Loading...

Announcing public preview of Bicep templates support for Microsoft Graph

Announcing public preview of Bicep templates support for Microsoft Graph

We're thrilled to announce that Bicep templates for Microsoft Graph resources will be in public preview starting May 21st. Bicep templates bring declarative infrastructure-as-code (IaC) capabilities to Microsoft Graph resources. This new capability will initially be available for core Microsoft Entra ID resources.

 

Bicep templates for Microsoft Graph resources allow you to define the tenant infrastructure you want to deploy, such as groups or applications, in a file, then use the file throughout the development lifecycle to repeatedly deploy your infrastructure. The file uses the Bicep language, a domain-specific language (DSL), that uses declarative syntax to deploy resources typically used in DevOps and infrastructure-as-code solutions.

 

What problems does this solve?

Azure Resource Manager or Bicep templates allow you to declare Microsoft Azure resources in files and deploy those resources into your infrastructure. Configuring and managing your Azure services and infrastructure often includes managing Microsoft Entra ID resources, like applications and groups. Until now, you had to orchestrate your deployments between two mechanisms using ARM or Bicep template files for Azure resources and Microsoft Graph PowerShell for Microsoft Entra ID resources.

 

Now, with the Microsoft Graph Bicep release, you can declare the Microsoft Entra ID resources in the same Bicep files as your Azure resources, making configurations easier to define, and deployments more reliable and repeatable.

 

Let's look at how this works and then we'll run through an example.

 

The Microsoft Graph Bicep extension

To provide support for Bicep templates for Microsoft Graph resources, we have released the new Microsoft Graph Bicep extension that allows you to author, deploy, and manage supported Microsoft Graph resources (initially Microsoft Entra ID resources) in Bicep template files either on their own, or alongside Azure resources.

 

Authoring experience

You get the same first-class authoring experience of the Bicep Extension for VS Code when you use it to create your Microsoft Graph resource types in Bicep files. The editor provides rich type-safety, IntelliSense, and syntax validation.

Editing a Bicep file containing Microsoft Graph resourcesEditing a Bicep file containing Microsoft Graph resources

You can also create Bicep files in Visual Studio with the Bicep extension for Visual Studio.

 

Deploying Bicep files

Once you have authored your Bicep file, you can deploy it using familiar tools such as Azure PowerShell and Azure CLI. When the deployment request is made to the Azure Resource Manager the deployments engine orchestrates the deployment of interdependent resources so they're created in the correct order, including the Microsoft Graph resources.

 

The following image shows a Bicep template file where the Microsoft Graph group creation is dependent on the managed identity resource, as it is being added as a group member. The deployments engine first sends the managed identity request to the Resource Manager, which routes it to the Microsoft.ManagedIdentity resource provider. Next, the deployments engine sees that Microsoft.Graph/groups is an extensible resource, so it knows to route this resource request to the Microsoft Graph Bicep extension. The Microsoft Graph Bicep extension then translates the groups resource request into a request to Microsoft Graph.

Deploying a Bicep file containing Microsoft Graph resourcesDeploying a Bicep file containing Microsoft Graph resources

 

Scenario: Using managed identities with security groups and app roles

Managed identities can be assigned to security groups and Microsoft Entra ID app roles as an authorization strategy. Using security groups can simplify management by reducing the number of role assignments.

 

Using a Microsoft Entra ID group to assigned roles to managed identitiesUsing a Microsoft Entra ID group to assigned roles to managed identities

However, this configuration isn't possible using a Bicep or Resource Manager template. With Microsoft Graph Bicep extension, this limitation is removed. Rather than assigning and managing multiple Microsoft Azure role assignments, role assignments can be managed via a security group through a single Bicep file.

Bicep file declaring an Microsoft Entra ID group with a managed identity memberBicep file declaring an Microsoft Entra ID group with a managed identity member
In the example above, a security group can be created and referenced, whose members can be managed identities. With Bicep templates for Microsoft Graph resources, declaring Microsoft Graph and Microsoft Azure resources together in the same Bicep files, enables new and simplifies existing deployment scenarios, bringing reliable and repeatable deployments.

 

Learn more

Published on:

Learn more
Azure Governance and Management Blog articles
Azure Governance and Management Blog articles

Azure Governance and Management Blog articles

Share post:

Related posts

Make Your Test Data Less Boring with M365Mutator

Testing Microsoft 365 scenarios often involves test data. If the data is stale or always the same, it might not generate good results or help ...

1 day ago

Microsoft 365 & Power Platform Community Call – July 9th, 2026 – Screenshot Summary

Call Highlights   SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...

1 day ago

SharePoint Copilot Apps Now in Public Preview: From Intent to Action in Microsoft 365 Copilot

SharePoint Copilot Apps are now in public preview, introducing a new way to bring guided, action-oriented business experiences into Microsoft ...

1 day ago

How to Create Custom Folder Structures in Dynamics 365 SharePoint Integration

Every department that touches Dynamics 365 CRM wants its documents organized differently, and no single folder structure has ever made everyon...

1 day ago

Notebooks in the M365 Copilot App

Microsoft 365 Copilot app will introduce Notebooks in early August 2026, enabling users with a Copilot license to organize chats, content, and...

2 days ago

Microsoft 365 Copilot Notebooks: Support for TXT and RTF files as notebook references

Microsoft 365 Copilot Notebooks will support TXT and RTF files as reference sources starting early July 2026, enabling users to include more t...

2 days ago

Microsoft Viva: GitHub Copilot spend and usage insights in Copilot Analytics

Microsoft Viva Insights will introduce GitHub Copilot spend and usage insights for eligible managers, Insights Analysts, and Global Administra...

2 days ago

Viva Glint: Copilot-enhanced topic assignment for employee feedback comments

Microsoft Viva Glint will introduce Copilot-enhanced topic assignment for employee feedback, adding five new topics to improve insights. Contr...

2 days ago

Microsoft Teams: New layout for sharing content in Teams events

Microsoft Teams is introducing a new Speaker focused layout for Teams events, prioritizing presenter video alongside shared content to enhance...

2 days ago

Microsoft Viva Insights: Is Active filter no longer applied by default in new Advanced Insights queries

Starting August 2026, Microsoft Viva Insights Advanced Insights will no longer apply the Is Active filter by default in new Custom Query – Per...

2 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy