Setting Azure AD Microsoft Graph Email API/Permission in Terraform
I am provisioning some Azure infrastructure using Terraform. Included in the setup requirement is some configuration of an Azure AD registered app and this requires the following Microsoft Graph permissions to be granted (see image below):
- GroupMember.Read.All
- email (OpenId)
Within my Terraform configuration, I have the below code snippet included in my resource "azuread_application" block, within the required_resource_access sub-block. For the resource_access ids, I have used the values provided on this Microsoft page - https://learn.microsoft.com/en-us/graph/permissions-reference.
My Terraform configuration is currently able to successfully add the GroupMember.Read.All permission, but somehow it fails to add the required Email permission as depicted in the screenshot below, displaying the GUID reference instead of the actual name "email".
What I'd also like to be able to do in my Terraform configuration is the ability to Grant admin consent for both API/Permissions (depicted in the rightmost column).
Any tips on how I can achieve all of the above?
For permission type, Scope corresponds to the Delegated permission type, where Role is the Application type.
The email OpenID scope is a Delegated permission type, so you need to change the permission type from Role to Scope.
resource_access {
id = "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0"
type = "Scope"
}
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Terraform and Azure: Problems with association between NetworkSecurityGroups and Subnets
- connecting Azure DevOps organisation with Azure creates resource groups in Azure
- How to find a driveItem ID given only a document URL?
- Is it possible to scale Azure app services programmatically
- How Does Setting AZCOPY_JOB_PLAN_LOCATION and AZCOPY_LOG_LOCATION Improve Disk Usage?
- AADB2C90068: The provided application with ID is not valid against this service. Please use an application created via the B2C portal and try again
- Limit users allowed with Entra and Accounts in any organizational account and personal Microsoft accounts
- Can't create support request in Asure, despite correct subscription
- Deploy Container App from Bitbucket to Azure
- How to upload large files to Onedrive using python
- How to query Azure DevOps Work Items using client_id and client_secret