Scripted actions for Azure runbooks

Azure runbooks are Azure Automation Account runbooks that run outside the context of a specific VM. They run directly in your Azure environment through an Azure Automation Account that is created and managed by the Nerdio Manager App in the security context of the Nerdio Manager service principal.

You can create a new scripted action, view, edit, and apply the existing scripted actions. For more details, see Scripted actions overview.

Note: For more information about Scripted Actions refer to Scripted Actions for Windows Scripts.

Azure runbook scripted actions are run via an Automation Account in Azure. This enables automated actions of Azure resources outside of the Virtual Machine.

Notes:

Azure Runbooks must be enabled manually. For more information about Automation Account refer to Azure Automation - Overview.
Some of the Azure Runbooks scripted actions are customized by the Nerdio Manager Admin. You can modify the existing script or add your own.
Each Automation Account is created specifically per an Azure Runbook.

Nerdio Manager allows you to leverage dedicated hybrid worker VMs to integrate Azure Automation accounts with environments that require private endpoints. Hybrid worker VMs are connected directly to a VNet and scripted actions can be used when Key Vault and other Nerdio Manager components are only accessible via private endpoints.

Before you can implement hybrid workers in Nerdio Manager, you must do the following:

Create an extension-based hybrid worker .See this Microsoft document for details.
Install the Run As account certificate on the hybrid worker. See Install the Run As account certificate on the hybrid worker: below for details.

To enable and configure the Azure runbooks settings:

Navigate to Settings > Environment, and then select the Nerdio tab.
Scroll down to the Azure runbooks scripted actions section, and select the down-arrow to expand the section.
In the Current status section, select . This section also displays the current status as to whether Azure runbooks scripted actions is currently disabled or enabled.
Enter the following information:
- Use Azure Automation Runbooks?: Toggle this option on or off.
  - Off: The Automation Account is deleted when you disable this feature.
  - On: You can select an Azure region where an Automation Account is created to run this Runbook.
- Automation Account Name: Type the account name. This is a unique name and is only used to run these Azure Runbooks.
- Hybrid Worker Group: Optionally, from the drop-down list, select the hybrid worker group.
Once you have entered the desired information, select OK.

Install the Run As account certificate on the hybrid worker:

Note: For more details, see Run Automation runbooks on a Hybrid Runbook Worker.

Find the Azure Key vault associated with the Nerdio installation. It begins with nmw-app-kv-.
In the Key Vault, select Certificates.
Select the certificate called nmw-scripted-action-cert.
Select Download in PFX/PEM format.

Note: In order to download the certificate, your user account needs permission to list/get certificates AND secrets from the key vault. See this Microsoft article for more information.
Install the downloaded certificate on the hybrid worker VM.

Renew the Azure runbook scripted actions automation certificate

Nerdio Manager allows you to renew the Azure Runbook scripted actions automation certificate.

To renew the certificate:

Navigate to Settings > Environment, and then select the Nerdio tab.
Scroll down to the Azure runbooks scripted actions section, and select the down-arrow to expand the section.
In the Certificate section, select .
In the Certificate Validity (Months)box, enter the desired number of months you want the certificate to be valid for.

Note: The default value of 120 months is recommended.
Once you have entered the desired information, select OK.

Note: This task may take some time to run. You can follow its progress in the Settings Tasks window.
After you renew the certificate, be sure to connect the subscriptions.
- In the Azure runbooks scripted actions tile, select connect for each subscription that is not connected.
- Follow the on-screen instructions to connect each subscription.

Manage Azure runbooks module versions

Nerdio Manager allows you to manage the Azure runbook scripted actions modules versions.

To manage module versions:

Navigate to Settings > Environment, and then select the Nerdio tab.
Scroll down to the Azure runbooks scripted actions section, and select the down-arrow to expand the section.
In the Module versionssection, select .
In the Manage Module Versions dialog box, locate the module you want to update, and from the Available Versions drop-down list, select the version you want to upgrade to.
Select Update.
Select OK once you have completed the updates.