How to Automate Azure Portal Data Export (No API Required)

Idan Raman • Co-founder and CEO at Anchor Browser

Featured Answer:

The Azure Portal manages subscriptions, resources, and identity on Azure. Browser automation provides provisioning, RBAC tasks, and AD/identity sync when API or Azure CLI access is limited or portal-first.

Introduction
Why Use Browser Automation for Azure Portal?
Setting Up Azure Portal Automation
Use Case 1: Provisioning
Use Case 2: RBAC Tasks
Use Case 3: AD/Identity Sync
Exporting Cost and Activity Data
Best Practices for Azure Portal Automation
Handling Authentication
Resources
Conclusion

Introduction

The Azure Portal is used to manage subscriptions, resources, identity, and governance across Microsoft Azure. While Azure offers ARM, REST APIs, and Azure CLI, browser automation provides a powerful solution for provisioning resources, RBAC tasks, and Azure AD/identity sync when direct API or CLI access is limited or when teams rely on the portal UI.

Why Use Browser Automation for Azure Portal?

Limited API or CLI Access: RBAC and tenant policies can restrict which operations are allowed via API/CLI
Provisioning: Create resource groups, VMs, storage, and other resources from the portal when ARM/Bicep or Terraform is not in place
RBAC Tasks: Assign roles, manage access at subscription/resource group/resource scope, and audit assignments from the portal
AD/Identity Sync: Manage Azure AD (Entra ID) users, groups, app registrations, and sync settings when Graph API or PowerShell is limited
Portal-Only Features: Some wizards, blades, and reports are only or easier in the web UI
Cross-Subscription and Cross-Tenant: Operate across subscriptions and directories in one browser session
Audit and Compliance: Capture portal actions and export data for governance and security reviews

Setting Up Azure Portal Automation

Here's how to automate provisioning, RBAC, and AD/identity sync in the Azure Portal using browser automation:



import { chromium } from 'playwright';

const response = await fetch("https://api.anchorbrowser.io/api/sessions", {
  method: "POST",
  headers: {
    "anchor-api-key": "YOUR_API_KEY",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    'headless': false,
    'proxy': { 'type': 'residential', 'country': 'US' }
  }),
});

const { id } = await response.json();
const connectionString = `wss://connect.anchorbrowser.io?apiKey=YOUR_API_KEY&sessionId=${id}`;

const browser = await chromium.connectOverCDP(connectionString);
const context = browser.contexts()[0];
const ai = context.serviceWorkers()[0];
const page = context.pages()[0];

await page.goto("https://portal.azure.com");

await ai.evaluate(JSON.stringify({
  prompt: 'Log in to Azure Portal: sign in with Microsoft account or work account, complete MFA if required, and wait for the portal home or dashboard to load.'
}));

Use Case 1: Provisioning

Create resource groups and resources from the portal when IaC is not available:



const runAzureProvisioning = async (page, ai, criteria) => {
  await ai.evaluate(JSON.stringify({
    prompt: `Navigate to the appropriate service in Azure Portal: ${criteria.service || 'Resource groups'} or Create a resource. Select subscription ${criteria.subscriptionId || 'default'}.`
  }));
  
  await ai.evaluate(JSON.stringify({
    prompt: criteria.resourceType === 'resourceGroup'
      ? `Create resource group: name ${criteria.name || 'my-rg'}, region ${criteria.region || 'East US'}.`
      : `Create resource: type ${criteria.resourceType || 'Virtual machine'}, name ${criteria.name}, resource group ${criteria.resourceGroup}. Use defaults or specified config. Deploy.`
  }));
  
  await page.waitForLoadState('networkidle');
  
  const result = await ai.evaluate(JSON.stringify({
    prompt: 'Return a short summary: resource or resource group created. As JSON: { resourceId or name, provisioningState, completedAt }.'
  }));
  
  return { ...JSON.parse(result), completedAt: new Date().toISOString() };
};

Use Case 2: RBAC Tasks

Assign roles and manage access at subscription, resource group, or resource scope:



const runRbacTasks = async (page, ai, criteria) => {
  await ai.evaluate(JSON.stringify({
    prompt: `Navigate to Access control (IAM) for ${criteria.scope || 'subscription or resource group'}. Open the correct subscription/resource group if needed.`
  }));
  
  await ai.evaluate(JSON.stringify({
    prompt: criteria.action === 'assign'
      ? `Add role assignment: role ${criteria.role || 'Reader'}, assign to ${criteria.principalId || criteria.principalName || 'user/group'}. Save.`
      : `View role assignments. Extract list: principal, role, scope. Return as JSON array. Or remove assignment for ${criteria.principalName || 'specified principal'} if action is remove.`
  }));
  
  await page.waitForLoadState('networkidle');
  
  const summary = await ai.evaluate(JSON.stringify({
    prompt: 'Return structured JSON: { assignmentsCount or changed, scope }. No secrets.'
  }));
  
  return {
    action: criteria.action,
    summary: typeof summary === 'string' ? JSON.parse(summary) : summary,
    completedAt: new Date().toISOString()
  };
};

