services / Azure / Azure Automation connection asset
An Azure Automation Connection asset stores the authentication configuration runbooks use to connect to external services (e.g. service principal app/tenant IDs, certificate thumbprints, subscription bindings). Secret field values are stored encrypted and write-only.
Connection assets reference credential material, but the control plane does not return the encrypted secret field values in plaintext; they are resolved only at runbook runtime via Get-AutomationConnection.
Microsoft.Automation/automationAccounts/connections/delete
Deleting a connection asset removes the stored credential/connection configuration that runbooks depend on, destroying the credential material and breaking dependent automation jobs (denial of service to those workflows).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security