Execute a Runbook Against a Hybrid Runbook Worker

In this IT Pro Challenge virtual lab, you will learn how to set up and manage automation for monitoring within a hybrid Azure setting. You will get hands-on experience with Log Analytics OMS, Runbooks, and Hybrid Workers. These are fundamental administrative tasks and are essential for operational and security monitoring in a hybrid Azure setting.

1 hour
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


Lab Overview:

In this lab, you are an administrator in an Azure hybrid environment. (Note: Temporary Azure portal credentials are provided in your lab instructions.) You will learn how to establish a Hybrid Runbook Worker to perform automated tasks, such as running PowerShell commands on systems across your workspace and to make those logs available to the Log Analytics Operations Management Suite (OMS) workspace for use in operational and security monitoring and management. These tasks are important for administrators and security admins for performing log management, log analytics, and security information and event management functions.

Configure an Azure Automation account:

Here, you are provided temporary credentials to access the Azure portal. You will create an automation account, create and publish a PowerShell runbook for collecting a list of running services on the target systems, and create a shared resource credential for your Hybrid Runbook Worker.

Configure a Log Analytics workspace:

In this section, you will set up a Log Analytics OMS workspace for the ingestion of logs generated by the PowerShell runbook. You will configure the Azure automation solutions (‘Automation & Control’ and ‘Automation Hybrid Worker’) to connect to your Automation account.

Install the Microsoft Monitoring Agent:

The Microsoft Monitoring Agent (MMA), also referred to as the Log Analytics agent must be installed on your Hybrid Worker for it to collect and send logs to the Log Analytics workspace. In this section, you will install MMA on the Hybrid Worker virtual machine, and then connect it to the previously created Log Analytics workspace. This step may take up to ten minutes to complete, as the MMA agent must completely install on the system before it can connect to the workspace.

Configure the virtual machine as a Hybrid Runbook Worker:

For this task, you will configure your virtual machine to be a Hybrid Worker. You will need the URL and Primary Key from the Automation account that you previously created. Then you will ensure that the Hybrid Runbook Worker group has the needed credentials and that your worker has been appropriately registered.

Test the execution of the runbook against the Hybrid Runbook Worker:

Now that the Hybrid Runbook Worker is set up, you’ll test the execution of the runbook in your hybrid setting. This will execute the PowerShell cmdlet Get-Service, which will query the target systems for all running and stopped services. The output of Get-Service will display within the job page. Reviewing this output, consider the array of potential information that you can now automatically have access to and the value of automating similar tasks for operational and security monitoring of your hybrid Azure setting.

Lab Summary Conclusion:

This ‘Execute a Runbook Against a Hybrid Runbook Worker’ hands-on lab will give you the skills to employ automation in your hybrid Azure setting. These skills can be used for simplifying administrative tasks and increasing visibility into your environment. They will also help you strengthen your security posture and increase your security assurance. You will understand how to perform log collection, analytics, log management, and log review. This lab will enable you to effectively perform your job as an Azure administrator with the knowledge to establish a Hybrid Runbook Worker, create runbooks that periodically execute jobs, and gain access to that information in the log analytics workspace. The high-level tasks that you will perform are:

  • Configure an automation account.
  • Create a runbook.
  • Create a shared resource.
  • Configure a Log Analytics OMS workspace.
  • Configure solutions for a Hybrid Runbook Worker
  • Configure a virtual machine as a Hybrid Runbook Worker.
  • Test the execution of a runbook against a Hybrid Runbook Worker.

Other Challenges in this series

  • GUIDED CHALLENGE: Configure Monitoring of an Azure VM using OMS
  • ADVANCED CHALLENGE: Can You Enable Disk Encryption Using BitLocker and Key Vault?