Upload or download SharePoint files using Azure Automation and a managed identity
.png)
In this post I will show you how to authenticate to SharePoint from Azure Automation with a managed identity and PowerShell and how to upload file or download file.
The solution
1. Use Azure Automation account
2. Configure it with system managed identity
3. Add SharePoint permission
4. Give access to a specific site
5. Add a Runbook (script)
Sources to download
Click on the below GitHub picture to get following files:
- Assign_permissions.ps1
- Upload.ps1
- Download.ps1
Adding permissions
In this step we need to add permission on the managed identity to access to a SharePoint site.
Here we don't want to access to all SharePoint sites but only a specific one.
For that we need to add the Sites.Selected permission with Microsoft Graph.
Given that it's a managed identity we can not add permission through the Azure portal.
We need to use PowerShell for that.
The PowerShell script for that is this one.
The next step is to identity on on which SharePoint site the MI should have access.
Getting SharePoint site id
The first step in order to upload something is to identify the SharePoint site on which we want to send file.
For this we need the SharePoint site path and ID.
The SharePoint site path is pretty easy to get, in my case it's the below one:
https://systanddeploy.sharepoint.com/sites/Support
Now to get the ID of a SharePoint site proceed as below:
1. Open your browser
2. Type the following URL:
https://yoursharepoint.sharepoint.com/sites/yoursite/_api/site/id
In my case it's:
https://systanddeploy.sharepoint.com/sites/Support/_api/site/id
Given that it's for a specific selected site we need to identify the selected site.
To do this, proceed as below:
1. Open Graph Explorer here
2. Choose method POST
3. In url type the below one and replace sharepointsiteid with your SharePoint site id
https://graph.microsoft.com/v1.0/sites/sharepointsiteid/permissions
4. Go to Request body
5. Type the below body by replacing specified fields
6. Click on Run query
7. If you have an error 403 forbidden in Graph Explorer, click on Modify permissions
8. There you will find a permission to allow, so allow it
9. Click again on Run query
Creating Automation the account
1. Go to Azure portal
2. Go to Automation accounts
3. Click on Create
4. Type a name
5. Choose a Subscription and Resource group
6. Choose your region
7. Click on Create
Setting Managed Identity
1. Go to your automation account
2. Go to Identity
3. Go to System assigned
4. Select On
5. Click on Save
6. Click on Yes
Authenticate to SharePoint
To authenticate to a the SharePoint site we use the below cmdline:
Connect-MgGraph -Identity
Upload file
The script to use for that is Upload.ps1 and is available here.
Download file
The script to use for that is Download.ps1 and is available here.
Enregistrer un commentaire