Intro
In most organisations, creating Entra objects is usually a manual process. However, the BICEP team has made a significant advancement by extending its capabilities beyond simply deploying infrastructure resources.
Now, with BICEP, you can effortlessly create Entra objects such as Groups, App Registrations, and more—all through code. This enhancement represents a powerful evolution in how organisations manage their Entra resources, introducing greater automation and efficiency to the process.
By the end of reading this blog post I will have demonstrated to you how to achieve the following:
- Generate BICEP Configuration File to allow access to experimental feature
- Configure BICEP template to access required APIs to contact Entra
- Deploy a BICEP file to create an Entra Group
Now in this blog I am going to assume that you are somewhat familiar with IAC and have already used BICEP in one form or another to deploy Infrastructure resources.
Set Up
Before you can interact with the relevant APIs to start deploying into Entra, you need to configure the BICEP configuration file. (Feel free to use mine from my repository, which I’ll share at the end.) To generate this file, simply follow these steps:
- Ensure you have the BICEP VS code Extension
- Run “CTRL SHIFT P”, and type “BICEP: Create BICEP Configuration File
- Select the root directory of where you are working and generate the JSON config file
- Add the “experimentalFeaturesEnabled” block so your JSON file looks like the below
With the configuration now in place, you can begin working with your BICEP files to interact with the Graph APIs (Graph is the name given to the APIs needed to interface with Entra).
IAC (The fun stuff!!)
Ok, so now create your BICEP template as you normally would, however add the following line to the top of your template…
extension microsoftGraph
Now declare your resource as you normally would, something like the below….
In this example, I am creating an Entra Security Group. However, when you reference the API, you’ll notice that there is a series of Graph APIs to contact, depending on the specific objects you want to deploy.
You can extend the properties of this deployment to even add users as owners and members to the group…
When it comes to executing the BICEP template, this is done by simply carrying our a normal az deployment group create command like shown in the below image, which is again accessible in my repository linked below.
Wrap Up
To wrap up, I’ve demonstrated how to configure your IaC development environment to get started with deploying objects to Entra.
In the coming weeks, I’ll be releasing more blogs to show how you can further configure Entra using BICEP as your Infrastructure as Code language.
As always I hope you found this useful, and if you have any questions please do not hesitate to reach out to me.