Skip to content

Commit 7021bf0

Browse files
Merge pull request #211652 from markwahl-msft/mwahl-gov-a2
identity governance automation: mention parameters
2 parents e5f8921 + fc511b0 commit 7021bf0

File tree

1 file changed

+20
-5
lines changed

1 file changed

+20
-5
lines changed

articles/active-directory/governance/identity-governance-automation.md

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.tgt_pltfrm: na
1212
ms.devlang: na
1313
ms.topic: how-to
1414
ms.subservice: compliance
15-
ms.date: 1/20/2022
15+
ms.date: 9/20/2022
1616
ms.author: amsliu
1717
ms.reviewer:
1818
ms.collection: M365-identity-device-management
@@ -84,7 +84,7 @@ By default, Azure Automation does not have any PowerShell modules preloaded for
8484
8585
1. If you are using the cmdlets for Azure AD identity governance features, such as entitlement management, then repeat the import process for the module **Microsoft.Graph.Identity.Governance**.
8686
87-
1. Import other modules that your script may require. For example, if you are using Identity Protection, then you may wish to import the **Microsoft.Graph.Identity.SignIns** module.
87+
1. Import other modules that your script may require, such as **Microsoft.Graph.Users**. For example, if you are using Identity Protection, then you may wish to import the **Microsoft.Graph.Identity.SignIns** module.
8888
8989
## Create an app registration and assign permissions
9090
@@ -179,21 +179,36 @@ $ap | Select-Object -Property Id,DisplayName | ConvertTo-Json
179179

180180
3. If the run was successful, the output instead of the welcome message will be a JSON array. The JSON array will include the ID and display name of each access package returned from the query.
181181

182+
## Provide parameters to the runbook (optional)
183+
184+
You can also add input parameters to your runbook, by adding a `Param` section at the top of the PowerShell script. For instance,
185+
186+
```powershell
187+
Param
188+
(
189+
 [String]$AccessPackageAssignmentId
190+
)
191+
```
192+
193+
The format of the allowed parameters depends upon the calling service. If your runbook does take parameters from the caller, then you will need to add validation logic to your runbook to ensure that the parameter values supplied are appropriate for how the runbook could be started. For example, if your runbook is started by a [webhook](../../automation/automation-webhooks.md), Azure Automation doesn't perform any authentication on a webhook request as long as it's made to the correct URL, so you will need an alternate means of validating the request.
194+
195+
Once you [configure runbook input parameters](../../automation/runbook-input-parameters.md), then when you test your runbook you can provide values through the Test page. Later, when the runbook is published, you can provide parameters when starting the runbook from PowerShell, the REST API, or a Logic App.
196+
182197
## Parse the output of an Azure Automation account in Logic Apps (optional)
183198

184-
Once your runbook is published, your can create a schedule in Azure Automation, and link your runbook to that schedule to run automatically. Scheduling runbooks from Azure Automation is suitable for runbooks that do not need to interact with other Azure or Office 365 services.
199+
Once your runbook is published, your can create a schedule in Azure Automation, and link your runbook to that schedule to run automatically. Scheduling runbooks from Azure Automation is suitable for runbooks that do not need to interact with other Azure or Office 365 services that do not have PowerShell interfaces.
185200

186201
If you wish to send the output of your runbook to another service, then you may wish to consider using [Azure Logic Apps](../../logic-apps/logic-apps-overview.md) to start your Azure Automation runbook, as Logic Apps can also parse the results.
187202

188203
1. In Azure Logic Apps, create a Logic App in the Logic Apps Designer starting with **Recurrence**.
189204

190205
1. Add the operation **Create job** from **Azure Automation**. Authenticate to Azure AD, and select the Subscription, Resource Group, Automation Account created earlier. Select **Wait for Job**.
191206

192-
1. Add the parameter **Runbook name** and type the name of the runbook to be started.
207+
1. Add the parameter **Runbook name** and type the name of the runbook to be started. If the runbook has input parameters, then you can provide the values to them.
193208

194209
1. Select **New step** and add the operation **Get job output**. Select the same Subscription, Resource Group, Automation Account as the previous step, and select the Dynamic value of the **Job ID** from the previous step.
195210

196-
1. You can then add more operations to the Logic App, such as the [**Parse JSON** action](../../logic-apps/logic-apps-perform-data-operations.md#parse-json-action), that use the **Content** returned when the runbook completes.
211+
1. You can then add more operations to the Logic App, such as the [**Parse JSON** action](../../logic-apps/logic-apps-perform-data-operations.md#parse-json-action) that uses the **Content** returned when the runbook completes. (If you're auto-generating the **Parse JSON** schema from a sample payload, be sure to account for PowerShell script potentially returning null; you might need to change some of the `"type": ​"string"` to `"type": [​"string",​ "null"​]` in the schema.)
197212

198213
Note that in Azure Automation, a PowerShell runbook can fail to complete if it tries to write a large amount of data to the output stream at once. You can typically work around this issue by having the runbook output just the information needed by the Logic App, such as by using the `Select-Object -Property` cmdlet to exclude unneeded properties.
199214

0 commit comments

Comments
 (0)