In this Azure Bicep and Entra ID, we will show you how to create an Entra ID App Registration using Azure Bicep.
Entra ID (formerly Azure Active Directory) is Microsoft’s Azure and Microsoft 355 authentication and authorization service, handling all login events to both services.
App Registrations in Entra ID are service accounts used inside applications that utilize the Azure SDK to programmatically access and create Azure Services, including Microsoft Graph Security API.
Creating and managing App Registrations can be overwhelming in a multi-tenant environment where hundreds of accounts are needed for each customer.
For that reason, Azure Bicep has created the Microsoft Graph extension, which allows us to create App Registrations using Bicep.
Streamlining Entra ID App Registrations with Azure Bicep
The extension is still in preview mode, so you must meet the prerequisites before trying to create an app registration.
prerequisites
First, we need to ensure that the bicep version we are using is 0.29 or above. To check which Bicep version is installed on your machine, run the following command.
bicep --version
The output should look like this.
Bicep CLI version 0.29.47 (132ade51bc)
If you don’t have the right version, update Bicep using the following command (Windows only).
winget install -e --id Microsoft.Bicep
Create a Bicep Config file
Since we are using a preview feature, we need to create a bicepconfig.json file with the following code in the same directory of our Bicep main file.
{
"experimentalFeaturesEnabled": {
"extensibility": true
}
}
Create an App Registration
Finally, we can create an App Registration using the following configuration. Change the display and unique name of your app and start the deployment.
extension microsoftGraph
resource application 'Microsoft.Graph/applications@v1.0' = {
displayName: 'Extention Attributes App'
uniqueName: 'ExtentionAttributesapp'
}
Run the following Azure PowerShell cmdlet to create the App Registration in Entra ID.
New-AzResourceGroupDeployment -ResourceGroupName "bicep-lab" -TemplateFile .\main.bicep
About Azure Bicep
Azure Bicep is a specific domain language (DSL) used for infrastructure-as-code (iac) deployments in Azure only. Unlike other tools like Terraform, Bicep offers access to the latest Azure API from day one. By default (the only option), Bicep saves the deployment’s state files in Azure and does not use a local copy. To learn more about Bicep, visit this link.
Trackbacks/Pingbacks