Feedback incorporated

Author: SnehaSudhirG

articles/automation/automation-connections.md

@@ -3,7 +3,7 @@ title: Manage connections in Azure Automation
 description: This article tells how to manage Azure Automation connections to external services or applications and how to work with them in runbooks.
 services: automation
 ms.subservice: shared-capabilities
-ms.date: 12/22/2020
+ms.date: 04/12/2023
 ms.topic: conceptual
 ms.custom: devx-track-azurepowershell
 ---
@@ -27,10 +27,8 @@ When you create a connection, you must specify a connection type. The connection
 Azure Automation makes the following built-in connection types available:
 
 * `Azure` - Represents a connection used to manage classic resources.
-* `AzureServicePrincipal` - Represents a connection used by the Azure Run As account.
-* `AzureClassicCertificate` - Represents a connection used by the classic Azure Run As account.
-
-In most cases, you don't need to create a connection resource because it is created when you create a [Run As account](automation-security-overview.md).
+* `AzureServicePrincipal` - Represents a connection used to manage resources in Azuer using a service principal.
+* `AzureClassicCertificate` - This connection type is used to manage resources in Azure that were created using the classic deployment model that doesn't support Service Principal authentication.
 
 ## PowerShell cmdlets to access connections
 
@@ -80,15 +78,15 @@ To create a new connection in the Azure portal:
 
 Create a new connection with Windows PowerShell using the `New-AzAutomationConnection` cmdlet. This cmdlet has a `ConnectionFieldValues` parameter that expects a hashtable defining values for each of the properties defined by the connection type.
 
-You can use the following example commands as an alternative to creating the Run As account from the portal to create a new connection asset.
+You can use the following example commands to create a connection that can be used for authentication using Azure Service Principal.
 
 ```powershell
 $ConnectionAssetName = "AzureRunAsConnection"
 $ConnectionFieldValues = @{"ApplicationId" = $Application.ApplicationId; "TenantId" = $TenantID.TenantId; "CertificateThumbprint" = $Cert.Thumbprint; "SubscriptionId" = $SubscriptionId}
 New-AzAutomationConnection -ResourceGroupName $ResourceGroup -AutomationAccountName $AutomationAccountName -Name $ConnectionAssetName -ConnectionTypeName AzureServicePrincipal -ConnectionFieldValues $ConnectionFieldValues
 ```
 
-When you create your Automation account, it includes several global modules by default, along with the connection type `AzureServicePrincipal` to create the `AzureRunAsConnection` connection asset. If you try to create a new connection asset to connect to a service or application with a different authentication method, the operation fails because the connection type is not already defined in your Automation account. For more information on creating your own connection type for a custom module, see [Add a connection type](#add-a-connection-type).
+If you try to create a new connection asset to connect to a service or application with a different authentication method, the operation fails because the connection type is not already defined in your Automation account. For more information on creating your own connection type for a custom module, see [Add a connection type](#add-a-connection-type).
 
 ## Add a connection type
 
@@ -123,23 +121,23 @@ Retrieve a connection in a runbook or DSC configuration with the internal `Get-A
 
 # [PowerShell](#tab/azure-powershell)
 
-The following example shows how to use the Run As account to authenticate with Azure Resource Manager resources in your runbook. It uses a connection asset representing the Run As account, which references the certificate-based service principal.
+The following example shows how to use a connection to authenticate with Azure Resource Manager resources in your runbook. It uses a connection asset, which references the certificate-based service principal.
 
 ```powershell
-$Conn = Get-AutomationConnection -Name AzureRunAsConnection
+$Conn = Get-AutomationConnection -Name AzureConnection
 Connect-AzAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
 ```
 
