Regarding "Microsoft Graph App and Scope permissions." blog post

[jan-swiecki]

Regarding your post Microsoft Graph App and Scope permissions.

Just an FYI you can get these permissions with terraform using azuread_service_principal data source:

data "azuread_service_principal" "msgraph" {
  client_id = data.azuread_application_published_app_ids.well_known.result.MicrosoftGraph
}

resource "azuread_application" "example" {
    # (...)

    resource_access {
      # https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-permissions-differences
      # https://matthewdavis111.com/msgraph/azure-ad-permission-details/
      id   = data.azuread_service_principal.msgraph.app_role_ids["User.Read.All"]

      # https://stackoverflow.com/a/72141092
      # "Role" is really an "Application" in the UI / API Permissions.
      type = "Role"
    }

    # (...)
}

[MatthewJDavis]

Hi @jan-swiecki,
Thanks for the issue. I've not used AzureAD (Entra) for a while now. Can see this functionality was released about a month after I had wrote the post: https://www.hashicorp.com/blog/announcing-terraform-azuread-provider-2-0. I'll get an update in there soon with the new info.
Appreciate the time you took to let me know 👍

[MatthewJDavis]

Thanks again, I have updated the article to reference the azuread_service_principal resource. 👍