terraform

Terraform AzureAD Provider Now Supports Microsoft Graph

Version 1.5.0 of the Terraform AzureAD provider lets you manage your Azure Active Directory resources using the Microsoft Graph API.

Microsoft Graph is a unified API for accessing Azure Active Directory and the Microsoft 365 productivity suite. In addition to the new Microsoft 365 functionality, it replaces the Azure Active Directory Graph API, which is scheduled to be deactivated in June 2022. Ahead of this timeline, we are pleased to announce support for Microsoft Graph in the Terraform AzureAD provider, offering immediate benefits to practitioners.

  • Microsoft Graph produces faster response times than Azure Active Directory Graph and completes asynchronous actions more quickly.
  • It returns more up to date information from Azure Active Directory, reducing the likelihood of consistency-related errors during a Terraform apply operation.

To assist practitioners in transitioning to Microsoft Graph, we are launching initial beta support in version 1.5.0 of the AzureAD provider. Although the two APIs are considerably different, we have worked hard to maintain compatibility and most Terraform configurations should continue to work unchanged.

»How To Get Started

We encourage you to try out this support for Microsoft Graph, although we do not recommend usage in production until after the beta period. In order to use Microsoft Graph in the Terraform AzureAD provider, you will need:

  • Terraform v0.12 or greater installed
  • Version 1.5.0 or later of the Terraform AzureAD provider

You can enable this support with a feature flag in your provider configuration block.

provider "azuread" {
  use_microsoft_graph = true
}
provider "azuread" {  use_microsoft_graph = true}

Alternatively, you can set the following environment variable to any non-empty value.

# sh
export AAD_USE_MICROSOFT_GRAPH=1

# PowerShell
$env:AAD_USE_MICROSOFT_GRAPH = "1"
# shexport AAD_USE_MICROSOFT_GRAPH=1 # PowerShell$env:AAD_USE_MICROSOFT_GRAPH = "1"

»Upgrading the Terraform AzureAD Provider to v1.5.0

Upgrading the Terraform AzureAD provider to version 1.5.0 from version 1.0.0 or later should maintain compatibility with most Terraform configurations. However, due to the nature of the upcoming transition to Microsoft Graph in version 2.0, a number of deprecations have been published that will appear when you run terraform plan. Although it’s not necessary to make these changes immediately, we encourage practitioners to review these warnings and plan to update their configurations to prepare for version 2.0.

For more context and guidance on these deprecations and other upcoming changes related to the switch to Microsoft Graph, practitioners can review the AzureAD v2.0 and Microsoft Graph upgrade guide on the Terraform Registry.

»Future Developments

This support is the first big step in our roadmap for transitioning entirely to Microsoft Graph and enabling new features and functionality that were previously unattainable. The next major release of the provider, 2.0, will use Microsoft Graph exclusively and we are looking forward to implementing some of its new features:

  • Many of the latest features of Azure Active Directory, including newly available properties of Application Registrations and Service Principals, enabling better integration with the Microsoft Identity Platform.

  • A much wider range of Azure Active Directory features, such as Directory Role Assignments, App Role Assignments, Administrative Units, and even premium features such as Conditional Access and Entitlement Management.

»Feedback

We would love to hear your feedback in trying out support for Microsoft Graph. If you experience any issues, please report them on the Terraform AzureAD provider issue tracker. For more detailed information on upgrading to v1.5, and eventually v2.0, of the Terraform AzureAD provider, please review the upgrade guide.

Sign up for the latest HashiCorp news