| title | description | services | ms.subservice | ms.topic | ms.date | ms.custom |
|---|---|---|---|---|---|---|
What's new in Azure Automation |
Significant updates to Azure Automation updated each month. |
automation |
overview |
11/02/2021 |
references_regions |
Azure Automation receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:
- The latest releases
- Known issues
- Bug fixes
This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in Archive for What's new in Azure Automation.
Type: New feature
Azure Automation can send diagnostic audit logs in addition to runbook job status and job streams to your Log Analytics workspace. Read here for more information.
Type: New change
To strengthen the overall Azure Automation security posture, the built-in RBAC Reader role would not have access to Automation account keys through the API call - GET /automationAccounts/agentRegistrationInformation. Read here for more information.
Type: New change
Users can now restore an Automation account deleted within 30 days. Read here for more information.
Type: New feature
New scripts are added to the Azure Automation GitHub repository to address one of Azure Automation's key scenarios of VM management based on Azure Monitor alert. For more information, see Trigger runbook from Azure alert.
- Stop-Azure-VM-On-Alert
- Restart-Azure-VM-On-Alert
- Delete-Azure-VM-On-Alert
- ScaleDown-Azure-VM-On-Alert
- ScaleUp-Azure-VM-On-Alert
Type: New feature
Azure Automation now supports Managed Identities in Azure public, Azure Gov, and Azure China cloud. System Assigned Managed Identities is supported for cloud as well as hybrid jobs, while User Assigned Managed Identities is supported only for cloud jobs. Read the announcement for more information.
Type: New feature
Azure Automation support for PowerShell 7.1 runbooks is available as public preview in Azure public, Azure Gov, and Azure China clouds. Read the announcement for more information.
Type: New feature
Azure Automation released native integration of User Hybrid Runbook Worker for Azure VMs, and for non-Azure machines through Arc-enabled servers. Read the announcement for more information.
Type: New feature
Azure Automation added a critical security feature with Azure AD authentication support for all Automation service public endpoints. The feature has been implemented through Hybrid Runbook Worker extension support for Azure VMs and Arc-enabled servers.
This removes the dependency on certificates and enables you to meet your stringent audit and compliance requirements by not using local authentication methods. Read the announcement for more information.
Type: New feature
Source control integration in Azure Automation can now use managed identities instead of a Run As account. For more information, see source control integration prerequisites.
Type: New Feature
Azure Automation now supports Az modules by default. New Automation accounts created include the latest version of Az modules - 6.4.0 by default. Automation also includes an option in the Azure portal - Update Az Modules enabling you to update Az modules in your existing Automation accounts. Read the announcement for more information.
Type: Plan for change
Customers should evaluate and plan for migration from Azure Automation State Configuration to Azure Policy guest configuration. For more information, see Azure Policy guest configuration.
Type: New feature
Azure Automation now supports user-assigned Managed Identities for cloud jobs in Azure global, Azure Government, and Azure China regions. Read the announcement for more information.
Type: New feature
Customers can manage and secure encryption of Azure Automation assets using their own managed keys. With the introduction of customer-managed keys, you can supplement default encryption with an extra encryption layer using keys that you create and manage in Azure Key Vault. This additional level of encryption should help you meet your organization’s regulatory or compliance needs.
For more information, see Use of customer-managed keys.
Type: Plan for change
Microsoft intends to remove the Automation account rights from the Log Analytics Contributor role. Currently, the built-in Log Analytics Contributor role can escalate privileges to the subscription Contributor role. Since Automation account Run As accounts are initially configured with Contributor rights on the subscription, it can be used by an attacker to create new runbooks and execute code as a Contributor on the subscription.
As a result of this security risk, we recommend you don't use the Log Analytics Contributor role to execute Automation jobs. Instead, create the Azure Automation Contributor custom role and use it for actions related to the Automation account.
Type: New feature
For more information, see Data residency in Azure and select your geography from the drop-down list.
Type: Plan for change
Start/Stop VMs during off-hours (v1) will deprecate on May 21, 2022. Customers should evaluate and plan for migration to the Start/Stop VMs v2 (preview). For more information, see Start/Stop v2 overview (preview).
Type: New feature
Region mapping has been updated to support Update Management and Change Tracking in Norway East, UAE North, North Central US, Brazil South, and Korea Central. For more information, see Supported mappings.
Type: New feature
Azure Automation now supports system-assigned managed identities for cloud and hybrid jobs in Azure global and Azure Government regions. Read the announcement for more information.
If you'd like to contribute to Azure Automation documentation, see the Docs Contributor Guide.