Before you start:

  • This chapter will explain how Nimbus can be deployed automatically via Microsoft Runbook
  • The script will require administration privileges to run and in turn automatically apply Permissions used by Nimbus.
    (info) Read the Required Permissions page for more details.
  • Two accounts are required for this operation: 

    • The Office 365 Connection has to be authorized with an account that will be sending the future approval Emails.
      • The account must have mailbox enabled. 
      • The account must have Multi Factor Authentication disabled to run without interruption.
    • The Azure Automation connection has to be authorized with an account that has permissions to start the deployed Automation Runbook.

  • The latest Runbook script can always be retrieved from the Nimbus Team  > Provisioning section. 
    (lightbulb) The script is team-unspecific so any team setting download button can be used. However the script is tied to your Nimbus version so always make sure to download and use the newest version.

  • The script will require various Powershell modules to come pre-installed. This will be done automatically during first script execution, but you can of course also prepare beforehand with a manual execution:


    ModuleNameVersionGUID
    1Az.Accounts1.9.417a2feff-488b-47f9-8729-e2cec094624c
    2Az.Resources2.5.148bb344d-4c24-441e-8ea0-589947784700
    3AzureAD2.0.2.116d60c0004-962d-4dfb-8d28-5707572ffd00
    4MSOnline1.1.183.57d162594e-d7aa-42be-9884-84928d3f7acf
    5MicrosoftTeams2.0d910df43-3ca6-4c9c-a2e3-e9f45a8e2ad9

Procedure

To deploy Nimbus Runbook, perform the following steps:

Azure Resource Group Creation

  1. Download the Onboarding Script from the Portal depending on the chosen location:

    Known Issue

    ATTENTION - This script is currently not functioning as required. The runbook on Azure side is created but will fail on trigger. We are working on an improved version which mirrors the new features of Microsoft PowerShell provisioning script.

  2. Start a Powershell console

  3. Navigate to the Onboarding script folder in the Powershell console and run the Script
  4. You will be asked to provide several different parameters (or you can choose to provide them in advance):

    NameRequiredDescriptionNotes / Links / Resources
    SubscriptionIdYes (tick)Azure Subscription ID where to deploy Nimbus assets
    resourceGroupNameYes (tick)Azure Resource Group name for Nimbus assets

    Azure Resource Manager - Resource Groups

    resourcePrefixYes (tick)Resource prefix for Nimbus assetsAll the resources created will be prefixed with this string
    locationYes (tick)Azure location where Nimbus assets should be deployedAzure Geographies
    approversYes (tick)

    Either one or a List of Email-Addresses for change approvers.

    (info) Emails with pending change requests will be sent to these addresses

    Has to be separated with a semicolon ( ";" )
    RunbookCredentialsYes (tick)

    Credentials for the user used in the Runbook to introduce changes in the Tenant

    (info) Will always be prompted on execution

    Has to have sufficient permissions to introduce\approve tenant level changes
    azureCredentialsYes (tick)

    Credentials to login to Azure to deploy the Runbook

    (info) Will always be prompted on execution

    Has to have sufficient permissions to deploy an ARM Template

Resource Group - App Authorization

  1. Go to the deployed resource group and authorize two Logic App Connections (See Connectors for Azure Logic Apps → Connector configuration).
    (info) The Script will provide you with the needed links.