Bicep templates can be used to create Microsoft Entra ID resources

Bicep is Microsoft's Infrastructure as Code (IaC) solution. I've used it to create, maintain and update Azure resources, and it works well. Just recently, Microsoft made generally available (GA) the support for creating Entra ID (aka Azure Active Directory or AAD) resources with it.

You can easily author Bicep templates using Visual Studio or Visual Studio Code, provided that you have the Bicep extension installed. Once you have these, you can for example create application registrations, service principals and access in a structured way.

For example:

resource clientApp 'Microsoft.Graph/applications@v1.0' = {
  uniqueName: clientAppName
  displayName: clientAppDisplayName
  signInAudience: 'AzureADMyOrg'
  web: {
    redirectUris: ['${webAppEndpoint}/.auth/login/aad/callback']
    implicitGrantSettings: {enableIdTokenIssuance: true}
  }
  requiredResourceAccess: [
    {
     resourceAppId: '00000003-0000-0000-c000-000000000000'
     resourceAccess: [
       // User.Read
       {id: 'e1fe6dd8-ba31-4d61-89e7-88639da4683d', type: 'Scope'}
       // offline_access
       {id: '7427e0e9-2fba-42fe-b0c0-848c9e6a8182', type: 'Scope'}
       // openid
       {id: '37f7f235-527c-4136-accd-4a02d197296e', type: 'Scope'}
       // profile
       {id: '14dad69e-099b-42c9-810b-d002981feec1', type: 'Scope'}
     ]
    }
  ]
}

resource clientSp 'Microsoft.Graph/servicePrincipals@beta' = {
  appId: clientApp.appId
}

Having Bicep supporting Entra ID resources and configurations as well makes the picture more complete: in addition to creating the resources (like web apps or SQL databases), you can also control who has access and how.

Sounds good to me!