TL;DR: Azure Automation lets you orchestrate repetitive IT tasks — from stopping dev VMs overnight to full resource lifecycle management — using PowerShell, Python, or graphical runbooks, all without maintaining your own scheduling infrastructure.
☁️ What is Azure Automation?
Azure Automation is a cloud-based service that lets you automate repetitive processes using runbooks — scripts or workflows that run on a schedule, in response to alerts, or on demand. It works across both cloud and on-premises (hybrid) environments through the Hybrid Runbook Worker feature.
Think of it as Task Scheduler on steroids, but built for enterprise-scale, cloud-native IT operations. With over 3,000 PowerShell modules available in the PowerShell Gallery, you can integrate Azure Automation with almost any platform or vendor — first- and third-party alike.
Common Real-World Use Cases
- Schedule start/stop of dev & test VMs to cut costs overnight and on weekends
- Respond to Azure Monitor or third-party alerts (Splunk, ServiceNow) automatically
- Hybrid on-premises automation — SQL Server maintenance, AD cleanup tasks
- Azure resource lifecycle management — tagging, locking, NSG enforcement
- Month-end or week-end batch operations on on-premises servers
- Auto-create ServiceNow tickets when alerts fire
📋 Runbook Types — Which One Should You Use?
Azure Automation supports five runbook types. Here's a quick breakdown:
PowerShell
✓ Recommended
Best for most scenarios. Supports PowerShell 7.4 (LTS) and 5.1. Starts fast, no compilation needed.
Python
✓ Recommended
Use when your team prefers Python. Currently supports Python 3.10 for both cloud and hybrid jobs.
PowerShell Workflow
Supports checkpoints & parallel execution, but slower to start and not supported in PS 7+. Legacy use only.
Graphical
Visual drag-and-drop in the Azure portal. Great for teams less comfortable with scripting.
Graphical PS Workflow
Graphical version of PowerShell Workflow. Supports parallel processing visually.
⚠️ Tip: Microsoft recommends PowerShell 7.4 as the long-term supported runtime for new runbooks. Avoid PowerShell 7.1 and 7.2 — they are no longer supported by the parent product.
💻 Example 1 — Start or Stop a VM with a PowerShell Runbook
This is one of the most popular Azure Automation use cases — toggling VM power state based on current status, authenticated via a Managed Identity (no stored credentials needed).
PowerShell — Toggle VM Power State
# Parameters passed in when the runbook is triggered
Param(
[string]$ResourceGroup,
[string]$VMName,
[string]$Method # "SA" = System-Assigned, "UA" = User-Assigned
)
# Prevent inheriting an AzContext from previous sessions
$null = Disable-AzContextAutosave -Scope Process
# Authenticate using Managed Identity (no passwords stored!)
try {
$AzureConnection = (Connect-AzAccount -Identity).context
} catch {
Write-Output "No system-assigned identity found. Aborting."
exit
}
# Set the subscription context
$AzureContext = Set-AzContext `
-SubscriptionName $AzureConnection.Subscription `
-DefaultProfile $AzureConnection
# Check the current power state of the VM
$status = (Get-AzVM `
-ResourceGroupName $ResourceGroup `
-Name $VMName `
-Status `
-DefaultProfile $AzureContext).Statuses[1].Code
Write-Output "Current VM status: $status"
# Start if deallocated, stop if running
if ($status -eq "Powerstate/deallocated") {
Start-AzVM -Name $VMName -ResourceGroupName $ResourceGroup `
-DefaultProfile $AzureContext
} elseif ($status -eq "Powerstate/running") {
Stop-AzVM -Name $VMName -ResourceGroupName $ResourceGroup `
-DefaultProfile $AzureContext -Force
}
# Report the new state
$newStatus = (Get-AzVM -ResourceGroupName $ResourceGroup `
-Name $VMName -Status -DefaultProfile $AzureContext).Statuses[1].Code
Write-Output "New VM status: $newStatus"
💡 Best Practice: Always use Managed Identity for authentication in runbooks. It avoids storing credentials as variables and is aligned with the Zero Trust security model.
⚡ Example 2 — Bulk Start/Stop All VMs in a Resource Group
Need to shut down all VMs in a resource group at end of business? This script does it in a few lines — perfect for scheduled runbooks that run on a cron-like schedule.
