Announcing public preview of Bicep templates support for Microsoft Graph
We're thrilled to announce that Bicep templates for Microsoft Graph resources will be in public preview starting May 21st. Bicep templates bring declarative infrastructure-as-code (IaC) capabilities to Microsoft Graph resources. This new capability will initially be available for core Microsoft Entra ID resources.
Bicep templates for Microsoft Graph resources allow you to define the tenant infrastructure you want to deploy, such as groups or applications, in a file, then use the file throughout the development lifecycle to repeatedly deploy your infrastructure. The file uses the Bicep language, a domain-specific language (DSL), that uses declarative syntax to deploy resources typically used in DevOps and infrastructure-as-code solutions.
What problems does this solve?
Azure Resource Manager or Bicep templates allow you to declare Microsoft Azure resources in files and deploy those resources into your infrastructure. Configuring and managing your Azure services and infrastructure often includes managing Microsoft Entra ID resources, like applications and groups. Until now, you had to orchestrate your deployments between two mechanisms using ARM or Bicep template files for Azure resources and Microsoft Graph PowerShell for Microsoft Entra ID resources.
Now, with the Microsoft Graph Bicep release, you can declare the Microsoft Entra ID resources in the same Bicep files as your Azure resources, making configurations easier to define, and deployments more reliable and repeatable.
Let's look at how this works and then we'll run through an example.
The Microsoft Graph Bicep extension
To provide support for Bicep templates for Microsoft Graph resources, we have released the new Microsoft Graph Bicep extension that allows you to author, deploy, and manage supported Microsoft Graph resources (initially Microsoft Entra ID resources) in Bicep template files either on their own, or alongside Azure resources.
Authoring experience
You get the same first-class authoring experience of the Bicep Extension for VS Code when you use it to create your Microsoft Graph resource types in Bicep files. The editor provides rich type-safety, IntelliSense, and syntax validation.
Editing a Bicep file containing Microsoft Graph resources
You can also create Bicep files in Visual Studio with the Bicep extension for Visual Studio.
Deploying Bicep files
Once you have authored your Bicep file, you can deploy it using familiar tools such as Azure PowerShell and Azure CLI. When the deployment request is made to the Azure Resource Manager the deployments engine orchestrates the deployment of interdependent resources so they're created in the correct order, including the Microsoft Graph resources.
The following image shows a Bicep template file where the Microsoft Graph group creation is dependent on the managed identity resource, as it is being added as a group member. The deployments engine first sends the managed identity request to the Resource Manager, which routes it to the Microsoft.ManagedIdentity resource provider. Next, the deployments engine sees that Microsoft.Graph/groups is an extensible resource, so it knows to route this resource request to the Microsoft Graph Bicep extension. The Microsoft Graph Bicep extension then translates the groups resource request into a request to Microsoft Graph.
Deploying a Bicep file containing Microsoft Graph resources
Scenario: Using managed identities with security groups and app roles
Managed identities can be assigned to security groups and Microsoft Entra ID app roles as an authorization strategy. Using security groups can simplify management by reducing the number of role assignments.
Using a Microsoft Entra ID group to assigned roles to managed identities
However, this configuration isn't possible using a Bicep or Resource Manager template. With Microsoft Graph Bicep extension, this limitation is removed. Rather than assigning and managing multiple Microsoft Azure role assignments, role assignments can be managed via a security group through a single Bicep file.
Bicep file declaring an Microsoft Entra ID group with a managed identity member
In the example above, a security group can be created and referenced, whose members can be managed identities. With Bicep templates for Microsoft Graph resources, declaring Microsoft Graph and Microsoft Azure resources together in the same Bicep files, enables new and simplifies existing deployment scenarios, bringing reliable and repeatable deployments.
Learn more
Published on:
Learn moreRelated posts
Make Your Test Data Less Boring with M365Mutator
Testing Microsoft 365 scenarios often involves test data. If the data is stale or always the same, it might not generate good results or help ...
Microsoft 365 & Power Platform Community Call – July 9th, 2026 – Screenshot Summary
Call Highlights SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...
SharePoint Copilot Apps Now in Public Preview: From Intent to Action in Microsoft 365 Copilot
SharePoint Copilot Apps are now in public preview, introducing a new way to bring guided, action-oriented business experiences into Microsoft ...
How to Create Custom Folder Structures in Dynamics 365 SharePoint Integration
Every department that touches Dynamics 365 CRM wants its documents organized differently, and no single folder structure has ever made everyon...
Notebooks in the M365 Copilot App
Microsoft 365 Copilot app will introduce Notebooks in early August 2026, enabling users with a Copilot license to organize chats, content, and...
Microsoft 365 Copilot Notebooks: Support for TXT and RTF files as notebook references
Microsoft 365 Copilot Notebooks will support TXT and RTF files as reference sources starting early July 2026, enabling users to include more t...
Microsoft Viva: GitHub Copilot spend and usage insights in Copilot Analytics
Microsoft Viva Insights will introduce GitHub Copilot spend and usage insights for eligible managers, Insights Analysts, and Global Administra...
Viva Glint: Copilot-enhanced topic assignment for employee feedback comments
Microsoft Viva Glint will introduce Copilot-enhanced topic assignment for employee feedback, adding five new topics to improve insights. Contr...
Microsoft Teams: New layout for sharing content in Teams events
Microsoft Teams is introducing a new Speaker focused layout for Teams events, prioritizing presenter video alongside shared content to enhance...
Microsoft Viva Insights: Is Active filter no longer applied by default in new Advanced Insights queries
Starting August 2026, Microsoft Viva Insights Advanced Insights will no longer apply the Is Active filter by default in new Custom Query – Per...