 # [Python](#tab/python2)
 
-The following example shows how to authenticate using the Run As connection in a Python 2 and 3 runbook.
+The following example shows how to authenticate using connection in a Python 2 and 3 runbook.
 
 ```python
 """ Tutorial to show how to authenticate against Azure resource manager resources """
 import azure.mgmt.resource
 import automationassets
 
-def get_automation_runas_credential(runas_connection):
+def get_automation_credential(azure_connection):
     """ Returns credentials to authenticate against Azure resource manager """
     from OpenSSL import crypto
     from msrestazure import azure_active_directory
@@ -151,7 +149,7 @@ def get_automation_runas_credential(runas_connection):
     pem_pkey = crypto.dump_privatekey(
         crypto.FILETYPE_PEM, pks12_cert.get_privatekey())
 
-    # Get Run As connection information for the Azure Automation service principal
+    # Get information for the Azure Automation service principal
     application_id = runas_connection["ApplicationId"]
     thumbprint = runas_connection["CertificateThumbprint"]
     tenant_id = runas_connection["TenantId"]
@@ -169,10 +167,10 @@ def get_automation_runas_credential(runas_connection):
     )
 
 
-# Authenticate to Azure using the Azure Automation Run As service principal
-runas_connection = automationassets.get_automation_connection(
-    "AzureRunAsConnection")
-azure_credential = get_automation_runas_credential(runas_connection)
+# Authenticate to Azure using the Azure Automation service principal
+azure_connection = automationassets.get_automation_connection(
+    "AzureConnection")
+azure_credential = get_automation_credential(azure_connection)
 ```
 
 ---
@@ -183,7 +181,7 @@ You can add an activity for the internal `Get-AutomationConnection` cmdlet to a
 
 ![add to canvas](media/automation-connections/connection-add-canvas.png)
 
-The following image shows an example of using a connection object in a graphical runbook. This example uses the `Constant value` data set for the `Get RunAs Connection` activity, which uses a connection object for authentication. A [pipeline link](automation-graphical-authoring-intro.md#use-links-for-workflow) is used here since the `ServicePrincipalCertificate` parameter set is expecting a single object.
+The following image shows an example of using a connection object in a graphical runbook. 
 
 ![get connections](media/automation-connections/automation-get-connection-object.png)
 

