- Run Exchange Online commands using Azure Automation - Tue, Jul 25 2023
- Connect to Exchange Online with PowerShell and certificate-based authentication - Wed, Jul 19 2023
- Office Deployment Tool (ODT): Deploy Office using custom XML files - Thu, Mar 30 2023
To complete this article, you will need an Azure Automation account (this requires an active Azure subscription). This process does not need to be completed in the same tenant in which the application registration was created. For example, if you are an administrator of multiple tenants, you can complete the app registration process for several client tenants and then set up the Azure Automation account for your own tenant.
From the Azure Portal, find Automation Accounts.
Choose Create.
Create an Automation account
The required fields here are similar to most Azure resources. You need to select or create settings such as Resource group, the Region where your Automation account will be created, and resource tags.
Configure the Automation account
You can leave all the advanced options as default.
Automation Account deployed
Once it's deployed, go to your Automation account, and scroll down to find Certificates.
Upload a certificate to Automation accounts
Choose to upload the PFX file of the certificate created for the app registration.
Make sure the name you choose allows you to identify the certificate easily.
Upload PFX file to Azure Automation
Next, we will install additional PowerShell modules for our Automation Account.
Navigate to Modules, and click Add a module.
Install PowerShell modules
There are multiple steps for installing a module, and several modules to install.
From the Add a module page, we will choose to browse the PowerShell gallery. We will also set the runtime version to 5.1.
Browse the PowerShell Gallery
Click the Click here to browse from gallery link and search for ExchangeOnlineManagement. Select the result.
The ExchangeOnlineManagement module
Click Select to accept the module choice.
Add ExchangeOnlineManagement
Finally, choose Import to complete the process.
Import ExchangeOnlineManagement module
Repeat this process for the following modules in the order in which they are written:
PackageManagement
PowerShellGet
The PowerShellGet module has a dependency on PackageManagement, so it must be installed completely before attempting to install PowerShellGet.
Once the modules are installed, we can create a runbook. A runbook is essentially a PowerShell script.
Under Runbooks, choose Create a runbook.
Create a runbook
Give your runbook a name, make sure to choose PowerShell and 5.1 as the Runbook type and Runtime version, and enter a description. This example runbook will connect to Exchange Online and list all the mailboxes.
Runbook configuration
If you're familiar with PowerShell ISE or VSCode, the runbook editor will be quite familiar to you.
If you expand ASSETS, you will see the certificate and variable we added earlier.
Runbook editor
In the right-hand pane, enter the following code, changing the values to suit your environment.
$cert = Get-AutomationCertificate -Name 'mytenant.onmicrosoft.com' $appId = "app id of the application registration" $orgName = "mytenant.onmicrosoft.com” Connect-ExchangeOnline -appid $appId -certificateThumbprint $cert.thumbprint -organization $orgName Get-Mailbox
Click Test to enter the runbook Test screen.
Test the runbook
When you're ready, click Start, and Azure Automation will process the runbook.
If all is well, your test will come back without any errors, and you will see an output of mailbox information.
Runbook output
Now that we have successfully connected to Exchange Online and run a command, let's set up a management task.
For example, my tenant has dictated that all mailboxes will have ActiveSync, IMAP, Pop3, and SMTP disabled. In addition, access from Windows Mail is disabled. We can achieve all of these goals using Set-CASMailbox, but without automation, we would need to run these commands every time a new mailbox is added. If we add the following to our runbook, we can then schedule it to run daily or hourly to apply these settings.
Disable CAS mailbox features
Here is a screenshot showing our mailboxes before the runbook is executed.
Mailboxes before the runbook process
To schedule the runbook, it must first be published. In the editor, click the Publish button.
Publish a runbook
Once published, navigate to the schedule.
Go to automation Schedules
Click Add a schedule. Then choose to link a schedule to your Runbook.
Add a schedule to a runbook
Link a schedule to a runbook
If this is your first time creating a schedule, you will need to define one; otherwise, you can select a preexisting schedule. I am going to define an hourly schedule.
Define an hourly schedule
Choose Create, then click OK to accept the schedule assignment. You will be taken to the Schedule screen of your runbook, which shows the next time your runbook will execute.
The runbooks Schedule view
All you need to do is sit back and wait for it to run.
When the scheduled time arrives, your runbook will execute and be visible under the Jobs section.
Runbook job completed
All we need to do now is check that our mailboxes have had the relevant settings changed. If we run our PowerShell query again, we will see that the protocols have now been disabled.
Mailboxes after the runbook process
You now have the means to automate Exchange Online Management tasks.
