How to deploy Microsoft Runbook
Currently not working as intended
Methods described on this page are currently not working as intended due to a recent change by Microsoft blocking the connection. For the time being you have to rely on manual Provisioning via Microsoft PowerShell script execution. We will continue to monitor the situation and apologize for the inconvenience.
Before you start:
- This chapter will explain how Nimbus can be deployed automatically via Microsoft Runbook.
- The script will require administration privileges to run and in turn automatically apply Permissions used by Nimbus.
Read the Required Permissions page for more details. Two accounts are required for this operation:
- The Office 365 Connection has to be authorized with an account that will be sending the future approval Emails.
- The account must have mailbox enabled.
- The account must have Multi Factor Authentication disabled to run without interruption.
- The Azure Automation connection has to be authorized with an account that has permissions to start the deployed Automation Runbook.
- The Office 365 Connection has to be authorized with an account that will be sending the future approval Emails.
- The latest Runbook script can always be retrieved from the Nimbus Team > Provisioning section.
The script is team-unspecific so any team setting download button can be used. However the script is tied to your Nimbus version so always make sure to download and use the newest version.
The script will require various Powershell modules to come pre-installed. This will be done automatically during first script execution, but you can of course also prepare beforehand with a manual execution:
Module 1 MicrosoftTeams 2 MSAL.PS 3 Microsoft.Graph.Authentication 4 Microsoft.Graph.Applications 5 Microsoft.Graph.Identity.DirectoryManagement 6 Microsoft.Graph.Users 7 Microsoft.Graph.Users.Actions
Procedure
To deploy Nimbus Runbook, perform the following steps:
Azure Resource Group Creation
Download the Onboarding Script from the Portal depending on the chosen location:
- Switzerland: https://portal.luware.cloud/api/manifests/NimbusOnboarding.ps1
- Germany: https://portal.dewe-01.luware.cloud/api/manifests/NimbusOnboarding.ps1
- UK: https://portal.ukso-01.luware.cloud/api/manifests/NimbusOnboarding.ps1
Known Issue
ATTENTION - This script is currently not functioning as required. The runbook on Azure side is created but will fail on trigger. We are working on an improved version which mirrors the new features of Microsoft PowerShell provisioning script.
- Switzerland: https://portal.luware.cloud/api/manifests/NimbusOnboarding.ps1
Start a Powershell console
- Navigate to the Onboarding script folder in the Powershell console and run the Script
You will be asked to provide several different parameters (or you can choose to provide them in advance):
Name Required Description Notes / Links / Resources SubscriptionId Yes 
Azure Subscription ID where to deploy Nimbus assets resourceGroupName Yes Azure Resource Group name for Nimbus assets resourcePrefix Yes Resource prefix for Nimbus assets All the resources created will be prefixed with this string location Yes Azure location where Nimbus assets should be deployed Azure Geographies approvers Yes Either one or a List of Email-Addresses for change approvers.
Emails with pending change requests will be sent to these addressesHas to be separated with a semicolon ( ";" ) RunbookCredentials Yes Credentials for the user used in the Runbook to introduce changes in the Tenant
Will always be prompted on executionHas to have sufficient permissions to introduce\approve tenant level changes azureCredentials Yes Credentials to login to Azure to deploy the Runbook
Will always be prompted on executionHas to have sufficient permissions to deploy an ARM Template
Resource Group - App Authorization
Go to the deployed resource group and authorize two Logic App Connections (See Connectors for Azure Logic Apps → Connector configuration).
The Script will provide you with the needed links.