question

iano0404-2863 avatar image
0 Votes"
iano0404-2863 asked tbgangav-MSFT commented

How to Connect-MgGraph in a runbook

Hello everyone,

I'm struggling to get a connection going within an Azure runbook with Connect-MgGraph to allow me to run commands such as Get-MgUserAuthenticationPhoneMethod

Could anyone give me a tip to get started please?

I've already installed the Microsoft.Graph.Identity.Signins module in my automation account. I've tried using the following as per documentation but it does not work in the context of a runbook:

Connect-MgGraph -Scopes UserAuthenticationMethod.ReadWrite.All
Select-MgProfile -Name beta

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings

azure-automation
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

tbgangav-MSFT avatar image
0 Votes"
tbgangav-MSFT answered

Hi @iano0404-2863,

As explained in this Azure document, Azure Automation runbook executions in an Azure sandbox environment does not support interactive operations or in other words device login flow or MFA flow related. However, as per this MSGraph PowerShell SDK reference, I believe the provided -scopes parameter approach is device login flow related and hence I recommend to go with app-only access approach.

Azure Automation doc reference screenshot:
87697-image.png

MSGraph PowerShell SDK reference screenshot:
87620-image.png

Here is an another reference showing app-only access approach to Connect to MgGraph which might be helpful.

87741-image.png

On the other hand, as explained in this Azure document, Azure Automation runbook executions involving interactive operations could be supported in some scenarios by running the runbook on a HRW (Hybrid Runbook Worker).

Azure Automation doc reference screenshot:
87697-image.png



image.png (164.7 KiB)
image.png (86.0 KiB)
image.png (161.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

scal avatar image
0 Votes"
scal answered tbgangav-MSFT commented

hello @tbgangav-MSFT , we have more or less the same requirement except that we have a runbook in Azure automation where we are manually triggering execution based on user request.

our idea is to run runbook task through MS Graph api call from Jira Service desk using script runner.

Does MS Graph provide endpoint to trigger the running of runbook tasks ?

regards

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @scal,

As explained in this runbook execution document's webhook section, external services can start a runbook in Azure Automation. To do this type of startup, the service uses a webhook via a single HTTP request.


0 Votes 0 ·