Announcing public preview of Bicep templates support for Microsoft Graph
We're thrilled to announce that Bicep templates for Microsoft Graph resources will be in public preview starting May 21st. Bicep templates bring declarative infrastructure-as-code (IaC) capabilities to Microsoft Graph resources. This new capability will initially be available for core Microsoft Entra ID resources.
Bicep templates for Microsoft Graph resources allow you to define the tenant infrastructure you want to deploy, such as groups or applications, in a file, then use the file throughout the development lifecycle to repeatedly deploy your infrastructure. The file uses the Bicep language, a domain-specific language (DSL), that uses declarative syntax to deploy resources typically used in DevOps and infrastructure-as-code solutions.
What problems does this solve?
Azure Resource Manager or Bicep templates allow you to declare Microsoft Azure resources in files and deploy those resources into your infrastructure. Configuring and managing your Azure services and infrastructure often includes managing Microsoft Entra ID resources, like applications and groups. Until now, you had to orchestrate your deployments between two mechanisms using ARM or Bicep template files for Azure resources and Microsoft Graph PowerShell for Microsoft Entra ID resources.
Now, with the Microsoft Graph Bicep release, you can declare the Microsoft Entra ID resources in the same Bicep files as your Azure resources, making configurations easier to define, and deployments more reliable and repeatable.
Let's look at how this works and then we'll run through an example.
The Microsoft Graph Bicep extension
To provide support for Bicep templates for Microsoft Graph resources, we have released the new Microsoft Graph Bicep extension that allows you to author, deploy, and manage supported Microsoft Graph resources (initially Microsoft Entra ID resources) in Bicep template files either on their own, or alongside Azure resources.
Authoring experience
You get the same first-class authoring experience of the Bicep Extension for VS Code when you use it to create your Microsoft Graph resource types in Bicep files. The editor provides rich type-safety, IntelliSense, and syntax validation.
Editing a Bicep file containing Microsoft Graph resources
You can also create Bicep files in Visual Studio with the Bicep extension for Visual Studio.
Deploying Bicep files
Once you have authored your Bicep file, you can deploy it using familiar tools such as Azure PowerShell and Azure CLI. When the deployment request is made to the Azure Resource Manager the deployments engine orchestrates the deployment of interdependent resources so they're created in the correct order, including the Microsoft Graph resources.
The following image shows a Bicep template file where the Microsoft Graph group creation is dependent on the managed identity resource, as it is being added as a group member. The deployments engine first sends the managed identity request to the Resource Manager, which routes it to the Microsoft.ManagedIdentity resource provider. Next, the deployments engine sees that Microsoft.Graph/groups is an extensible resource, so it knows to route this resource request to the Microsoft Graph Bicep extension. The Microsoft Graph Bicep extension then translates the groups resource request into a request to Microsoft Graph.
Deploying a Bicep file containing Microsoft Graph resources
Scenario: Using managed identities with security groups and app roles
Managed identities can be assigned to security groups and Microsoft Entra ID app roles as an authorization strategy. Using security groups can simplify management by reducing the number of role assignments.
Using a Microsoft Entra ID group to assigned roles to managed identities
However, this configuration isn't possible using a Bicep or Resource Manager template. With Microsoft Graph Bicep extension, this limitation is removed. Rather than assigning and managing multiple Microsoft Azure role assignments, role assignments can be managed via a security group through a single Bicep file.
Bicep file declaring an Microsoft Entra ID group with a managed identity member
In the example above, a security group can be created and referenced, whose members can be managed identities. With Bicep templates for Microsoft Graph resources, declaring Microsoft Graph and Microsoft Azure resources together in the same Bicep files, enables new and simplifies existing deployment scenarios, bringing reliable and repeatable deployments.
Learn more
Published on:
Learn moreRelated posts
Microsoft 365 & Power Platform Call (Microsoft Speakers) – July 7th, 2026 – Screenshot Summary
Call Highlights SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...
Change to taskbar pinning behavior for M365 Copilot and companion apps
Starting mid-July 2026, Microsoft 365 admin center taskbar pinning will only manage the Microsoft 365 Copilot app, excluding companion apps (F...
(Updated) InfoPath 2013 client and InfoPath Forms Services in SharePoint Online will reach end of support in July 2026
InfoPath 2013 client and InfoPath Forms Services in SharePoint Online will be retired by July 14, 2026. After May 18, 2026, publishing new or ...
Microsoft Copilot (Microsoft 365): Microsoft 365 admin center – Usage reports – Copilot Chat for GCC, GCC High and DoD
We will be introducing a new Usage report covering Copilot Chat. This report will include total active users, Copilot Chat usage with a breako...
Copilot Cowork and Dynamics 365 Customer Engagement: What It Means for Sales and Service Teams
Microsoft’s Copilot Cowork update matters because it moves AI closer to daily sales and service work inside Dynamics 365. Sellers, service man...
First look at the SharePoint API usage report
A quick look at the recently introduced SharePoint API usage report. While the report seems to complement the already available Graph API usag...
Copilot Studio: Build Agents With SharePoint List Knowledge
You can use Copilot Studio to build an agent that is grounded in SharePoint knowledge. ... The post Copilot Studio: Build Agents With SharePoi...
Viva Engage: New Recent feed in Home
Microsoft Viva Engage will add a new Recent feed in Home, showing chronological content from followed communities, people, and priority commun...
Discussion post previews coming to Viva Engage
Viva Engage will introduce discussion post previews by late August 2026, allowing users to review formatting and presentation before publishin...