Recently the question of how can we trigger stop all virtual machines (VMs) within the Azure platform when a certain event happens was posed. As I'm sure you're all aware there is a auto shutdown of VMs within Azure which is triggered using day/time. However this time we were being asked to trigger shut down of the VMs if a business event occurred or if an email alert from the monitoring system contained a certain word. In order to resolve this issue my colleague and I came up with the idea of using a shared mailbox in Office 365, Microsoft Flow and Azure Automation!
A shared mailbox within Office 365 is a free resource, it can be easily created and doesn't require a license assigned to it to operate. It does have some limitations but for this purpose and workflow it is ideal. Emails from the monitoring system would be directed to this mailbox and from there we check them with Microsoft Flow.
Back in September 2017 I wrote a "Getting started with Microsoft Flow" article if you want to get a good overview of the product, but if not it is a free workflow service within Office 365 that allows you to automate certain tasks that you would normally do manually. For this task we were going to utilise the power of Flow to monitor the shared mailbox for certain alerts.
Azure Automation helps you to complete control during deployment, operations, and decommissioning of workloads and resources. It has many great properties and purposes. It is made up of several key components but for the purposes of this situation we are concerned with the Automation Account, Runbook and Jobs.
The automation account is just what it says in the name, this account has permissions to your Azure resources and allows you to automate control over them. It also acts as a container for all the different components you need.
Runbooks are a set of instructions that need to be carried out. You can have Runbooks that are based on PowerShell code, Phyton 2, PowerShell Workflows or Graphical versions of PowerShell and PowerShell Workflows. With the PowerShell, Phyton 2 or PowerShell Workflow types you can import your own code, if you have that available to you. If you aren't a coder then you can use the Graphical versions of PowerShell and PowerShell Workflows and create your Runbooks. The graphical versions in my eyes are a bit clunky and I would always recommend, if you can write your own code. There is a Gallery available that has some Runbooks that others have created so you might be able find something that suits your needs in there, no point in reinventing the wheel where possible!
Jobs are a record of your Runbook being run. :)
Setting it all Up!
I'm not going to talk you through the setup of a shared mailbox within Office 365, but if you need some pointers the official Microsoft documentation guide is here - Create a Shared Mailbox. So now that that mailbox is setup the next step is to create your Automation Account and Runbook in Azure.
- Login to the Azure Portal - https://portal.azure.com
- Click on "Create a Resource" in the left hand corner and search for Automation
- When the Automation Account creation blade opens, follow these steps:
- Specify the a name for the automation account, this should be unique;
- Select the subscription the account should live in;
- Either create a new resource group or select an existing one;
- Select a relevant location to store the account in;
- And lastly leave the default option of creating an Run as Account turned on.
- It will take a few minutes for the automation account to be created. Once the Automation account has been set up go into it.
- Down the left hand side of the blade scroll down and find "Runbooks"
- Click on "Add a Runbook";
- Click "Create a new Runbook";
- Enter a name for the Runbook;
- Select what time of Runbook you wish to create, in this example I'll be using PowerShell
- The description is optional, but I would always advise adding one to help identify what you Runbook is doing.
- It will take a few seconds for your Runbook to create. Once it has select it from your Runbook list.
- Select Edit and add in your code and choose Publish. In order to trigger/run your Runbook you need to Publish it.
Now that your Automation Account and Runbook have been created we now need a way to trigger it by a system email alert or an email. In this example we are going to use Microsoft Flow. Microsoft Flow has several pricing plans and one of them is free. With the free plan you which enables you to create an unlimited amount of flows, run the 750 times a month and the flows will check in every 15 minutes
- Sign into the Microsoft Flow portal - https://flow.microsoft.com
- Click on My Flows
- Then Create from Blank
- Search for the "Office 365 Outlook - When a new email arrives in a shared mailbox" connector
- Type in the address of the shared mailbox
- Click on "Show Advanced Options"
- For this use case I want my Flow to trigger when the email has a specific word in the subject line, so I am going to enter ">80%" in the Subject Filter Line
- Now that you have enter the email requirements, click on Next Step
- Then Click on Add an Action
- Search for the "Azure Automation - Create Job" connector
- First select the subscription where your Runbook lives
- Second select the resource group where your Runbook lives
- Thirdly select the Automation Account
- And lastly select the Runbook you wish to trigger
- Your Flow is now complete, click on the Save Flow button
You should end up with a Flow like this:
You should now have a working Flow that will check a mailbox for a certain email and if those conditions are matched an Azure Automation Runbook will run! It's a fairly simply solution but does the job! You can expand it to add in some monitoring or have an email send after the Runbook has completed. The possibilities are endless! If you'd like to chat more about this please reach out to me on Twitter @Techielass