Replies: 5 comments 3 replies
-
Does the following help? |
Beta Was this translation helpful? Give feedback.
-
@ngruson @matthewfitzmaurice Support has been added for Microsoft Graph resources - initially for core Microsoft Entra ID resources in Bicep Please refer to this update for docs, blogpost etc. (Azure/bicep#7724 (comment)) |
Beta Was this translation helpful? Give feedback.
-
I've been able to the graph extension working interactively from the command-line with Is anyone else seeing this? Or do you have graph resources working through azd ? |
Beta Was this translation helpful? Give feedback.
-
Can you share more context for your use case? I would like to understand better what you are trying to build. It is a little confusing to me why would you like to create one Identity with access to create and manage other identities. Most Tenants would flag an App Registration which has an elevated role, like the System Admin. Usually, if you need an identity to interact with your Azure resources within a Subscription, it is recommended to use a User Managed Identity, as that identity supports OIDC and it is scoped to subscription level. You want to use App Registration when you want/need access to EntraId (Tenant level access), for example, to read User's data. |
Beta Was this translation helpful? Give feedback.
-
@ngruson Seems to be an issue with azd not understanding dynamic types for Graph. Reverting |
Beta Was this translation helpful? Give feedback.
-
I was looking into adding the creation of Entra app registrations to my azd config.
This could be done using a deployment script with a user-assigned identity.
But then the question becomes: how do I assign Graph permissions to the identity so that it is allowed to create an app registration?
https://reginbald.medium.com/creating-app-registration-with-arm-bicep-b1d48a287abb
This article describes how to make a Graph REST call to add a role assignment for the role Application Administrator.
How should I do this with azd?
I could create a separate user-assigned identity myself that is not tied to any azd environment and add the proper Graph permissions.
But that wouldn't be as clean as I would want it to be since that would be a resource that is not described in my azd files.
Beta Was this translation helpful? Give feedback.
All reactions