Be notified by mail of Azure Automation runbook with webhook that soon expired

In this post I will share an Azure Automation runbook allowing you to be notified by mail about automation runbook webhook that soon expired.

The solution

We will proceed as below:

1. Create an Azure Automation

2. Configure it with managed identity

3. Assign permissions to the managed identity

4. Authenticating with managed identity

5. Add and schedule a runbook (script)

6. The script sends mail with 

The notification

See below an overview of the mails notif for webhook that soon expired:

See below an overview of the CSV list:

Get script

Click on the below GitHub picture to get the scripts.

You will find:

- Assign_permissions.ps1: script to add permissions to the MI

- Runbook.ps1: the Azure Automation runbook

Creating automation account

Purpose: here we will create the automation account that will be used to run the script to send data.

1. Go to Azure

2. Go to Automation accounts

3. Click on Create

4. Type a name

5. Choose a Subscription, resource group and region

6. Click on Create

7. Click on Go to resource

Setting Managed Identity

Purpose: the managed identity is used to authenticate to your tenant, this way we don't need to provide credentials.

It allows you to avoid the credentials part.

When you configure the managed identity, a new Azure Enterprise application will be created.

This one will be used to authenticate to our tenant and do API calls.

For that we will proceed as below:

1. Go to your automation account

2. Go to Identity

3. Go to System assigned

4. Select On

5. Click on Save

6. Click on Yes

7. When it's configured a new enterprise application will be created with the same name than the automation account

Adding module

Purpose: here we need to add modules to authenticate to Graph and send  mail.

Use this part only if you want to send info by mail.

1. Go to your automation account

2. Click on Modules gallery

3. Import the following modules

- Microsoft.Graph.Users.Actions

- Microsoft.Graph.Authentication

Adding permissions

Purpose: in order to be able to list Azure applications and send mail we need to add permissions to our managed identity.

We need the following permissions:

- Mail.Send

We will proceed as below:

1. Edit the Assign_permissions.ps1 script

2. Modify variable $TenantID and $DisplayNameOfMSI

3. Open PowerShell with global admin rights

4. Run the script

Editing the script

Purpose: here we will modify the runbook script to adapt it to our needs regarding the mail notification.

We will proceed as below:

1. Edit the Runbook.ps1 script

2. Set the expiration delay in the $DaysBeforeExpiration variable

3. Set the following variables for mail config: $Mail_From, $Mail_To 

Creating the Runbook

1. Click on Create a runbook

2. Type a name

3. In Runbook type, select PowerShell

4. Here we will choose version 5.1

5. Click on Create

6. Click on Edit on the runbook

7. Copy the Runbook.ps1 script content

8. Click on Save

9. Click on Publish