{"id":6421,"library":"pulumi-azuread","title":"Pulumi Azure Active Directory (Azure AD)","description":"Pulumi AzureAD is a Python package for defining, deploying, and managing Azure Active Directory (now Microsoft Entra ID) cloud resources using Pulumi's Infrastructure as Code approach. It is currently at version 6.9.0 and follows Pulumi's rapid release cadence, often receiving weekly or bi-weekly updates to incorporate new features and bug fixes from the upstream Terraform provider.","status":"active","version":"6.9.0","language":"en","source_language":"en","source_url":"https://github.com/pulumi/pulumi-azuread","tags":["pulumi","azure","azure-ad","entra-id","iac","cloud-provisioning","identity-management"],"install":[{"cmd":"pip install pulumi-azuread","lang":"bash","label":"Install with pip"}],"dependencies":[{"reason":"Core Pulumi SDK for infrastructure provisioning.","package":"pulumi"},{"reason":"Requires Python 3.9 or newer.","package":"python","optional":true}],"imports":[{"symbol":"azuread","correct":"import pulumi_azuread as azuread"},{"symbol":"Group","correct":"from pulumi_azuread import Group"}],"quickstart":{"code":"import pulumi\nimport pulumi_azuread as azuread\nimport os\n\n# Ensure Azure credentials are set via environment variables or `az login`\n# Example: ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID, ARM_SUBSCRIPTION_ID\n# Pulumi typically picks these up automatically or via `pulumi config set`.\n# For local testing, ensure `az login` has been run or environment variables are configured.\n# For CI/CD, consider OIDC or Service Principal authentication.\n\n# Create an Azure AD Group\nmy_group = azuread.Group(\n    \"my-python-group\",\n    display_name=\"MyPythonManagedGroup\",\n    mail_enabled=False,\n    security_enabled=True\n)\n\n# Export the ID of the created group\npulumi.export(\"groupId\", my_group.id)","lang":"python","description":"This quickstart program creates a new Azure Active Directory (Entra ID) security group. Before running, ensure you have configured your Azure credentials, typically by running `az login` or setting environment variables like `ARM_CLIENT_ID`, `ARM_CLIENT_SECRET`, and `ARM_TENANT_ID`."},"warnings":[{"fix":"Consult the Pulumi AzureAD migration guide for detailed steps. Be prepared to update resource property names, types, or provide missing required properties. Preview your changes (`pulumi preview`) carefully to identify potential replacements or diffs.","message":"Upgrading from Pulumi AzureAD v5.x to v6.x may introduce breaking changes. These often stem from updates to the underlying Terraform AzureAD provider, leading to schema changes, removed deprecated properties, and potential changes in resource behavior (e.g., case-sensitive enum values). Review the official migration guide for the specific version range you are upgrading to/from.","severity":"breaking","affected_versions":"5.x to 6.x"},{"fix":"Ensure you are logged in via `az login` or that the necessary `ARM_` environment variables are correctly set. For CI/CD environments, consider using OpenID Connect (OIDC) or a Service Principal with appropriate permissions.","message":"Authentication errors are common if Azure credentials are not correctly configured. The provider relies on the Azure CLI login (`az login`) or specific environment variables (e.g., `ARM_CLIENT_ID`, `ARM_TENANT_ID`, `ARM_CLIENT_SECRET`, `ARM_SUBSCRIPTION_ID`) for authentication. If you encounter errors like 'failed to load Azure credentials' or 'Error obtaining Authorization Token', it's usually an authentication issue.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Instead of `end_date_relative`, use the `end_date` property and calculate its value using a function like Terraform's `timeadd()` (or Python's `datetime` equivalent) to specify an absolute expiry date.","message":"The `end_date_relative` property on the `azuread.ServicePrincipalCertificate` resource is deprecated. It will be removed in a future version.","severity":"deprecated","affected_versions":"6.x and earlier"},{"fix":"Use `pulumi-azuread` for identity-related resources within Entra ID. Use `pulumi-azure-native` for all other Azure infrastructure resources. For new projects, `pulumi-azure-native` is generally recommended for ARM resources over the deprecated `pulumi-azure` (Classic) provider.","message":"Pulumi has two main Azure providers: `pulumi-azuread` and `pulumi-azure-native` (or `pulumi-azure` for the older Classic provider). `pulumi-azuread` is specifically for managing Azure Active Directory (Entra ID) resources like Users, Groups, Applications, and Service Principals. `pulumi-azure-native` is for general Azure ARM resources (e.g., Virtual Machines, Storage Accounts, Resource Groups). Confusing the two can lead to 'resource not found' or 'property not supported' errors.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z"}