An interactive visual explorer for Azure Automation Accounts — runbooks, assets, job history, and dependencies — powered by your own Azure credentials.
Azure Automation MindMap connects to your Azure tenant using your own credentials (MSAL / Azure Entra ID) and renders your Automation Account as a live interactive graph — no service principal, no stored secrets.
It helps Systems Engineers and Automation Architects answer questions like:
- Which runbooks use this credential / variable / connection?
- Which runbooks have failed recently or have hidden errors?
- Are there hardcoded secrets or deprecated RunAs accounts in my scripts?
- What external systems does this runbook call — VMs, storage, databases, email?
Wordpress article with images and step by step Azure Automation Mindmap
| Feature | Description |
|---|---|
| 🗺 Runbooks View | Dependency tree — each runbook and all its linked assets |
| 📦 Objects View | Asset-centric — see which runbooks consume each variable/credential/connection |
| 📋 Table View | Sortable list with expandable detail cards |
| 📜 Job History | Latest 10 jobs per runbook, load-more, pre-loaded error/warning status |
| 🔴 Security Scanner | Detects hardcoded secrets, deprecated RunAs accounts |
| 📡 Dependency Parsing | HTTP requests, VM usage, child runbook calls, storage, SQL, email |
| 🔒 100% Read-only | Every API call is a GET — nothing is ever written or deleted |
| 🔑 MSAL Auth | Sign in with your existing Azure account — no service principal needed |
# 1. Clone the repository
git clone https://github.com/farismalaeb/AutomationMindMap.git
cd AutomationMindMap
# 2. Install dependencies
npm install
# 3. Configure environment
cp .env.example .env.local
# Edit .env.local — add your Azure App Registration Client ID and Tenant ID
# 4. Start the dev server
npm run dev
# → Open http://localhost:3000Full setup guide: docs/SETUP.md
| Tool | Version |
|---|---|
| Node.js | 20 LTS or later |
| npm | 9+ |
| Requirement | Details |
|---|---|
| Azure Subscription | Signed-in user must have Reader role |
| Azure Automation Account | Signed-in user must have Reader role |
| Azure Entra ID App Registration | Single-page application (SPA) with user_impersonation permission on Azure Service Management |
Step-by-step guide: docs/APP_REGISTRATION.md
Create .env.local from the template:
cp .env.example .env.local# Required — from your Azure Entra ID App Registration
NEXT_PUBLIC_AZURE_CLIENT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
NEXT_PUBLIC_AZURE_TENANT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# Optional — defaults to window.location.origin if omitted
# NEXT_PUBLIC_REDIRECT_URI=http://localhost:3000
⚠️ NEXT_PUBLIC_*variables are baked into the build at compile time. Rebuild after any change.
| Document | Description |
|---|---|
| docs/SETUP.md | Local development setup, project structure, troubleshooting |
| docs/APP_REGISTRATION.md | Create App Registration, configure API permissions and RBAC |
| docs/AZURE_WEB_APP_SETUP.md | Create and configure an Azure Web App via the Portal |
| docs/DEPLOYMENT.md | Build, package, and deploy to Azure App Service |
├── src/
│ ├── app/ # Next.js App Router
│ ├── components/
│ │ ├── auth/ # MSAL login/logout
│ │ └── mindmap/ # All UI components
│ │ ├── MindMapDashboard # Main layout + view switching
│ │ ├── MindMap # React Flow canvas
│ │ ├── NodeDetailPanel # Right-panel detail view
│ │ ├── TableView # Table view
│ │ ├── JobHistoryChart # Job history charts
│ │ └── ScheduleHealth # Schedule health cards
│ ├── config/
│ │ └── authConfig.ts # MSAL configuration
│ ├── services/
│ │ └── azureService.ts # Azure ARM REST API (read-only)
│ └── utils/
│ ├── mindmapTransform.ts # Data → React Flow nodes/edges
│ └── scriptParser.ts # PowerShell dependency parser
├── public/ # Static assets
├── test-runbooks/ # Sample PowerShell runbooks for testing
├── docs/ # Documentation
├── .env.example # Environment template
└── README.md
| Layer | Technology |
|---|---|
| Framework | Next.js 16 (App Router, standalone output) |
| Language | TypeScript |
| Auth | MSAL.js (@azure/msal-browser, @azure/msal-react) |
| Graph / Canvas | React Flow + Dagre layout |
| Styling | Tailwind CSS |
| Icons | Lucide React |
- Zero write operations — all API calls are HTTP GET
- No stored credentials — MSAL handles token lifecycle in the browser
- No backend — static Next.js SPA; Azure ARM is called directly from the browser using the user's delegated token
- Secret scanning — detects hardcoded passwords/tokens in runbook scripts and flags them in the UI
Pull requests are welcome. For major changes, please open an issue first.
MIT — free to use, modify, and distribute.
