Terraform AzureAD provider Version 2.0 exclusively uses the Microsoft Graph API and has numerous schema and behavioral changes to align with the new API.
The HashiCorp Terraform Azure providers team is excited to announce the general availability of version 2.0 of the Terraform AzureAD provider. This release completes the transition to the Microsoft Graph API, which replaces the legacy Azure Active Directory Graph API. This transition includes numerous changes to existing resources to enhance the user experience and improve Azure Active Directory object management.
Please consult the upgrade guide before upgrading, as this release contains several breaking changes. You may need to update your configuration since several deprecated resources and attributes were removed in this version.
Version 2.0 of the Terraform AzureAD provider supports Terraform version 0.12 and above.
While existing authentication methods continue to be supported, because the provider uses a different API, you will likely need to revisit the API permissions granted to your authentication principals .
We have included comprehensive instructions in our upgrade guide. In addition, the documentation page for each resource now includes a dedicated section detailing the API roles required for that particular resource. One important change is that we no longer recommend using directory roles when authenticating using a service principal; Microsoft Graph features more comprehensive, fine-grained API roles that provide more control and better auditability.
A notable change in this version of the AzureAD provider is that you must set several properties in your configuration; these properties were previously managed by the provider. This includes the id
field for application roles and OAuth 2.0 permission scopes. Requiring these fields enables Terraform to more reliably manage these aspects of your configuration, and unlocks workflows where these UUID values are well-known or pre-existing.
Our upgrade guide explains this change in more detail, with examples demonstrating how you can use the Terraform random provider to emulate the earlier behavior.
While new features have been purposely minimized for this major version, the provider introduces a new resource and data source:
We recommend reading our upgrade guide to find out more about the changes in this version of the Terraform AzureAD provider before upgrading your configuration.
Version 2.0 of the Terraform AzureAD provider is available now on the Terraform Registry. You can use this version in your Terraform configuration like this:
terraform { required_providers { azuread = { source = "hashicorp/azuread" version = "~> 2.0.0" } }}
We also recommend upgrading to Terraform 1.0 even though the Terraform AzureAD provider will work with Terraform 0.12 or newer. Visit the Terraform 1.0 upgrade guide for more details.
After you have upgraded all your configurations to version 2.0 of the Terraform AzureAD provider, don’t forget to audit your existing API permissions or directory roles and remove any that are no longer needed.
In addition, we have created a HashiCorp Learn tutorial to guide you through using Terraform and the Azure AD 2.0 provider. In the process, you will learn about Terraform's configuration language, the Terraform Azure AD provider, and how to leverage both to simplify and automate your workflows.
ServiceNow Service Catalog for Terraform now lets users provision infrastructure powered by no-code modules published in their organization’s private registry.
No-code provisioning module version upgrades are now GA in HCP Terraform, providing validated self-service infrastructure to reduce toil and lower cloud spend.
Do cloud right with The Infrastructure Cloud from HashiCorp. Unlock developer potential while controlling cloud costs and risk.