook and then getting the title of the site and creating a list. Further Automation Runbooks can be configured to run in several ways: manually, from a schedule, from other Runbooks or PowerShell scripts, or using a Webhook. A good use case may be to provision a SharePoint site collection and apply the template on the newly created site.
Hope you learn something!!