Azure Runbooks - Privilege required

0
votes

We have several subscriptions in a Tennant and we have one restricted subscription which only a few have access to.

We need to configure diagnostic settings using Azure automation Runbooks for several resources across subscriptions and and point it to a log analytics workspace in the restricted subscription.

How do we do this? Do we need to create service principals? Or run as accounts? Or something else ?

Thank you for your help, Kelly

1
azure-active-directoryazure-automationazure-log-analyticsazure-runbook

1 Answers

0
votes

Based on this reference, your requirement should be feasible by having one Azure RunAs Automation account in a subscription and running it's runbook(s) across multiple subscriptions. Having said that, the RunAs account would need appropriate permissions on all those multiple subscriptions. For more information w.r.t configuring permissions to access resources in another subscription, please refer this document.

Hope this helps!!