v2.5.0

ENHANCEMENTS:

• data.azuread_groups - support the mail_enabled and security_enabled properties (#603)
• data.azuread_user - support the cost_center, division and employee_type attributes (#597)
• azuread_user - support the cost_center, division and employee_type properties (#597)

BUG FIXES:

• azuread_application - support for "myapp://auth" as a public client redirect URI, to support B2C IEF applications (#607)
• azuread_application - ensure that prevent_duplicate_names does not fail incorrectly when display_name is not known at plan time (#596)
• azuread_group - ensure that prevent_duplicate_names does not fail incorrectly when display_name is not known at plan time (#596)
• azuread_service_principal - fix a bug that prevented features from being empty or having all disabled properties (#602)

v2.4.0

FEATURES:

• New Resource: azuread_app_role_assignment (#584)

ENHANCEMENTS:

• azuread_application_password - support the rotate_when_changed property (this was previously available as an undocumented property keepers) (#572)
• azuread_service_principal_password - support the rotate_when_changed property (this was previously available as an undocumented property keepers) (#572)

v2.3.0

2.3.0 (September 16, 2021)

FEATURES:

• New Resource: azuread_directory_role (#573)
• New Resource: azuread_directory_role_member (#573)

ENHANCEMENTS:

• data.azuread_service_principal - support the features block (#571)
• azuread_application - support the logo_image property (#574)
• azuread_application - allow URNs to be specified for web redirect URIs (#577)
• azuread_service_principal - support the features block (#571)

BUG FIXES:

• azuread_conditional_access_policy - resolve a number of bugs related to updating an existing conditional access policy (#569)

v2.2.1

BUG FIXES:

• Provider: fix a bug in handling retried requests that could cause errors when attempting to read a resource that no longer exists (#564)

v2.2.0

FEATURES:

• New Data Source: azuread_application_template (#554)
• New Data Source: azuread_service_principals (#555)
• New Resource: azuread_conditional_access_policy (#466)
• New Resource: azuread_named_location (#441)

ENHANCEMENTS:

• azuread_application - support for the template_id property for creating applications (and service principals) from a template (#554)
• azuread_service_principal - support the saml_single_sign_on block containing the relay_state property (#557)
• azuread_user - support the disable_password_expiration and disable_strong_password properties (#550)

BUG FIXES:

• Provider: fix a decoding bug when parsing claims from an access token (#560)
• Provider: attempt to detect when using Azure CLI authentication in Azure Cloud Shell and avoid specifying the tenant ID (#560)
• azuread_group - fix an API error caused by duplicate owners being mistakenly sent when creating new groups (#553)

v2.1.0

FEATURES:

• New Resource: azuread_invitation (#445)

BUG FIXES:

• data.azuread_client_config - populate the tenant_id and client_id attributes when authenticating via Azure CLI (#539)
• azuread_service_principal - fix a bug that prevented creation of service principals in some cases due to owners being applied incorrectly (#539)
• azuread_user - fix a validation bug for the password property (#543)

IMPROVEMENTS:

• data.azuread_groups - support the return_all property (#520)
• data.azuread_users - support the return_all property (#513)
• azuread_application - allow redirect_uris with a scheme of ms-appx-web (#540)

v2.0.1

BUG FIXES:

• azuread_application - fix a bug where unknown IDs or values for roles/scopes were incorrectly flagged as duplicates (#528)

v2.0.0

NOTES:

• Major Version: This is a major version upgrade which contains breaking changes. Please read the Upgrade Guide before upgrading, which details all the known breaking changes that practitioners should be aware of.
• Microsoft Graph: The upstream API for Azure Active Directory is now Microsoft Graph, and the deprecated Azure Active Directory Graph API is no longer supported.

FEATURES:

• Provider: Client Certificate authentication now supports specifying an inline certificate (#490)
• New Data Source: azuread_application_published_app_ids (#481)
• New Resource: application_pre_authorized (#472)

IMPROVEMENTS:

