You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/automation/migrate-run-as-accounts-managed-identity.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,18 +25,18 @@ Managed identity can be [system assigned](../automation/enable-managed-identity-
25
25
26
26
Ensure the following to migrate from the Run As account to Managed identities:
27
27
28
-
1. Create a [system-assigned](enable-managed-identity-for-automation.md) or [user-assigned](add-user-assigned-identity.md), or both types of managed identities. To learn more about the differences between the two types of managed identities, see [Managed Identity Types](../active-directory/managed-identities-azure-resources/overview#managed-identity-types).
28
+
1. Create a [system-assigned](enable-managed-identity-for-automation.md) or [user-assigned](add-user-assigned-identity.md), or both types of managed identities. To learn more about the differences between the two types of managed identities, see [Managed Identity Types](../active-directory/managed-identities-azure-resources/overview.md#managed-identity-types).
29
29
30
30
> [!NOTE]
31
31
> - User-assigned identities are supported for cloud jobs only. It isn't possible to use the Automation Account's User Managed Identity on a Hybrid Runbook Worker. To use hybrid jobs, you must create a System-assigned identities.
32
32
> - There are two ways to use the Managed Identities in Hybrid Runbook Worker scripts. Either the System-assigned Managed Identity for the Automation account **OR** VM Managed Identity for an Azure VM running as a Hybrid Runbook Worker.
33
-
> - Both the VM's User-assigned Managed Identity or the VM's system assigned Managed Identity will **NOT** work in an Automation account that is configured with an Automation account Managed Identity. When you enable the Automation account Managed Identity, you can only use the Automation Account System-Assigned Managed Identity and not the VM Managed Identity. For more information, see [Use runbook authentication with managed identities](../automation/automation-hrw-run-runbooks?tabs=sa-mi#runbook-auth-managed-identities).
33
+
> - Both the VM's User-assigned Managed Identity or the VM's system assigned Managed Identity will **NOT** work in an Automation account that is configured with an Automation account Managed Identity. When you enable the Automation account Managed Identity, you can only use the Automation Account System-Assigned Managed Identity and not the VM Managed Identity. For more information, see [Use runbook authentication with managed identities](../automation/automation-hrw-run-runbooks?tabs=sa-mi.md#runbook-auth-managed-identities).
34
34
35
-
1. Assign same role to the managed identity to access the Azure resources matching the Run As account. Follow the steps in [Check role assignment for Azure Automation Run As account](../automation/manage-run-as-account#check-role-assignment-for-azure-automation-run-as-account).
35
+
1. Assign same role to the managed identity to access the Azure resources matching the Run As account. Follow the steps in [Check role assignment for Azure Automation Run As account](../automation/manage-run-as-account.md#check-role-assignment-for-azure-automation-run-as-account).
36
36
Ensure that you don't assign high privilege permissions like Contributor, Owner and so on to Run as account. Follow the RBAC guidelines to limit the permissions from the default Contributor permissions assigned to Run As account using this [script](../automation/manage-run-as-account.md#limit-run-as-account-permissions)
37
37
38
38
39
-
For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account needs to be only for starting or stopping the VM. Similarly, assign read-only permissions if a runbook is reading from blob storage. Read more about [Azure Automation security guidelines](../automation/automation-security-guidelines#authentication-certificate-and-identities).
39
+
For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account needs to be only for starting or stopping the VM. Similarly, assign read-only permissions if a runbook is reading from blob storage. Read more about [Azure Automation security guidelines](../automation/automation-security-guidelines.md#authentication-certificate-and-identities).
40
40
41
41
## Migrate from Automation Run As account to Managed Identity
42
42
@@ -51,7 +51,7 @@ To migrate from an Automation Run As account to a Managed Identity for your runb
51
51
52
52
Follow the sample scripts below to know the change required to the runbook code to use Managed Identities
53
53
54
-
1. Once you are sure that the runbook is executing successfully by using managed identities, you can safely [delete the Run as account](../automation/delete-run-as-account) if the Run as account is not used by any other runbook.
54
+
1. Once you are sure that the runbook is executing successfully by using managed identities, you can safely [delete the Run as account](../automation/delete-run-as-account.md) if the Run as account is not used by any other runbook.
0 commit comments