| title | description | services | ms.date | ms.topic |
|---|---|---|---|---|
Manage Office 365 services using Azure Automation |
This article tells how to use Azure Automation to manage Office 365 subscription services. |
automation |
04/01/2020 |
conceptual |
You can use Azure Automation for management of Office 365 subscription services, for products such as Microsoft Word and Microsoft Outlook. Interactions with Office 365 are enabled by Azure Active Directory (Azure AD). See Use Azure AD in Azure Automation to authenticate to Azure.
You need the following to manage Office 365 subscription services in Azure Automation.
- An Azure subscription. See Subscription decision guide.
- An Automation object in Azure to hold the user account credentials and runbooks. See An introduction to Azure Automation.
- Azure AD. See Use Azure AD in Azure Automation to authenticate to Azure.
- An Office 365 tenant, with an account. See Set up your Office 365 tenant.
Use of Office 365 within Azure Automation requires Microsoft Azure Active Directory for Windows PowerShell (MSOnline module). You'll also need the module MSOnlineExt, which simplifies Azure AD management in single- and multi-tenant environments. Install the modules as described in Use Azure AD in Azure Automation to authenticate to Azure.
Note
To use MSOnline PowerShell, you must be a member of Azure AD. Guest users can't use the module.
To complete the steps in this article, you need an account in Azure Automation. See Create an Azure Automation account.
Now add the installed MSOnline and MSOnlineExt modules to enable Office 365 functionality. Refer to Manage modules in Azure Automation.
- In the Azure portal, select Automation Accounts.
- Choose your Automation account.
- Select Modules Gallery under Shared Resources.
- Search for MSOnline.
- Select the
MSOnlinePowerShell module and click Import to import the module as an asset. - Repeat steps 4 and 5 to locate and import the
MSOnlineExtmodule.
It's optional to create a credential asset for the Office 365 administrative user who has permissions to run your script. It can help, though, to keep from exposing user names and passwords inside PowerShell scripts. For instructions, see Create a credential asset.
To run Office 365 subscription services, you need an Office 365 service account with permissions to do what you want. You can use one global administrator account, one account per service, or have one function or script to execute. In any case, the service account requires a complex and secure password. See Set up Office 365 for business.
Note
To use the MSOnline module cmdlets, you must run them from Windows PowerShell. PowerShell Core does not support these cmdlets.
You can use the MSOnline module to connect to Azure AD from the Office 365 subscription. The connection uses an Office 365 user name and password or uses multi-factor authentication (MFA). You can connect using the Azure portal or a Windows PowerShell command prompt (does not have to be elevated).
A PowerShell example is shown below. The Get-Credential cmdlet prompts for credentials and stores them in the Msolcred variable. Then the Connect-MsolService cmdlet uses the credentials to connect to the Azure directory online service. If you want to connect to a specific Azure environment, use the AzureEnvironment parameter.
$Msolcred = Get-Credential
Connect-MsolService -Credential $MsolCred -AzureEnvironment "AzureCloud"If you don't receive any errors, you've connected successfully. A quick test is to run an Office 365 cmdlet, for example, Get-MsolUser, and see the results. If you receive errors, note that a common problem is an incorrect password.
Note
You can also use the AzureRM module or the Az module to connect to Azure AD from the Office 365 subscription. The main connection cmdlet is Connect-AzureAD. This cmdlet supports the AzureEnvironmentName parameter for specific Office 365 environments.
You access Office 365 functionality from a PowerShell script. Here's an example of a script for a credential named Office-Credentials with user name of [email protected]. It uses Get-AutomationPSCredential to import the Office 365 credential.
$emailFromAddress = "[email protected]"
$emailToAddress = "[email protected]"
$emailSMTPServer = "outlook.office365.com"
$emailSubject = "Office 365 License Report"
$credObject = Get-AutomationPSCredential -Name "Office-Credentials"
Connect-MsolService -Credential $credObject
$O365Licenses = Get-MsolAccountSku | Out-String
Send-MailMessage -Credential $credObject -From $emailFromAddress -To $emailToAddress -Subject $emailSubject -Body
$O365Licenses -SmtpServer $emailSMTPServer -UseSSLYou can use your script in an Azure Automation runbook. For example purposes, we'll use the PowerShell runbook type.
- Create a new PowerShell runbook. Refer to Create an Azure Automation runbook.
- From your Automation account, select Runbooks under Process Automation.
- Select the new runbook and click Edit.
- Copy your script and paste it into the textual editor for the runbook.
- Select ASSETS, then expand Credentials and verify that the Office 365 credential is there.
- Click Save.
- Select Test pane, then click Start to begin testing your runbook. See Manage runbooks in Azure Automation.
- When testing is complete, exit from the Test pane.
To publish and then schedule your runbook, see Manage runbooks in Azure Automation.
- For details of credential use, see Manage credentials in Azure Automation.
- For information about modules, see Manage modules in Azure Automation.
- If you need to start a runbook, see Start a runbook in Azure Automation.
- For PowerShell details, see PowerShell Docs.