• data.azuread_application - the api block now supports the accept_mapped_claims, known_client_applications and requested_access_token_version attributes (#474)
• data.azuread_application - the implicit_grant block now supports the id_token_issuance_enabled attribute (#461)
• data.azuread_application - the optional_claims block now supports the saml2_token attribute (#461)
• data.azuread_application - export the disabled_by_microsoft attribute (#474)
• data.azuread_application - export the device_only_auth_enabled and oauth2_post_response_required attributes (#474)
• data.azuread_application - export the logo_url, marketing_url, privacy_statement_url and terms_of_service_url attributes (#474)
• data.azuread_application - export the publisher_domain attribute (#474)
• data.azuread_application - export the public_client block (#474)
• data.azuread_application - export the single_page_application block (#474)
• data.azuread_application - export the app_role_ids and oauth2_permission_scope_ids attributes (#474)
• data.azuread_domains - export the admin_managed, root and supported_services attributes for each domain (#461)
• data.azuread_domains - support the admin_managed, only_root and supports_services properties (#461)
• data.azuread_group - export the assignable_to_role, behaviors, mail_nickname, theme and visibility attributes (#476)
• data.azuread_group - export the mail, preferred_language and proxy_addresses attributes (#476)
• data.azuread_group - export the onpremises_domain_name, onpremises_netbios_name, onpremises_sam_account_name, onpremises_security_identifier and onpremises_sync_enabled attributes (#476)
• data.azuread_service_principal - export the account_enabled, login_url and preferred_single_sign_on_mode attributes (#481)
• data.azuread_service_principal - export the alternative_names, description, notes and notification_email_addresses attributes (#481)
• data.azuread_service_principal - export the app_role_ids and oauth2_permission_scope_ids attributes (#481)
• data.azuread_service_principal - export the application_tenant_id, display_name, service_principal_names, sign_in_audience and type attributes (#481)
• data.azuread_service_principal - export the homepage_url, logout_url, redirect_uris and saml_metadata_url attributes (#481)
• data.azuread_user - export the age_group and consent_provided_for_minor attributes (#476)
• data.azuread_user - export the business_phones, employee_id, fax_number and preferred_language attributes (#476)
• data.azuread_user - export the mail, other_mails and show_in_address_list attributes (#476)
• data.azuread_user - export the creation_type, external_user_state, im_addresses and proxy_addresses attributes (#476)
• data.azuread_user - export the onpremises_distinguished_name, onpremises_domain_name, onpremises_security_identifier and onpremises_sync_enabled attributes (#476)
• azuread_application - the api block now supports the accept_mapped_claims, known_client_applications and requested_access_token_version properties (#474)
• azuread_application - the implicit_grant block now supports the id_token_issuance_enabled property (#461)
• azuread_application - the optional_claims block now supports the saml2_token block (#461)
• azuread_application - the sign_in_audience property now supports the AzureADandPersonalMicrosoftAccount and PersonalMicrosoftAccount values (#461)
• azuread_application - export the disabled_by_microsoft attribute (#474)
• azuread_application - export the publisher_domain attribute (#474)
• azuread_application - support the device_only_auth_enabled and oauth2_post_response_required properties (#474)
• azuread_application - support the logo_url, marketing_url, privacy_statement_url and terms_of_service_url properties (#474)
• azuread_application - support for the public_client block (#474)
• azuread_application - support for the single_page_application block (#474)
• azuread_application - export the app_role_ids and oauth2_permission_scope_ids attributes (#474)
• azuread_application_password - support the keepers property (#481)
• azuread_group - support for creating mail-enabled groups (#461)
• azuread_group - support for creating Microsoft 365 groups (#461)
• azuread_group - support for updating groups without recreating them (#461)
• azuread_group - support the assignable_to_role, behaviors, mail_nickname, theme and visibility properties (#476)
• azuread_group - export the mail, preferred_language and proxy_addresses attributes (#476)
• azuread_group - export the onpremises_domain_name, onpremises_netbios_name, onpremises_sam_account_name, onpremises_security_identifier and onpremises_sync_enabled attributes (#476)
• azuread_service_principal - support the account_enabled, login_url and preferred_single_sign_on_mode properties (#481)
• azuread_service_principal - support the alternative_names, description, notes and notification_email_addresses properties (#481)
• azuread_service_principal - support the owners property ([#519](https://github.com/terraform-p...

v1.6.0

DEPRECATIONS:

• azuread_application_app_role - this resource is deprecated and will be removed in version 2.0 (#465)
• azuread_application_oauth2_permission - this resource is deprecated and will be removed in version 2.0 (#465)
• azuread_application_oauth2_permission_scope - this resource is deprecated and will be removed in version 2.0 (#465)

v1.5.1

BUG FIXES:

• Provider: Suppress a spurious deprecation notice for the metadata_host provider field (#439)
• azuread_application_password - fix a bug that prevented specifying the display_name, start_date, end_date or end_date_relative properties when using Microsoft Graph (#444)
• azuread_group - fix a bug that prevented creating a group with more than 20 owners or members (#454)
• azuread_service_principal_password - fix a bug that prevented specifying the display_name, start_date, end_date or end_date_relative properties when using Microsoft Graph (#444)