Securing the Azure Automation runbook for the Office 365 ProPlus updates Teams script
December 6, 2019
A short post about a new use case. I was asked to implement my ProPlus channel update script in a PROD environment. I was provided with an Azure Automation account. Looking at it, I saw that it did not have a Run As account. The customer did not want to allow an Azure Automation Run As account, as it per default gets Contributor role to the entire subscription. It can be scoped down with RBAC, but a decision was made to try to avoid it altogether. Fair enough, I had to take another look at my script.