This Powershell script is designed to carry out the prerequisites required for migration of machines and update schedules from Azure Automation Update Management to Azure Update Manager.
This script will do the following:
- Retrieve all machines onboarded to Azure Automation Update Management under this automation account from linked log analytics workspace.
- Update the Az.Modules for the automation account.
- Creates an automation variable with name AutomationAccountAzureEnvironment which will store the Azure Cloud Environment to which Automation Account belongs.
- Create user managed identity in the same subscription and resource group as the automation account.
- Associate the user managed identity to the automation account.
- Assign required roles to the user managed identity created.
The executor of the script should have Microsoft.Authorization/roleAssignments/write action such as Role Based Access Control Administrator on the scopes on which access will be granted to user managed identity. The script will register the automation subscription, subscriptions to which machines belong and subscriptions in dynamic azure queries to Microsoft.Maintenance and hence executor of the script should have Contributor/Owner access to all those subscriptions. The script will register the automation subscription to Microsoft.EventGrid and hence executor of the script should have Contributor/Owner access to the subscription.
Mandatory
Automation Account Resource Id.
Mandatory
Azure Cloud Environment to which Automation Account belongs.
Accepted values are AzureCloud, AzureUSGovernment, AzureChinaCloud.
MigrationPrerequisites -AutomationAccountResourceId "/subscriptions/{subId}/resourceGroups/{rgName}/providers/Microsoft.Automation/automationAccounts/{aaName}" -AutomationAccountAzureEnvironment "AzureCloud"
The user managed identity with required role assignments.