Document Details

Automation Send Email
Home / Scan 41 / Automation Send Email
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ powershell_heavy
⚠️ windows_first
⚠️ missing_linux_example
⚠️ windows_tools
Summary:
The documentation exclusively uses PowerShell for all examples and instructions, assumes the use of PowerShell-based Az modules, and does not provide any Linux shell (Bash/CLI) or cross-platform alternatives. All automation and scripting steps are presented in PowerShell, which is traditionally associated with Windows environments, and there is no mention of Azure CLI or Bash scripting, which are more common on Linux systems. The documentation also refers to installing the Azure Az PowerShell module on 'your machine' without clarifying cross-platform support.
Recommendations:
  • Provide equivalent Azure CLI (az) and/or Bash script examples alongside PowerShell for all major steps, including authentication, Key Vault management, and sending email via SendGrid.
  • Explicitly mention that PowerShell Core is cross-platform, or clarify if the instructions are Windows-specific.
  • Include a section or callout for Linux/macOS users, outlining any differences or prerequisites for running the scripts on non-Windows platforms.
  • Reference and link to Azure CLI documentation where appropriate, and suggest it as an alternative to PowerShell for users on Linux.
  • Ensure that all tooling and module installation instructions are cross-platform or provide platform-specific guidance.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-07-12 23:44 #41 in_progress ❌ Biased
2025-07-12 00:58 #8 cancelled ✅ Clean
2025-07-10 05:06 #7 processing ✅ Clean
2025-07-09 23:22 #6 cancelled ✅ Clean

Flagged Code Snippets

# Sign in to your Azure subscription $sub = Get-AzSubscription -ErrorAction SilentlyContinue if(-not($sub)) { Connect-AzAccount } # If you have multiple subscriptions, set the one to use # Select-AzSubscription -SubscriptionId <SUBSCRIPTIONID>
$resourceGroup = "<Resource group>" $automationAccount = "<Automation account>" $region = "<Region>" $SendGridAPIKey = "<SendGrid API key>" $VaultName = "<A universally unique vault name>" $userAssignedManagedIdentity = "<User-assigned managed identity>"
# Create the new key vault $newKeyVault = New-AzKeyVault ` -VaultName $VaultName ` -ResourceGroupName $resourceGroup ` -Location $region $resourceId = $newKeyVault.ResourceId # Convert the SendGrid API key into a SecureString $Secret = ConvertTo-SecureString -String $SendGridAPIKey ` -AsPlainText -Force Set-AzKeyVaultSecret -VaultName $VaultName ` -Name 'SendGridAPIKey' ` -SecretValue $Secret # Grant Key Vault access to the Automation account's system-assigned managed identity. $SA_PrincipalId = (Get-AzAutomationAccount ` -ResourceGroupName $resourceGroup ` -Name $automationAccount).Identity.PrincipalId Set-AzKeyVaultAccessPolicy ` -VaultName $vaultName ` -ObjectId $SA_PrincipalId ` -PermissionsToSecrets Set, Get # Grant Key Vault access to the user-assigned managed identity. $UAMI = Get-AzUserAssignedIdentity ` -ResourceGroupName $resourceGroup ` -Name $userAssignedManagedIdentity Set-AzKeyVaultAccessPolicy ` -VaultName $vaultName ` -ObjectId $UAMI.PrincipalId ` -PermissionsToSecrets Set, Get
New-AzRoleAssignment ` -ObjectId $SA_PrincipalId ` -ResourceGroupName $resourceGroup ` -RoleDefinitionName "Reader"
$VaultName = "<your KeyVault name>" $resourceGroup = "<your ResourceGroup name>" Remove-AzKeyVault -VaultName $VaultName -ResourceGroupName $resourceGroup
New-AzRoleAssignment ` -ObjectId $UAMI.PrincipalId` -ResourceGroupName $resourceGroup ` -RoleDefinitionName "Reader"
$UAMI.ClientId
Param( [Parameter(Mandatory=$True)] [String] $destEmailAddress, [Parameter(Mandatory=$True)] [String] $fromEmailAddress, [Parameter(Mandatory=$True)] [String] $subject, [Parameter(Mandatory=$True)] [String] $content, [Parameter(Mandatory=$True)] [String] $ResourceGroupName ) # Ensures you do not inherit an AzContext in your runbook Disable-AzContextAutosave -Scope Process # Connect to Azure with system-assigned managed identity $AzureContext = (Connect-AzAccount -Identity).context # set and store context $AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext $VaultName = "<Enter your vault name>" $SENDGRID_API_KEY = Get-AzKeyVaultSecret ` -VaultName $VaultName ` -Name "SendGridAPIKey" ` -AsPlainText -DefaultProfile $AzureContext $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add("Authorization", "Bearer " + $SENDGRID_API_KEY) $headers.Add("Content-Type", "application/json") $body = @{ personalizations = @( @{ to = @( @{ email = $destEmailAddress } ) } ) from = @{ email = $fromEmailAddress } subject = $subject content = @( @{ type = "text/plain" value = $content } ) } $bodyJson = $body | ConvertTo-Json -Depth 4 $response = Invoke-RestMethod -Uri https://api.sendgrid.com/v3/mail/send -Method Post -Headers $headers -Body $bodyJson