PowerShell — Bulk VM Management
$ResourceGroupName = "Dev-RG"
# ── Start all VMs ──
Get-AzVM -ResourceGroupName $ResourceGroupName |
Select-Object Name |
ForEach-Object {
Start-AzVM -ResourceGroupName $ResourceGroupName -Name $_.Name
}
# ── Stop all VMs ──
Get-AzVM -ResourceGroupName $ResourceGroupName |
Select-Object Name |
ForEach-Object {
Stop-AzVM -ResourceGroupName $ResourceGroupName -Name $_.Name
}
# ── Restart all VMs ──
Get-AzVM -ResourceGroupName $ResourceGroupName |
Select-Object Name |
ForEach-Object {
Restart-AzVM -ResourceGroupName $ResourceGroupName -Name $_.Name
}
🚀 How to Create Your First Runbook — Step by Step
Create an Azure Automation Account
In the Azure portal, search for Automation Accounts → Create. Choose your subscription, resource group, and region.
Enable Managed Identity
Under your Automation Account → Identity → turn on System-assigned. Then assign it the Contributor or VM Contributor role on your target subscription or resource group.
Create a New Runbook
Go to Runbooks → Create. Pick PowerShell type, set Runtime Version to 7.4, and paste your script.
Test the Runbook
Click Test pane, fill in any parameters, and click Start. Watch the output stream in real time.
Publish & Schedule
Click Publish, then Link to schedule to run it on a recurring basis — e.g., every weekday at 7 PM to stop dev VMs.
🔧 Trigger a Runbook from PowerShell & Wait for Output
You can kick off runbooks programmatically — useful for CI/CD pipelines or when chaining automation tasks together. The snippet below starts a runbook and polls until it completes.
PowerShell — Start Runbook & Poll for Completion
$runbookName = "Stop-DevVMs"
$ResourceGroup = "Automation-RG"
$AutomationAcct = "MyAutomationAccount"
# Kick off the runbook job
$job = Start-AzAutomationRunbook `
-AutomationAccountName $AutomationAcct `
-Name $runbookName `
-ResourceGroupName $ResourceGroup
# Poll until the job reaches a terminal state
$doLoop = $true
While ($doLoop) {
$job = Get-AzAutomationJob `
-AutomationAccountName $AutomationAcct `
-Id $job.JobId `
-ResourceGroupName $ResourceGroup
$status = $job.Status
$doLoop = ($status -notin "Completed", "Failed", "Suspended", "Stopped")
Start-Sleep -Seconds 5
}
# Retrieve the runbook output
Get-AzAutomationJobOutput `
-AutomationAccountName $AutomationAcct `
-Id $job.JobId `
-ResourceGroupName $ResourceGroup `
-Stream Output
⚠️ Known Gotcha: Avoid using .\child-runbook.ps1 to call child scripts inside a runbook — it's not supported. Use Start-AzAutomationRunbook instead to invoke another runbook as a child job.
📌 Key Limitations to Know
Before you go all-in, here are the practical gotchas that catch people out:
- No Start-Job with -credential — Azure runbooks don't support this parameter; use Managed Identity instead.
- Source control doesn't support PS 7.4 — runbooks in source control are created as Runtime 5.1 when pushed.
- Child scripts via .\script.ps1 are unsupported — always use
Start-AzAutomationRunbook for child runbooks.
- Complex objects in variables must be JSON — use
ConvertTo-Json before storing objects with New-AzAutomationVariable.
- PowerShell Workflow is legacy — it's not supported in PS 7+ and can't be upgraded; migrate to PS runbooks.
🎯 Summary
Azure Automation is a powerful platform for any IT admin or DevOps engineer looking to eliminate repetitive cloud and hybrid tasks. Whether you're scheduling VM shutdowns, responding to alerts, or building multi-step orchestration pipelines, runbooks give you a reliable, scalable foundation.
Start simple — a PowerShell 7.4 runbook with a Managed Identity is all you need for most scenarios. Schedule it, test it in the test pane, and iterate. Once you're comfortable, explore Hybrid Runbook Workers to extend automation into your on-premises environment.
📖 Explore Full Azure Automation Docs →