Use Case 3: AD/Identity Sync

Manage Azure AD (Entra ID) users, groups, and app registrations from the portal:



const runAdIdentitySync = async (page, ai, criteria) => {
  await ai.evaluate(JSON.stringify({
    prompt: 'Navigate to Azure Active Directory (Microsoft Entra ID) in Azure Portal. Or use the Azure AD blade from the portal home.'
  }));
  
  await ai.evaluate(JSON.stringify({
    prompt: criteria.section === 'users'
      ? `Users: ${criteria.action || 'list'}. If bulk add/update, use the specified list. Do not export passwords.`
      : criteria.section === 'groups'
        ? `Groups: ${criteria.action || 'list or sync'}. Add/remove members if specified.`
        : `App registrations or Enterprise apps: ${criteria.action || 'list'}. Extract app names and IDs. Return as JSON.`
  }));
  
  await page.waitForLoadState('networkidle');
  
  const result = await ai.evaluate(JSON.stringify({
    prompt: 'Return a short summary: users/groups/apps updated or count. As JSON. No secrets or tokens.'
  }));
  
  return {
    section: criteria.section,
    result: typeof result === 'string' ? JSON.parse(result) : result,
    completedAt: new Date().toISOString()
  };
};

Exporting Cost and Activity Data

Pull cost reports and activity logs for FinOps and audit:



const exportAzureData = async (page, ai, dataType) => {
  await ai.evaluate(JSON.stringify({
    prompt: dataType === 'cost'
      ? 'Navigate to Cost Management + Billing. Open Cost analysis. Set date range. Export or download usage/cost data.'
      : 'Navigate to Activity log or Monitor. Set scope and time range. Export activity log or download. Wait for download.'
  }));
  
  const download = await page.waitForEvent('download', { timeout: 25000 }).catch(() => null);
  return download ? await download.path() : null;
};

Best Practices for Azure Portal Automation

Security: Use accounts with least privilege; never log credentials; prefer managed identity where applicable
Provisioning: Prefer ARM/Bicep or Terraform for repeatable infra; use portal automation for one-off or when IaC is restricted
RBAC: Assign minimal roles; audit existing assignments before bulk changes; use automation for read/export first
AD/Identity: Avoid broad directory roles; sync only required attributes; respect Graph API limits when supplementing with portal
Rate and Limits: Add delays between portal actions to avoid throttling
Error Handling: Retry on session timeout; handle MFA and conditional access gracefully
Compliance: Ensure automation aligns with your cloud governance and change policies

Handling Authentication

Azure Portal uses Microsoft/work account sign-in and often MFA or conditional access:



const handleAzurePortalAuth = async (page, ai, credentials) => {
  await page.goto("https://portal.azure.com");
  
  await ai.evaluate(JSON.stringify({
    prompt: `Sign in with Microsoft account: ${credentials.email}. Enter password. Use work or school account as appropriate.`
  }));
  
  await ai.evaluate(JSON.stringify({
    prompt: 'If MFA or conditional access challenge appears, complete it. Wait for portal home or dashboard to load.'
  }));
  
  await page.waitForLoadState('networkidle');
};

Resources

Anchor Browser Documentation - API reference and guides
Anchor Browser Playground - Try browser automation in your browser

Conclusion

Browser automation provides a flexible alternative to API and Azure CLI for Azure Portal workflows. By using intelligent browser agents, you can automate provisioning, RBAC tasks, and Azure AD/identity sync directly from the portal UI. Whether you need to provision resource groups and resources, assign and audit role assignments, or manage users and groups in Azure AD, browser automation enables efficient cloud operations when API access is limited or when teams work in the portal.

Start automating your Azure Portal provisioning, RBAC, and AD/identity sync today.

Idan Raman

Co-founder and CEO at Anchor Browser

Idan Raman is the co-founder and CEO of Anchor Browser, a platform for intelligent browser automation. He specializes in web automation, data extraction, and building tools that help developers automate complex workflows.

About LinkedIn