Scripted Actions for Azure Runbooks

Azure Runbooks are Azure Automation Account runbooks that run outside the context of a specific VM. They run directly in your Azure environment through an Azure Automation Account that is created and managed by the Nerdio Manager App in the security context of the Nerdio Manager service principal.

You can create a new scripted action, view, edit, and apply the existing scripted actions. For more information refer to Scripted Actions Overview.

Note: For more information about Scripted Actions refer to Scripted Actions for Windows Scripts.

Azure runbook scripted actions are run via an Automation Account in Azure. This enables automated actions of Azure resources outside of the Virtual Machine.

Notes:

Azure Runbooks must be enabled manually. For more information about Automation Account refer to Azure Automation - Overview.
Some of the Azure Runbooks scripted actions are customized by the Nerdio Manager Admin. You can modify the existing script or add your own.
Each Automation Account is created specifically per an Azure Runbook.

Nerdio Manager allows you to leverage dedicated hybrid worker VMs to integrate Azure Automation accounts with environments that require private endpoints. Hybrid worker VMs are connected directly to a VNet and scripted actions can be used when Key Vault and other Nerdio Manager components are only accessible via private endpoints.

Before you can implement hybrid workers in Nerdio Manager, you must do the following:

Create an extension-based hybrid worker .See this Microsoft document for details.
Install the Run As account certificate on the hybrid worker. See Install the Run As account certificate on the hybrid worker: below for details.

To configure the Azure runbooks settings:

Navigate to Settings > Nerdio environment.
In the Azure runbooks scripted actions tile, select Enabled or Disabled (depending on the current status).
Enter the following information:
- Use Azure Automation Runbooks?: Toggle this option on or off.
  - Off: The Automation Account is deleted when you disable this feature.
  - On: You can select an Azure region where an Automation Account is created to run this Runbook.
- Automation Account Name: Type the account name. This is a unique name and is only used to run these Azure Runbooks.
- Hybrid Worker Group: Optionally, from the drop-down list, select the hybrid worker group.
Once you have entered the desired information, select OK.

Install the Run As account certificate on the hybrid worker:

Note: See this Microsoft document for details.

Find the Azure Key vault associated with the Nerdio installation. It begins with nmw-app-kv-.
In the Key Vault, select Certificates.
Select the certificate called nmw-scripted-action-cert.
Select Download in PFX/PEM format.

Note: In order to download the certificate, your user account needs permission to list/get certificates AND secrets from the key vault. See this Microsoft article for more information.
Install the downloaded certificate on the hybrid worker VM.

Renew the Azure Runbook Scripted Actions Automation Certificate

Nerdio Manager allows you to renew the Azure Runbook scripted actions automation certificate.

To renew the certificate:

Navigate to Settings > Nerdio environment.
In the Azure runbooks scripted actions tile, select Renew certificate.
Certificate Validity (Months); Type the desired number of months.

Note: The default value of 120 months is recommended.
Once you have entered the desired information, select OK.

Note: This task may take some time to run. You can follow its progress in the Settings Tasks window.
After you renew the certificate, be sure to connect the subscriptions.
- In the Azure runbooks scripted actions tile, select connect for each subscription that is not connected.
- Follow the on-screen instructions to connect each subscription.