Three Reasons to Use Azure Automation to Run Your Scripts 

Azure Automation is a cloud-based service that can help you run scripts; configure, update, and manage operating systems; and manage your IT asset inventory. This blog post highlights three key advantages of using Azure Automation to schedule and run scripts.

Native Cloud Capabilities

Running PowerShell scripts in Azure Automation instead of on premises offers several distinct advantages that can streamline operations, enhance efficiency, and improve overall management.

First, Azure Automation provides a scalable, elastic environment for running PowerShell scripts. Unlike an on-premises infrastructure, which may have hardware resource limitations, Azure Automation can dynamically allocate computing power and storage based on workload.

Second, Azure Automation offers a centralized platform for managing and monitoring PowerShell scripts. With on-premises solutions, managing scripts across different servers can be complex and time-consuming. Azure Automation provides a unified interface to create, schedule, and track script runs.

Finally, Azure Automation benefits from the built-in high availability and disaster recovery capabilities of the Azure platform. On-premises environments often require significant investments to ensure similar redundancy and data protection.

Although it’s ideal to migrate all automation to the cloud, many organizations require automation processes to interact with on-premises resources. Three such examples are Active Directory, Microsoft Identity Manager, and SQL Server. The Azure Automation platform can address these concerns and still provide many of the same benefits the cloud provides, including redundancy and centralized management.

PowerShell scripts are represented in Azure Automation as runbooks. Servers that run these runbooks are called worker agents. Worker agents can be virtual machines (VMs) managed by Microsoft in Azure, VMs managed by your organization in Azure, or on-premises servers.

All of these resources can be managed in an Azure portal blade, as shown in Figure 1.

Figure 1 Azure Automation Portal Blade

Regardless of what type of agent is being used, runbook management is consistent. One feature that isn’t available to on-premises worker agents is that Azure runbooks allow you to specify PowerShell modules that should be available on the worker agent when a runbook runs. Hybrid workers require that these modules be installed manually. See Deploy an agent-based Windows Hybrid Runbook Worker in Automation | Microsoft Learn for details.

Standardization Across Environments

Another powerful feature is Azure Automation’s ability to store variables, secrets, credentials, and certificates. These capabilities allow a team to standardize how to manage and use secrets and credentials across all automation processes. Secrets, credentials, and certificates are stored securely in Azure Key Vault. It is also useful to be able to store variables in Azure Automation. Azure Automation variables can be used to store environment-based configuration information. As an example, rather than hard coding a domain name in a script, simply use a variable, as follows:

$domain = Get-AutomationVariable -Name Domain

Using this technique, you can run the same script in different environments without changing the code. The same is true for credentials and secrets.

Finally, because Azure Automation runbooks can run on any number of worker agents, script developers cannot build any hard dependencies on specific servers into their code. I suggest building a PowerShell module or series of modules to deploy on all hybrid workers. This will provide even more consistency across all scripts and automation processes. Examples of some of these shared functions could include authentication, logging, or connecting to SQL Server.

DevOps for Your Scripts with Source Control Integration

Using Azure Automation provides two additional specific benefits over using an on-premises solution such as Task Scheduler.

The first benefit is direct integration with source control. Runbooks can be configured to sync with a git repository on GitHub or Azure DevOps. For more information, see Use source control integration in Azure Automation | Microsoft Learn. Systems administrators are adopting source control more often, and it is becoming a prerequisite to manage environments at scale.

After source control adoption, automatic code deployment—or what is often called a build system or pipeline—is the next step. Azure Automation can take care of the “build and deploy” process for automation scripts. When code is checked into a certain branch, it is effectively deployed to production.

Doing this safely requires strong source code management, testing, and well-understood policies for pull requests. A developer should not be able to push directly to a main branch with no checks and balances and have their code automatically sync to production. For more information, see this series of articles I wrote on learning to use Source Control: Source Control for Microsoft 365 Tenant Admins | Practical365.

Azure Automation provides a number of features to help you manage scripts. The next time you are writing or updating a script, consider using Azure Automation. If you need help with automation or script management, or you want guidance in taking advantage of Azure Automation’s features, please contact the experts at Ravenswood Technology. We’re here to help!


6 Tips to Harden Your Windows LAPS Deployment

In a previous blog post, we covered how to migrate to Windows Local Administrator Password Solution (LAPS). With Windows LAPS deployments gaining traction, it’s important

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.