Shulou(Shulou.com)06/02 Report--

Let's go back to our original requirements and take a look at how the email switch should solve the security problem.

To analyze this requirement, we can actually implement it through Microsoft Flow + Azure Automation. First, the O365 mailbox receives mail, then the runbook of Azure Automation is triggered by Flow, and the tasks we need to perform are defined in runbook, so that the functions we need can be realized.

And authentication is actually used here in the second way we talked about earlier, that is, service principal. Automation itself is actually the way of service principal. In Azure AD, you can actually see the application registered by automation.

When Flow triggers runbook, you can actually trigger webhook through Flow, while automation can create webhook directly, so you can trigger Azure automation's webhook directly through Flow, and our requirements can be realized.

If anyone doesn't know much about Microsoft Flow, you can make a brief introduction here.

Microsoft Flow is actually the service of an online workflow, which can perform some automated tasks among multiple app. There are many systems connected with Flow, such as Facebook,Twitter,Dynamic CRM,O365.

Currently, more than 200 services can be connected through Flow. Here are some of them.

Through Flow, we can develop some automated processes. For example, if you want to notify someone when there is negative news in Yammer, this requirement can be realized through Flow combined with other services.

First connect to Yammer- through Flow > call cognitive service text analysis API to check whether the emotion is negative-> if it is negative, you can also call Microsoft Translator to translate the text into another language-> finally call email to send a message notification

This is a standard Flow.

Corresponding to our needs, it is a little simpler than what I mentioned above.

First of all, identify the keyword by calling email. If the keyword-> triggers webhook, execute the corresponding runbook in Automation. If you want to be more complicated, you can add some judgment logic. Different keywords can call different webhook to achieve different functions.

We are going to implement a simple logic here, indicating whether to turn it on or off in the theme of email, and then call different webhook according to the keyword. If you want to call webhook, of course, the webhook must exist first. Here, create the webhook in Azure automation.

After logging in to Azure Portal, find automation and create a new boot runbook

The type of Runbook can choose ordinary PowerShell.

Then create a shutdown runbook according to this, of course, create a single runbook, and then control the switch according to the parameters.

Once created, click Edit

Write the corresponding code and click publish

$connectionName = "AzureRunAsConnection" $servicePrincipalConnection = Get-AutomationConnection-Name$ connectionName$logonAttempt = 0$ logonResult = $Falsewrite-output "Login to Azure" while (! ($connectionResult)-And ($logonAttempt-le 10)) {$LogonAttempt++# Logging in to Azure...$connectionResult = Connect-AzureRmAccount `- ServicePrincipal`-TenantId $servicePrincipalConnection.TenantId `- ApplicationId $servicePrincipalConnection.ApplicationId`-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprintStart-Sleep-Seconds 1} write-output "Start auto VM" import-module AzurermStart-AzureRmVM-ResourceGroupName mxyjpwest-Name automationvm

After that, add a webhook to the runbook

Note that the URL of webhook must be saved here, because the URL will not be visible after it is created. Create a webhook after saving it.

You can already see it in webhook.

Then, according to this method, the webhook of shutdown is created, and the preparation of Azure is completed.

Then start preparing that Flow,Flow is actually included in the subscription of Global Office 365, so log in to Global O365 directly and select Flow

Select create from a blank template

Here you choose to receive a new email

Select the recipient, and then add a new step

Then select Control-> condition

Set up according to the following conditions

After that, if it is an add operation,

Search webhook

Enter the webhook URL saved before, and pay attention to ensuring the security of the URL, because the URL contains token, which is equivalent to directly having the permission to perform the operation.

Then set a parallel condition to determine whether the message subject contains stop, and then add the webhook of the corresponding stop

After the completion, the whole thing is like this.

And then send an email for a wave of tests.

After a moment, you can see that Flow has been triggered!

As you can see in automation, runbook is also in running!

After a moment, VM is already in stopped state.

You can clearly see a shutdown operation triggered by an automation account in log.

By the same token, send another email from start

After that, you can see that VM has automatically start, and the test is complete!

Of course, this application scenario is very simple, but Flow and automation can really create a lot of scenarios! I hope to have time for more research in the future.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.