articles/automation/automation-powershell-workflow.md

@@ -3,7 +3,7 @@ title: Learn PowerShell Workflow for Azure Automation
 description: This article teaches you the differences between PowerShell Workflow and PowerShell and concepts applicable to Automation runbooks.
 services: automation
 ms.subservice: process-automation
-ms.date: 10/16/2022
+ms.date: 04/12/2023
 ms.topic: conceptual 
 ms.custom: devx-track-azurepowershell
 ---
@@ -286,7 +286,7 @@ workflow CreateTestVms
 ```
 
 > [!NOTE]
-> For non-graphical PowerShell runbooks, `Add-AzAccount` and `Add-AzureRMAccount` are aliases for [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount). You can use these cmdlets or you can [update your modules](automation-update-azure-modules.md) in your Automation account to the latest versions. You might need to update your modules even if you have just created a new Automation account. Use of these cmdlets is not required if you are authenticating using a Run As account configured with a service principal.
+> For non-graphical PowerShell runbooks, `Add-AzAccount` and `Add-AzureRMAccount` are aliases for [Connect-AzAccount](/powershell/module/az.accounts/connect-azaccount). You can use these cmdlets or you can [update your modules](automation-update-azure-modules.md) in your Automation account to the latest versions. You might need to update your modules even if you have just created a new Automation account.
 
 For more information about checkpoints, see [Adding Checkpoints to a Script Workflow](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj574114(v=ws.11)).
 

articles/automation/media/automation-connections/automation-get-connection-object.png

@@ -3,7 +3,7 @@ title: Create an Azure Automation account using a Resource Manager template
 titleSuffix: Azure Automation
 description: This article shows how to create an Automation account by using the Azure Resource Manager template.
 services: automation
-ms.date: 08/27/2021
+ms.date: 04/12/2023
 ms.topic: conceptual
 ms.workload: infrastructure-services
 ms.custom: mvc, subject-armqs, mode-arm, devx-track-arm-template
@@ -22,9 +22,6 @@ The sample template does the following steps:
 * Links the Automation account to the Log Analytics workspace.
 * Adds sample Automation runbooks to the account.
 
-> [!NOTE]
-> Creation of the Automation Run As account is not supported when you're using an ARM template. To create a Run As account manually from the portal or with PowerShell, see [Create Run As account](create-run-as-account.md).
-
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 
 ## Prerequisites

articles/automation/quickstart-create-automation-account-template.md

@@ -2,7 +2,7 @@
 title: Quickstart - Create an Azure Automation account using the portal
 description: This quickstart helps you to create a new Automation account using Azure portal.
 services: automation
-ms.date: 10/26/2021
+ms.date: 04/12/2023
 ms.topic: quickstart
 ms.subservice: process-automation
 ms.custom: mvc, mode-ui

articles/automation/quickstarts/create-azure-automation-account-portal.md

@@ -4,7 +4,7 @@ description: This article helps you get started configuring an Azure VM with Des
 services: automation
 ms.subservice: dsc
 keywords: dsc, configuration, automation
-ms.date: 09/01/2021
+ms.date: 04/12/2023
 ms.topic: quickstart
 ms.custom: mvc, mode-other
 ---
@@ -18,7 +18,6 @@ By enabling Azure Automation State Configuration, you can manage and monitor the
 To complete this quickstart, you need:
 
 * An Azure subscription. If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/).
-* An Azure Automation account. For instructions on creating an Azure Automation Run As account, see [Azure Run As Account](../manage-runas-account.md).
 * An Azure Resource Manager virtual machine running Red Hat Enterprise Linux, CentOS, or Oracle Linux. For instructions on creating a VM, see [Create your first Linux virtual machine in the Azure portal](../../virtual-machines/linux/quick-create-portal.md)
 
 ## Sign in to Azure
@@ -33,7 +32,7 @@ There are many different methods to enable a machine for Automation State Config
 1. From the left pane of the Automation account, select **State configuration (DSC)**.
 2. Click **Add** to open the **VM select** page.
 3. Find the virtual machine for which to enable DSC. You can use the search field and filter options to find a specific virtual machine.
-4. Click on the virtual machine, and then click **Connect**
+4. Click on the virtual machine, and then click **Connect**.
 5. Select the DSC settings appropriate for the virtual machine. If you have already prepared a configuration, you can specify it as `Node Configuration Name`. You can set the [configuration mode](/powershell/dsc/managing-nodes/metaConfig) to control the configuration behavior for the machine.
 6. Click **OK**. While the DSC extension is deployed to the virtual machine, the status reported is `Connecting`.
 

articles/automation/quickstarts/dsc-configuration.md

@@ -3,7 +3,7 @@ title: Use source control integration in Azure Automation
 description: This article tells you how to synchronize Azure Automation source control with other repositories.
 services: automation
 ms.subservice: process-automation
-ms.date: 11/22/2021
+ms.date: 04/12/2023
 ms.topic: conceptual 
 ms.custom: devx-track-azurepowershell
 ---
@@ -36,7 +36,10 @@ Azure Automation supports three types of source control:
 >
 > :::image type="content" source="./media/source-control-integration/user-assigned-managed-identity.png" alt-text="Screenshot that displays the user-assigned Managed Identity."::: 
 > 
-> If you have both a Run As account and managed identity enabled, then managed identity is given preference. If you want to use a Run As account instead, you can [create an Automation variable](./shared-resources/variables.md) of BOOLEAN type named `AUTOMATION_SC_USE_RUNAS` with a value of `true`.
+> If you have both a Run As account and managed identity enabled, then managed identity is given preference.
+
+> [!Important]
+> Azure Automation Run As Account will retire on **September 30, 2023** and will be replaced with Managed Identities. Before that date, you need to [migrate from a Run As account to Managed identities](migrate-run-as-accounts-managed-identity.md).
 
 > [!NOTE]
 > According to [this](/azure/devops/organizations/accounts/change-application-access-policies?view=azure-devops#application-connection-policies) Azure DevOps documentation, **Third-party application access via OAuth** policy is defaulted to **off** for all new organizations. So if you try to configure source control in Azure Automation with **Azure Devops (Git)** as source control type without enabling **Third-party application access via OAuth** under Policies tile of Organization Settings in Azure DevOps then you might get **SourceControl securityToken is invalid** error. Hence to avoid this error, make sure you first enable **Third-party application access via OAuth** under Policies tile of Organization Settings in Azure DevOps.