Listen to this Post
Managing on-prem servers during a cloud migration can be a headache, especially when dealing with outdated systems. Azure Arc and Azure Automation provide a seamless way to run jobs on lingering on-prem servers directly from Azure, eliminating the need for manual service account management. This approach leverages Managed Identity for authentication and uses `Invoke-RestMethod` to interact with Microsoft Graph, reducing dependency on frequent PowerShell module updates.
π Reference: Azure Arc and Azure Automation β Allways HyPe
You Should Know:
1. Setting Up Azure Arc for On-Prem Servers
To onboard your on-prem servers to Azure Arc, use the following commands:
<h1>Download the Azure Connected Machine agent</h1> Invoke-WebRequest -Uri "https://aka.ms/AzureConnectedMachineAgent" -OutFile AzureConnectedMachineAgent.msi <h1>Install the agent</h1> msiexec /i AzureConnectedMachineAgent.msi /qn <h1>Connect the machine to Azure Arc</h1> azcmagent connect --resource-group "YourRG" --tenant-id "YourTenantID" --location "YourRegion" --subscription-id "YourSubID"
#### **2. Azure Automation with Managed Identity**
Enable Managed Identity for Azure Automation and assign roles:
<h1>Assign Contributor role to the Automation account</h1> New-AzRoleAssignment -ObjectId (Get-AzADServicePrincipal -DisplayName "YourAutomationAccount").Id -RoleDefinitionName "Contributor" -Scope "/subscriptions/YourSubID"
#### **3. Running Hybrid Jobs**
Create a PowerShell runbook in Azure Automation to execute scripts on Arc-enabled servers:
<h1>Authenticate using Managed Identity</h1> Connect-AzAccount -Identity <h1>Execute a script on an Arc server</h1> Invoke-AzVMRunCommand -ResourceGroupName "YourRG" -VMName "ArcServerName" -CommandId "RunPowerShellScript" -ScriptPath "C:\Scripts\YourScript.ps1"
#### **4. Querying Microsoft Graph via REST**
Use `Invoke-RestMethod` to fetch Azure AD data without module dependencies:
$token = (Get-AzAccessToken -ResourceUrl "https://graph.microsoft.com").Token
$headers = @{ Authorization = "Bearer $token" }
$uri = "https://graph.microsoft.com/v1.0/users"
$response = Invoke-RestMethod -Uri $uri -Headers $headers -Method Get
$response.value | Select-Object displayName, userPrincipalName
#### **5. Automating VM Snapshots Before Patching**
For pre-patch snapshots (as requested in comments), integrate VMware PowerCLI:
Connect-VIServer -Server "vCenterServer" -User "admin" -Password "Password123" New-Snapshot -VM "YourVM" -Name "PrePatch_$(Get-Date -Format 'yyyyMMdd')" -Description "Snapshot before Azure Update Manager patching"
### **What Undercode Say:**
Hybrid cloud management doesnβt have to be chaotic. Azure Arc bridges the gap between on-prem and cloud, while Azure Automation ensures consistency. Key takeaways:
– Use Managed Identity to avoid credential sprawl.
– Invoke-RestMethod bypasses module update hassles.
– PowerShell + Azure Arc = Unified scripting across environments.
For VMware admins, combining Azure Update Manager with PowerCLI snapshots ensures safer patching. Always test automation in staging first!
### **Expected Output:**
A streamlined hybrid workflow where Azure manages on-prem servers via Arc, Automation handles jobs, and Graph API fetches data without module fatigue.
**Relevant URLs:**
References:
Reported By: Hailey Phillips – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass β
