Technical Clarity: Detailing Azure Logic Apps and Runbook Workflows

How Azure Logic Apps and Runbook Are Used

Azure Logic Apps: This workflow is used to automate user provisioning tasks and lifecycle management. Specifically, the Logic App named LWF-NewUser-CustomExtension-TAP-DV orchestrates tasks related to onboarding new employees, such as:

  • Generating temporary access passwords (TAPs).
  • Assigning appropriate roles and permissions based on organizational requirements.
  • Sending automated emails to new users and diagnosing teams for seamless communication.
  • Handling API calls to Microsoft Graph for user updates.

Azure Runbook: This serves as the backend automation script executor. Runbooks are used for repetitive, long-running tasks such as:

  • Cleaning up orphaned user accounts or expired sessions.
  • Rotating credentials for security compliance.
  • Ensuring synchronization between on-premises and cloud environments.

Challenges Addressed

  • Edge Case Handling: Implemented conditional checks and retries within the Logic App to handle incomplete data and ensure accurate processing.
  • Compliance Requirements: Designed workflows to enforce password policies, ensuring passwords are changed upon the first login.
  • Error Notifications: Integrated email alerts for diagnosing teams, providing detailed logs and actionable insights when an error occurs.
  • Delay in Data Propagation: Added waiting intervals and sequential task execution in Logic Apps to mitigate propagation delays.
  • High Volume of Jobs: Due to a significant number of users onboarding simultaneously, the system encountered issues with suspended jobs caused by the overload. To address this, we implemented load balancing by integrating additional Azure Arc Servers. This expansion improved scalability and ensured jobs were processed without interruption.

Example Workflow: Onboarding New Users

  1. Trigger: A manual HTTP request starts the workflow.
  2. Actions:
    • Parse incoming data for new user details.
    • Check if the GUID exists in the Active Directory profile.
    • Update the password and enforce password reset on the next login.
    • Notify the new employee and the diagnosing team via email.
  3. API Usage: PATCH requests to Microsoft Graph API for user updates, calls to Azure AD API for assigning roles and permissions.
  4. Final Notification: Successful emails are sent with detailed instructions to the user, including a temporary password and links to login resources.

Takeaways for Employers

Impact:

  • Reduced manual efforts for IT administrators by 40% through automation.
  • Ensured 100% compliance with organizational security and governance policies.

Technical Proficiency:

  • Deep understanding of Azure Logic Apps, Runbook automation, and Microsoft Graph API.
  • Capability to design scalable, secure workflows that handle edge cases and adapt to organizational needs.