Remove-ElevatedAccess-Automation

1.0.0

This script is designed to run in an Azure Automation account and be triggered by a Logic App.
It uses the System Assigned Managed Identity of the Automation Account to authenticate to Azure.
The script removes Elevated Access in Entra by removing the User Access Administrator
role assignment at the root scope ("/") for the specified user.

The script provides structu
This script is designed to run in an Azure Automation account and be triggered by a Logic App.
It uses the System Assigned Managed Identity of the Automation Account to authenticate to Azure.
The script removes Elevated Access in Entra by removing the User Access Administrator
role assignment at the root scope ("/") for the specified user.

The script provides structured output that can be consumed by the calling Logic App.

Show more

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Remove-ElevatedAccess-Automation

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025 Cloudy With a Chance of Security. All rights reserved.

Package Details

Author(s)

  • Sebastian Flæng Markdanner

Tags

Azure Automation Entra Elevated Access Managed Identity

Functions

Get-Timestamp

Dependencies

This script has no dependencies.

Release Notes

Initial release of the script to remove Microsoft Entra Elevated Access using Azure Automation Account with Managed Identity.

FileList

Version History

Version Downloads Last updated
1.0.0 (current version) 7 2/19/2025