scjoe1

Self Service Teams Portal – Start VM PDF

Intro-

Using MS Teams, Forms, Azure Logic App and Azure Automaton you can create a Self Service Portal inside of Teams for users to perform a variety of automation tasks such as “Start Azure VM”.  This portal becomes very useful since you can add / modify with very little development work and not elevate permissions inside of Azure.  Similar solutions are offered by ServiceNow, but unless you have access to create Service Catalog Items and Orchestration this makes a great alternative and very simple to create and maintain.

Prerequisites

  • Azure Service Account with O365 licensing
  • Azure Automation Account is setup and module AzureRM.Compute added
  • Forms App added to MS Teams

How To-

Add MS Forms connection to your Teams Channel you want the Form to be available.  In this example I have created a Teams Channel called “Service Management Automation” where I place all my automated forms accessible only to select users.

Select “Add a Tab”

Screenshot_1

Select “Forms”

Screenshot_2

Select “Create a shared form that your team can edit and see results” and name it how you want it to appear in Teams and select “Save”

Screenshot_3

Start customizing the form, you can add multiple questions and themes.  Another great feature is language which you can easily toggle when filling the form out.  This is a fantastic feature if your audience is in multiple countries.

Screenshot_4

Screenshot_5

Screenshot_6

You can even preview how the form will look on a mobile device

Screenshot_9

After you are done customizing, lets remove the edit view of the form by selecting “Remove” from the drop down

Screenshot_7

Now add the Form in its “Fill” view by selecting “Add a Tab” and selecting “Forms” then this time select “Add an existing form” and select the form you just created

Screenshot_8

Now that your Form is available in teams, we need to retrieve the “Form ID” that will be required from office.com.  Log into office.com, select Forms, select Group Forms, and your Forms will be available to select.  After Selecting it you need to copy all of the text after “Formid=” and paste it to notepad.  We will need this later on*

Screenshot_10

Screenshot_11

Screenshot_12

Now log into the Azure Portal and create a Logic App

Screenshot_13

Now we will need to create a trigger for the Logic App, search for “forms” and select “When a new response is submitted” from “Microsoft Forms” NOT Forms PRO

Screenshot_14

Select “Enter custom value” and input the “Form id” from the text you copied from the url from office.com

Screenshot_24a

Select “New Step” and Select “Get response details” from Forms and input the “Form id” again and for “Response ID” select “List of response notifications ID”

Screenshot_15

Screenshot_16

Now we are going to switch gears.  We will use Azure Automation to query the VM’s resource group which is required when performing any Azure VM action inside of Logic Apps.  Alternatively you can ask the end user to input this into the form, but that would be counter productive and if you can automate it DO IT.

Save your Logic App and navigate to Azure Automation where you have setup an Automation Account and loaded the module “AzureRM.Compute”.  Create a  runbook and select “PowerShell” as the runbook type

Screenshot_18

We will be passing the VM name as a parameter from Logic App and using “Get-AzureRMVM” to retrieve the Resource Group name.   The rest of the script is standard connection for running a Azure Automation runbook.

Screenshot_20

<#
    .DESCRIPTION
        Gets Azure VM’s Resource Group, using the Run As Account (Service Principal)
    .NOTES
        AUTHOR: Joe Popich
        LASTEDIT: May 11, 2020
#>
Param
(
  [Parameter (Mandatory= $true)]
  [String] $VMName
)
$connectionName = “AzureRunAsConnection”
try
{
    # Get the connection “AzureRunAsConnection “
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
    “Logging in to Azure…”
    Add-AzureRmAccount `
        -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = “Connection $connectionName not found.”
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}
#Get all ARM resources from all resource groups
Get-AzureRmVM -name $VMName | Select-Object -ExpandProperty resourcegroupname

Save and Publish.  You can run a test to make sure you are prompted for the VMName.  Now lets go back to your Logic App and add the next step “Create Job” from Azure Automation.  Select the Automation Account you just used to create the Runbook and Runbook Name.  Select “Yes” for Wait for Job, and the mandatory Runbook Parameter “VM Name” will appear.  Select “VM Name:” from your Form

Screenshot_21

 

Next Step to create is “Get Job output” from Azure Automation.  Select you Automation Account again and under Job ID select “Job ID” from you previous step

Screenshot_23
Screenshot_22

 

Next Step we will be utilizing the “Azure VM” connector.  This is new and previously we would perform this step in Azure Automation, but for this demo I want to use this is connector.  Select “Start virtual machine”.  Use “Content” from “Create Job” and “VM Name” from your Form response

Screenshot_25
Screenshot_30

 

Now Envoyer / Submit!

That’s is it, with this 6 step process you can have limited access users start their own VM’s by access to a Teams channel.  I have my own Private Teams Admin channel where I provision VM’s and migrate them between regions using the same tools we just implemented.  Sky is the limit!

-LL&P

Popich36

 

 

Advertisement