Loading...

Announcing public preview of Bicep templates support for Microsoft Graph

Announcing public preview of Bicep templates support for Microsoft Graph

We're thrilled to announce that Bicep templates for Microsoft Graph resources will be in public preview starting May 21st. Bicep templates bring declarative infrastructure-as-code (IaC) capabilities to Microsoft Graph resources. This new capability will initially be available for core Microsoft Entra ID resources.

 

Bicep templates for Microsoft Graph resources allow you to define the tenant infrastructure you want to deploy, such as groups or applications, in a file, then use the file throughout the development lifecycle to repeatedly deploy your infrastructure. The file uses the Bicep language, a domain-specific language (DSL), that uses declarative syntax to deploy resources typically used in DevOps and infrastructure-as-code solutions.

 

What problems does this solve?

Azure Resource Manager or Bicep templates allow you to declare Microsoft Azure resources in files and deploy those resources into your infrastructure. Configuring and managing your Azure services and infrastructure often includes managing Microsoft Entra ID resources, like applications and groups. Until now, you had to orchestrate your deployments between two mechanisms using ARM or Bicep template files for Azure resources and Microsoft Graph PowerShell for Microsoft Entra ID resources.

 

Now, with the Microsoft Graph Bicep release, you can declare the Microsoft Entra ID resources in the same Bicep files as your Azure resources, making configurations easier to define, and deployments more reliable and repeatable.

 

Let's look at how this works and then we'll run through an example.

 

The Microsoft Graph Bicep extension

To provide support for Bicep templates for Microsoft Graph resources, we have released the new Microsoft Graph Bicep extension that allows you to author, deploy, and manage supported Microsoft Graph resources (initially Microsoft Entra ID resources) in Bicep template files either on their own, or alongside Azure resources.

 

Authoring experience

You get the same first-class authoring experience of the Bicep Extension for VS Code when you use it to create your Microsoft Graph resource types in Bicep files. The editor provides rich type-safety, IntelliSense, and syntax validation.

Editing a Bicep file containing Microsoft Graph resourcesEditing a Bicep file containing Microsoft Graph resources

You can also create Bicep files in Visual Studio with the Bicep extension for Visual Studio.

 

Deploying Bicep files

Once you have authored your Bicep file, you can deploy it using familiar tools such as Azure PowerShell and Azure CLI. When the deployment request is made to the Azure Resource Manager the deployments engine orchestrates the deployment of interdependent resources so they're created in the correct order, including the Microsoft Graph resources.

 

The following image shows a Bicep template file where the Microsoft Graph group creation is dependent on the managed identity resource, as it is being added as a group member. The deployments engine first sends the managed identity request to the Resource Manager, which routes it to the Microsoft.ManagedIdentity resource provider. Next, the deployments engine sees that Microsoft.Graph/groups is an extensible resource, so it knows to route this resource request to the Microsoft Graph Bicep extension. The Microsoft Graph Bicep extension then translates the groups resource request into a request to Microsoft Graph.

Deploying a Bicep file containing Microsoft Graph resourcesDeploying a Bicep file containing Microsoft Graph resources

 

Scenario: Using managed identities with security groups and app roles

Managed identities can be assigned to security groups and Microsoft Entra ID app roles as an authorization strategy. Using security groups can simplify management by reducing the number of role assignments.

 

Using a Microsoft Entra ID group to assigned roles to managed identitiesUsing a Microsoft Entra ID group to assigned roles to managed identities

However, this configuration isn't possible using a Bicep or Resource Manager template. With Microsoft Graph Bicep extension, this limitation is removed. Rather than assigning and managing multiple Microsoft Azure role assignments, role assignments can be managed via a security group through a single Bicep file.

Bicep file declaring an Microsoft Entra ID group with a managed identity memberBicep file declaring an Microsoft Entra ID group with a managed identity member
In the example above, a security group can be created and referenced, whose members can be managed identities. With Bicep templates for Microsoft Graph resources, declaring Microsoft Graph and Microsoft Azure resources together in the same Bicep files, enables new and simplifies existing deployment scenarios, bringing reliable and repeatable deployments.

 

Learn more

Published on:

Learn more
Azure Governance and Management Blog articles
Azure Governance and Management Blog articles

Azure Governance and Management Blog articles

Share post:

Related posts

The ShareGate Webinar Recap: 11 Tips for Deploying Copilot in M365

Unlock the full potential of Copilot with expert tips and practical strategies for a smooth deployment within your Microsoft 365 environment!...

7 hours ago

Copilot for Microsoft 365 – Support Tips, Part 2

The Microsoft 365 Commercial Support Team resolves customer support cases and provides support to help you be successful and realize the full ...

8 hours ago

Microsoft 365 & Power Platform Call (Microsoft Speakers) – June 18th, 2024 – Screenshot Summary

Call Highlights   SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...

9 hours ago

Copilot for Microsoft 365 – Support Tips, Part 2

The Microsoft 365 Commercial Support Team resolves customer support cases and provides support to help you be successful and realize the full ...

15 hours ago

Microsoft Viva: Viva Insights Hybrid Workplace Report

Microsoft's Viva Insights Hybrid Workplace Report is a new tool that helps leaders gain insights into the experiences of employees who work re...

17 hours ago

Microsoft Copilot (Microsoft 365): Copilot in Excel – Custom chart and PivotTable creation

If you're looking to create custom charts and PivotTables in Microsoft Excel, Copilot has got your back. The latest version of the popular too...

17 hours ago

Microsoft Copilot (Microsoft 365): Copilot in Excel – Summarize text columns

Microsoft Copilot, a powerful tool for the Microsoft 365 suite, has revolutionized column analysis in Excel with a new feature that lets you s...

17 hours ago

Microsoft Viva: Viva Insights home

Microsoft is rolling out updates to its Viva Insights platform in late June 2024 that will introduce many design improvements and new leader r...

17 hours ago

Microsoft Teams: Turn notifications on or off for a post in a channel

Microsoft Teams is introducing a new feature that allows users to manage notifications for individual posts in a channel. Rollouts for this fe...

17 hours ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy