Connect To SharePoint Online Using Azure AD App Only In Azure Automation

Introduction

Azure Automation enables administrators to automate recurring cloud management tasks that can be time-consuming and problematic, as a result, it’s effective at reducing operating costs and improving efficiency. In this article, I will go over how to use PnP PowerShell to connect to SharePoint with Azure Automation. This will demonstrate how to create the Azure Automation account, Run Book, install modules and configure the variables and credentials required and connect to SharePoint.

Steps

  1. Create an Azure AD App Registration using PnP.Powershell
  2. Create an Azure Automation
  3. Create a PowerShell Runbook
  4. Test

Create an Azure AD App

Step 1

Install PnP.PowerShell if not installed,

Install-Module -Name PnP.PowerShell

Step 2

Register a new Azure AD app registration using the below command, In this case, my password is "password", keep ut handy as we need this in further steps.

Register-PnPAzureADApp -ApplicationName sp1226Automation -Tenant sp1226.onmicrosoft.com -OutPath c:\users\lovy.jain -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) -CommonName MyCertificate -DeviceLogin

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 3

Authenticate using your tenant admin account and click OK

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 4

After sign-up and verification, it will start consent flow.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 5

After that, you must consent to the default permission applied to this App. Check out the default permission applied to the app.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 6

After this step, the App is created successfully in Azure Portal and the Certificates (pfx,cer) are generated in the local folder specified. Save the path of the file as we need the pfx file in further steps.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Create an Azure Automation account and configure the settings

Step 1

Browse through the Azure resources in the marketplace and search for “Automation” and create it.

Step 2

After the successful creation of the Azure Automation account, we need to add the pnp.powershell module which will be used to authenticate SharePoint in PowerShell. Select the module tab in the left tab.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 3

Now after clicking on Browse Gallery, select the pnp.powershell as this module is not available by default.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 4

And click on import to include in your Automation account.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 5

Now create the certificate - Go to the Certificate tab in your Shared Resources of Automation account. Upload the certificate(pfx) generated at the end of Step 1 and enter the password given while creating the Azure AD app in Step 1.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 6 - Create the credentials

Go to the Credentials, and add the new credential. We can add a new user name and password (which is the same which we have given while creating an Azure AD app in this case it's "password").

Connect to SharePoint Online using Azure AD App only in Azure Automation

Create a new runbook and authenticate SharePoint using PnP.PowerShell

Step 1

Create a new Azure runbook with the type PowerShell.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Step 2

Edit the runbook created and paste the below code. In this, we are connecting with SharePoint using PnP.PowerShell.

Change the below code to include your appid (created in step 1) and appAdTenant (name of your tenant). For best practice store these in the Automation variable but let's use them here only.

$azureAutomateCreds = Get-AutomationPSCredential -Name 'AzureAppCertPassword'
$appCert = Get-AutomationCertificate -Name "AzureAppCertificate"
$baseSite = "https://sp1226.sharepoint.com/sites/portal"
$appId = "81ea6af4-0b27-4b8f-9f82-9e06954d6244"
$appAdTenant = "sp1226.onmicrosoft.com"
 $base64Cert = [System.Convert]::ToBase64String($appCert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $azureAutomateCreds.Password))
 # Connect to the standard SharePoint Site
 $siteConn = Connect-PnPOnline -ClientId $appId -CertificateBase64Encoded $base64Cert -CertificatePassword $azureAutomateCreds.Password -Url $baseSite -Tenant $appAdTenant -ReturnConnection
 $web = Get-PnPWeb -Connection $siteConn
 $web.Title
 $list = New-PnPList -Title "Demo List" -Url "lists/DemoList" -Template Announcements
 $list.Title

Test the solution

Now you can save the Azure runbook created and publish it. It's now ready to be used, We can test it using the Test pane. In this code, we are getting the Title of the Site and creating a new list on the same site. As you can see here “Portal” is the title of the site collection and “Demo List” is the title of the newly created List.

Connect to SharePoint Online using Azure AD App only in Azure Automation

Connect to SharePoint Online using Azure AD App only in Azure Automation

Final Thoughts

In this exercise, we see how we can use the Azure Automation account to create a runbook and then getting the title of the site and creating a list. Further Automation Runbooks can be configured to run in several ways: manually, from a schedule, from other Runbooks or PowerShell scripts, or using a Webhook. A good use case may be to provision a SharePoint site collection and apply the template on the newly created site.

Hope you learn something!!