You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/automation/automation-security-overview.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,24 +32,24 @@ The Automation resources for each Automation account are associated with a singl
32
32
> Automation accounts, and the resources they contain that are created in the Azure portal, cannot be accessed in the Azure classic portal. If you want to manage these accounts or their resources with Windows PowerShell, you must use the Azure Resource Manager modules.
33
33
>
34
34
35
-
All of the tasks that you perform against resources using Azure Resource Manager and the Azure cmdlets in Azure Automation must authenticate to Azure using Azure Active Directory organizational identity credential-based authentication. Certificate-based authentication was the original authentication method with Azure Service Management mode, but it was complicated to setup. Authenticating to Azure with Azure AD user was introduced back in 2014 to not only simplify the process to configure an Authentication account, but also support the ability to non-interactively authenticate to Azure with a single user account that worked with both Azure Resource Manager and classic resources.
35
+
All of the tasks that you perform against resources using Azure Resource Manager and the Azure cmdlets in Azure Automation must authenticate to Azure using Azure Active Directory organizational identity credential-based authentication. Certificate-based authentication was the original authentication method with Azure classic, but it was complicated to set up. Authenticating to Azure with Azure AD user was introduced back in 2014 to not only simplify the process to configure an Authentication account, but also support the ability to non-interactively authenticate to Azure with a single user account that worked with both Azure Resource Manager and classic resources.
36
36
37
37
Currently when you create a new Automation account in the Azure portal, it automatically creates:
38
38
39
-
* Run As account which creates a new service principal in Azure Active Directory, a certificate, and assigns the Contributor role-based access control (RBAC), which will be used to manage Resource Manager resources using runbooks.
40
-
* Classic Run As account by uploading a management certificate, which will be used to manage Azure Service Management or classic resources using runbooks.
39
+
* Run As account which creates a new service principal in Azure Active Directory, a certificate, and assigns the Contributor role-based access control (RBAC), which is used to manage Resource Manager resources using runbooks.
40
+
* Classic Run As account by uploading a management certificate, which is used to manage Azure classic resources using runbooks.
41
41
42
42
Role-based access control is available with Azure Resource Manager to grant permitted actions to an Azure AD user account and Run As account, and authenticate that service principal. Please read [Role-based access control in Azure Automation article](automation-role-based-access-control.md) for further information to help develop your model for managing Automation permissions.
43
43
44
-
Runbooks running on a Hybrid Runbook Worker in your datacenter or against computing services in AWS cannot use the same method that is typically used for runbooks authenticating to Azure resources. This is because those resources are running outside of Azure and therefore, will require their own security credentials defined in Automation to authenticate to resources that they will access locally.
44
+
Runbooks running on a Hybrid Runbook Worker in your datacenter or against computing services in AWS cannot use the same method that is typically used for runbooks authenticating to Azure resources. This is because those resources are running outside of Azure and therefore, requires their own security credentials defined in Automation to authenticate to resources that they access locally.
45
45
46
46
## Authentication methods
47
47
The following table summarizes the different authentication methods for each environment supported by Azure Automation and the article describing how to setup authentication for your runbooks.
48
48
49
49
| Method | Environment | Article |
50
50
| --- | --- | --- |
51
-
| Azure AD User Account |Azure Resource Manager and Azure Service Management|[Authenticate Runbooks with Azure AD User account](automation-create-aduser-account.md)|
51
+
| Azure AD User Account |Azure Resource Manager and Azure classic|[Authenticate Runbooks with Azure AD User account](automation-create-aduser-account.md)|
52
52
| Azure Run As Account |Azure Resource Manager |[Authenticate Runbooks with Azure Run As account](automation-sec-configure-azure-runas-account.md)|
53
-
| Azure Classic Run As Account |Azure Service Management|[Authenticate Runbooks with Azure Run As account](automation-sec-configure-azure-runas-account.md)|
53
+
| Azure Classic Run As Account |Azure classic|[Authenticate Runbooks with Azure Run As account](automation-sec-configure-azure-runas-account.md)|
54
54
| Windows Authentication |On-Premises Datacenter |[Authenticate Runbooks for Hybrid Runbook Workers](automation-hybrid-runbook-worker.md)|
55
55
| AWS Credentials |Amazon Web Services |[Authenticate Runbooks with Amazon Web Services (AWS)](automation-config-aws-account.md)|
0 commit comments