Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Cloud Computing

Starting an Azure Runbook from Your Phone

phone call

In this post, I am going to show you a way to make it easy for people to execute Azure Automation runbooks from their phone. This solution, based on Office 365 Flow, does not require signing into the Azure admin app or the Azure Portal. It is also very easy. For example, a user can start or stop a line-of-business (LOB) app with the click of a single button.



Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The Desired Solution

In my demo lab, I have deployed an Azure Automation account called auto-petriauto. There are two custom runbooks in the account for starting and stopping a set of virtual machines that make up an LOB app:

  • StartVMs
  • StopVMs

The runbooks in Azure Automation [Image Credit: Aidan Finn]
The Runbooks in Azure Automation [Image Credit: Aidan Finn]

In my solution, I want to create a button in Flow for each runbook. When I install the Flow app on my phone, each of these buttons will appear. If I click the StartVMs button, Flow will reach out to Azure Automation, via a webhook, and trigger the execution of the StartVMs runbook. The result is a very easy way to start and stop my LOB app without having to do anything with Azure on a day-to-day basis.

I have actually used this solution to start up and shut down demo labs on demand to save credit. I like it because it is very quick and easy to do.

Note: The Runbook Gallery in Azure Automation is full of examples for starting/stopping virtual machines.


The first step of the solution is to make the runbooks’ triggers available to external systems. This is accomplished by creating a webhook for each runbook.

Tip: Make sure the runbooks are published before proceeding.

  1. Open the runbook.
  2. Go to webhooks.
  3. Add a webhook.
  4. Make sure you copy and save the URL for the webhook before you finish the creation. You cannot retrieve it afterward.
Make sure you save the webhook URL before finishing the wizard [Image Credit: Aidan Finn]
Save the Webhook URL Before Finishing the Wizard [Image Credit: Aidan Finn]

Office 365 Flow

We are going to create two buttons or connectors in Flow, one for each runbook.

Sign into the Office 365 Portal, launch the Flow service, and go to My Flows. Click the button to Create A Flow From Blank. A number of trigger templates are available to use. A trigger is something that starts a flow (or workflow). Our trigger will be a button that appears in the Flow mobile app, so search for Button.

A mobile app button will be our Flow trigger [Image Credit: Aidan Finn]
A Mobile App Button Will be Our Flow Trigger [Image Credit: Aidan Finn]

A screen will load to display your trigger. Click the button trigger to continue.

Another screen loads to show the construction of the flow. Name the flow. Now, we have one-half of the flow: the trigger. We need to add an action. Click New Step to add an action step.

Add the HTTP action to the flow [Image Credit: Aidan Finn]
Name the Fow/Button That Starts the Azure Automation Runbook [Image Credit: Aidan Finn]

Search for and select the HTTP trigger/connector.

Add the HTTP action to the flow [Image Credit: Aidan Finn]
Add the HTTP Action to the Flow [Image Credit: Aidan Finn]

The screen for configuring an HTTP action will load. Click Show Advanced Options at the bottom. Enter the following information:

  • Method: Select the POST action.
  • URI: Paste in the webhook URL of the runbook that will be associated with this connector.
  • Authentication: Select Basic.
  • Username and Password: Enter credentials for the Azure subscription that have run rights to the runbooks in Azure.

Configure the new HTTP Connector to start an Azure Automation runbook [Image Credit: Aidan Finn]
Configure the New HTTP Connector to Start an Azure Automation Runbook [Image Credit: Aidan Finn]

Click Save Flow and wait for the save to complete. You then repeat all of the above Flow steps for any additional runbooks. In my case, I did all of this twice: once for the StartVMs runbook and one for the StopVMs runbook. My two flows are shown below:

Two flows – one to start and one to stop my Azure virtual machines [Image Credit: Aidan Finn]
Two Flows: One to Start and One to Stop the Azure Virtual Machines [Image Credit: Aidan Finn]

Flow App on Mobile Phone

You do not need to sign into the Office 365 Portal to use Flow; Microsoft has published Flow apps for iOS and Android. Install the app and sign in using the same credentials as your Office 365 user. Go to Buttons (the bottom navigation bar) and the flows that you created should appear. My buttons in the Flow app for starting and stopping Azure virtual machines using Azure Automation runbooks can be seen in the Android screenshot below.

Start & stop Azure virtual machines using Microsoft Flow app on a phone [Image Credit: Aidan Finn]
Start and Stop Azure Virtual Machines Using Microsoft Flow App on a Phone [Image Credit: Aidan Finn]

Everything is in place! If I want to shut down my LOB app, all I have to do is open the Flow app and press the Stop LOB App button. My part is ended. To check behind the scenes:

  1. The Flow service will do an HTTP POST to the webhook for the StopVMs runbook.
  2. Azure Automation will receive the HTTP POST and start the runbook.
  3. Soon afterward, my virtual machines will be shut down.

A similar set of activities will take place when I press the Start LOB App.

Extending the Concept

Webhooks provide us with a mechanism to extend outside of the system. In the above example, I have made it possible to start an Azure Automation runbook from a system outside of Azure. One could take this concept and use it in anything:

  • An external monitoring system
  • A task management system
  • An LOB app running in AWS or Google compute

In my lab, I used two tenants:

  • One for Office 365 using a “work” (Azure AD) account
  • Another for Azure using a “personal” (Microsoft) account

This means that a Microsoft partner could use webhooks to manage systems for its many managed customers.

Another interesting concept is that of delegation. Maybe the end user of the LOB app has no administrative rights in Azure. In Office 365 Flow, it is possible to share a flow with someone in the same Office 365 tenant. I, the administrator, can make a flow and share it with the end user. Then the end user could start and stop their LOB app on demand.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: