{"name":"azuread","displayName":"Azure Active Directory (Azure AD)","version":"6.9.0","description":"A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.","keywords":["pulumi","azuread"],"homepage":"https://pulumi.io","license":"Apache-2.0","attribution":"This Pulumi package is based on the [`azuread` Terraform Provider](https://github.com/hashicorp/terraform-provider-azuread).","repository":"https://github.com/pulumi/pulumi-azuread","meta":{"moduleFormat":"(.*)(?:/[^/]*)"},"language":{"csharp":{"packageReferences":{"Pulumi":"3.*"},"namespaces":{"azuread":"AzureAD"},"compatibility":"tfbridge20","respectSchemaVersion":true},"go":{"importBasePath":"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread","generateResourceContainerTypes":true,"generateExtraInputTypes":true,"respectSchemaVersion":true},"nodejs":{"packageDescription":"A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.","readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-azuread)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-azuread` repo](https://github.com/pulumi/pulumi-azuread/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-azuread` repo](https://github.com/hashicorp/terraform-provider-azuread/issues).","devDependencies":{"@types/mime":"^2.0.0","@types/node":"^10.0.0"},"compatibility":"tfbridge20","disableUnionOutputTypes":true,"respectSchemaVersion":true},"python":{"readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-azuread)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-azuread` repo](https://github.com/pulumi/pulumi-azuread/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-azuread` repo](https://github.com/hashicorp/terraform-provider-azuread/issues).","compatibility":"tfbridge20","respectSchemaVersion":true,"pyproject":{"enabled":true},"inputTypes":"classes-and-dicts"}},"config":{"variables":{"adoPipelineServiceConnectionId":{"type":"string","description":"The Azure DevOps Pipeline Service Connection ID."},"clientCertificate":{"type":"string","description":"Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate"},"clientCertificatePassword":{"type":"string","description":"The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate","secret":true},"clientCertificatePath":{"type":"string","description":"The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate"},"clientId":{"type":"string","description":"The Client ID which should be used for service principal authentication","secret":true},"clientIdFilePath":{"type":"string","description":"The path to a file containing the Client ID which should be used for service principal authentication"},"clientSecret":{"type":"string","description":"The application password to use when authenticating as a Service Principal using a Client Secret","secret":true},"clientSecretFilePath":{"type":"string","description":"The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret"},"disableTerraformPartnerId":{"type":"boolean","description":"Disable the Terraform Partner ID, which is used if a custom \u003cspan pulumi-lang-nodejs=\"`partnerId`\" pulumi-lang-dotnet=\"`PartnerId`\" pulumi-lang-go=\"`partnerId`\" pulumi-lang-python=\"`partner_id`\" pulumi-lang-yaml=\"`partnerId`\" pulumi-lang-java=\"`partnerId`\"\u003e`partnerId`\u003c/span\u003e isn't specified"},"environment":{"type":"string","description":"The cloud environment which should be used. Possible values are: \u003cspan pulumi-lang-nodejs=\"`global`\" pulumi-lang-dotnet=\"`Global`\" pulumi-lang-go=\"`global`\" pulumi-lang-python=\"`global`\" pulumi-lang-yaml=\"`global`\" pulumi-lang-java=\"`global`\"\u003e`global`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`public`\" pulumi-lang-dotnet=\"`Public`\" pulumi-lang-go=\"`public`\" pulumi-lang-python=\"`public`\" pulumi-lang-yaml=\"`public`\" pulumi-lang-java=\"`public`\"\u003e`public`\u003c/span\u003e), \u003cspan pulumi-lang-nodejs=\"`usgovernmentl4`\" pulumi-lang-dotnet=\"`Usgovernmentl4`\" pulumi-lang-go=\"`usgovernmentl4`\" pulumi-lang-python=\"`usgovernmentl4`\" pulumi-lang-yaml=\"`usgovernmentl4`\" pulumi-lang-java=\"`usgovernmentl4`\"\u003e`usgovernmentl4`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`usgovernment`\" pulumi-lang-dotnet=\"`Usgovernment`\" pulumi-lang-go=\"`usgovernment`\" pulumi-lang-python=\"`usgovernment`\" pulumi-lang-yaml=\"`usgovernment`\" pulumi-lang-java=\"`usgovernment`\"\u003e`usgovernment`\u003c/span\u003e), \u003cspan pulumi-lang-nodejs=\"`usgovernmentl5`\" pulumi-lang-dotnet=\"`Usgovernmentl5`\" pulumi-lang-go=\"`usgovernmentl5`\" pulumi-lang-python=\"`usgovernmentl5`\" pulumi-lang-yaml=\"`usgovernmentl5`\" pulumi-lang-java=\"`usgovernmentl5`\"\u003e`usgovernmentl5`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`dod`\" pulumi-lang-dotnet=\"`Dod`\" pulumi-lang-go=\"`dod`\" pulumi-lang-python=\"`dod`\" pulumi-lang-yaml=\"`dod`\" pulumi-lang-java=\"`dod`\"\u003e`dod`\u003c/span\u003e), and \u003cspan pulumi-lang-nodejs=\"`china`\" pulumi-lang-dotnet=\"`China`\" pulumi-lang-go=\"`china`\" pulumi-lang-python=\"`china`\" pulumi-lang-yaml=\"`china`\" pulumi-lang-java=\"`china`\"\u003e`china`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`global`\" pulumi-lang-dotnet=\"`Global`\" pulumi-lang-go=\"`global`\" pulumi-lang-python=\"`global`\" pulumi-lang-yaml=\"`global`\" pulumi-lang-java=\"`global`\"\u003e`global`\u003c/span\u003e. Not used and should not be specified when \u003cspan pulumi-lang-nodejs=\"`metadataHost`\" pulumi-lang-dotnet=\"`MetadataHost`\" pulumi-lang-go=\"`metadataHost`\" pulumi-lang-python=\"`metadata_host`\" pulumi-lang-yaml=\"`metadataHost`\" pulumi-lang-java=\"`metadataHost`\"\u003e`metadataHost`\u003c/span\u003e is specified.","default":"public","defaultInfo":{"environment":["ARM_ENVIRONMENT"]}},"metadataHost":{"type":"string","description":"The Hostname which should be used for the Azure Metadata Service."},"msiEndpoint":{"type":"string","description":"The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically","defaultInfo":{"environment":["ARM_MSI_ENDPOINT"]}},"oidcRequestToken":{"type":"string","description":"The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect."},"oidcRequestUrl":{"type":"string","description":"The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect."},"oidcToken":{"type":"string","description":"The ID token for use when authenticating as a Service Principal using OpenID Connect."},"oidcTokenFilePath":{"type":"string","description":"The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect."},"partnerId":{"type":"string","description":"A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution"},"tenantId":{"type":"string","description":"The Tenant ID which should be used. Works with all authentication methods except Managed Identity"},"useAksWorkloadIdentity":{"type":"boolean","description":"Allow Azure AKS Workload Identity to be used for Authentication."},"useCli":{"type":"boolean","description":"Allow Azure CLI to be used for Authentication"},"useMsi":{"type":"boolean","description":"Allow Managed Identity to be used for Authentication","default":false,"defaultInfo":{"environment":["ARM_USE_MSI"]}},"useOidc":{"type":"boolean","description":"Allow OpenID Connect to be used for authentication"}},"defaults":["environment"]},"types":{"azuread:index/AccessPackageAssignmentPolicyApprovalSettings:AccessPackageAssignmentPolicyApprovalSettings":{"properties":{"approvalRequired":{"type":"boolean","description":"Whether an approval is required.\n"},"approvalRequiredForExtension":{"type":"boolean","description":"Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.\n"},"approvalStages":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyApprovalSettingsApprovalStage:AccessPackageAssignmentPolicyApprovalSettingsApprovalStage"},"description":"An \u003cspan pulumi-lang-nodejs=\"`approvalStage`\" pulumi-lang-dotnet=\"`ApprovalStage`\" pulumi-lang-go=\"`approvalStage`\" pulumi-lang-python=\"`approval_stage`\" pulumi-lang-yaml=\"`approvalStage`\" pulumi-lang-java=\"`approvalStage`\"\u003e`approvalStage`\u003c/span\u003e block specifying the process to obtain an approval, as documented below.\n"},"requestorJustificationRequired":{"type":"boolean","description":"Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.\n"}},"type":"object"},"azuread:index/AccessPackageAssignmentPolicyApprovalSettingsApprovalStage:AccessPackageAssignmentPolicyApprovalSettingsApprovalStage":{"properties":{"alternativeApprovalEnabled":{"type":"boolean","description":"If no action taken, forward to alternate approvers?\n"},"alternativeApprovers":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover:AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover"},"description":"If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection\n"},"approvalTimeoutInDays":{"type":"integer","description":"Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected\n"},"approverJustificationRequired":{"type":"boolean","description":"Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor\n"},"enableAlternativeApprovalInDays":{"type":"integer","description":"Forward to alternate approver(s) after how many days?\n"},"primaryApprovers":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover:AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover"},"description":"The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection\n"}},"type":"object","required":["approvalTimeoutInDays"]},"azuread:index/AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover:AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover":{"properties":{"backup":{"type":"boolean","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver\n"},"objectId":{"type":"string","description":"The object ID of the subject\n"},"subjectType":{"type":"string","description":"Type of users\n"}},"type":"object","required":["subjectType"]},"azuread:index/AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover:AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover":{"properties":{"backup":{"type":"boolean","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver\n"},"objectId":{"type":"string","description":"The object ID of the subject\n"},"subjectType":{"type":"string","description":"Type of users\n"}},"type":"object","required":["subjectType"]},"azuread:index/AccessPackageAssignmentPolicyAssignmentReviewSettings:AccessPackageAssignmentPolicyAssignmentReviewSettings":{"properties":{"accessRecommendationEnabled":{"type":"boolean","description":"Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.\n"},"accessReviewTimeoutBehavior":{"type":"string","description":"Specifies the actions the system takes if reviewers don't respond in time. Valid values are `keepAccess`, `removeAccess`, or `acceptAccessRecommendation`.\n"},"approverJustificationRequired":{"type":"boolean","description":"Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.\n"},"durationInDays":{"type":"integer","description":"How many days each occurrence of the access review series will run.\n"},"enabled":{"type":"boolean","description":"Whether to enable assignment review.\n"},"reviewFrequency":{"type":"string","description":"This will determine how often the access review campaign runs, valid values are \u003cspan pulumi-lang-nodejs=\"`weekly`\" pulumi-lang-dotnet=\"`Weekly`\" pulumi-lang-go=\"`weekly`\" pulumi-lang-python=\"`weekly`\" pulumi-lang-yaml=\"`weekly`\" pulumi-lang-java=\"`weekly`\"\u003e`weekly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`monthly`\" pulumi-lang-dotnet=\"`Monthly`\" pulumi-lang-go=\"`monthly`\" pulumi-lang-python=\"`monthly`\" pulumi-lang-yaml=\"`monthly`\" pulumi-lang-java=\"`monthly`\"\u003e`monthly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`quarterly`\" pulumi-lang-dotnet=\"`Quarterly`\" pulumi-lang-go=\"`quarterly`\" pulumi-lang-python=\"`quarterly`\" pulumi-lang-yaml=\"`quarterly`\" pulumi-lang-java=\"`quarterly`\"\u003e`quarterly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`halfyearly`\" pulumi-lang-dotnet=\"`Halfyearly`\" pulumi-lang-go=\"`halfyearly`\" pulumi-lang-python=\"`halfyearly`\" pulumi-lang-yaml=\"`halfyearly`\" pulumi-lang-java=\"`halfyearly`\"\u003e`halfyearly`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`annual`\" pulumi-lang-dotnet=\"`Annual`\" pulumi-lang-go=\"`annual`\" pulumi-lang-python=\"`annual`\" pulumi-lang-yaml=\"`annual`\" pulumi-lang-java=\"`annual`\"\u003e`annual`\u003c/span\u003e.\n"},"reviewType":{"type":"string","description":"Self-review or specific reviewers. Valid values are `Manager`, `Reviewers`, or `Self`.\n"},"reviewers":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer:AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`reviewer`\" pulumi-lang-dotnet=\"`Reviewer`\" pulumi-lang-go=\"`reviewer`\" pulumi-lang-python=\"`reviewer`\" pulumi-lang-yaml=\"`reviewer`\" pulumi-lang-java=\"`reviewer`\"\u003e`reviewer`\u003c/span\u003e blocks to specify the users who will be reviewers (when \u003cspan pulumi-lang-nodejs=\"`reviewType`\" pulumi-lang-dotnet=\"`ReviewType`\" pulumi-lang-go=\"`reviewType`\" pulumi-lang-python=\"`review_type`\" pulumi-lang-yaml=\"`reviewType`\" pulumi-lang-java=\"`reviewType`\"\u003e`reviewType`\u003c/span\u003e is `Reviewers`), as documented below.\n"},"startingOn":{"type":"string","description":"This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date\n"}},"type":"object"},"azuread:index/AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer:AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer":{"properties":{"backup":{"type":"boolean","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver\n"},"objectId":{"type":"string","description":"The object ID of the subject\n"},"subjectType":{"type":"string","description":"Type of users\n"}},"type":"object","required":["subjectType"]},"azuread:index/AccessPackageAssignmentPolicyQuestion:AccessPackageAssignmentPolicyQuestion":{"properties":{"choices":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestionChoice:AccessPackageAssignmentPolicyQuestionChoice"},"description":"One or more blocks configuring a choice to the question, as documented below.\n"},"required":{"type":"boolean","description":"Whether this question is required.\n"},"sequence":{"type":"integer","description":"The sequence number of this question.\n"},"text":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestionText:AccessPackageAssignmentPolicyQuestionText","description":"A block describing the content of this question, as documented below.\n"}},"type":"object","required":["text"]},"azuread:index/AccessPackageAssignmentPolicyQuestionChoice:AccessPackageAssignmentPolicyQuestionChoice":{"properties":{"actualValue":{"type":"string","description":"The actual value of this choice\n"},"displayValue":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestionChoiceDisplayValue:AccessPackageAssignmentPolicyQuestionChoiceDisplayValue","description":"The display text of this choice\n"}},"type":"object","required":["actualValue","displayValue"]},"azuread:index/AccessPackageAssignmentPolicyQuestionChoiceDisplayValue:AccessPackageAssignmentPolicyQuestionChoiceDisplayValue":{"properties":{"defaultText":{"type":"string","description":"The default text of this question\n"},"localizedTexts":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText:AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText"},"description":"The localized text of this question\n"}},"type":"object","required":["defaultText"]},"azuread:index/AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText:AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText":{"properties":{"content":{"type":"string","description":"The localized content of this question\n"},"languageCode":{"type":"string","description":"The language code of this question content\n"}},"type":"object","required":["content","languageCode"]},"azuread:index/AccessPackageAssignmentPolicyQuestionText:AccessPackageAssignmentPolicyQuestionText":{"properties":{"defaultText":{"type":"string","description":"The default text of this question\n"},"localizedTexts":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestionTextLocalizedText:AccessPackageAssignmentPolicyQuestionTextLocalizedText"},"description":"The localized text of this question\n"}},"type":"object","required":["defaultText"]},"azuread:index/AccessPackageAssignmentPolicyQuestionTextLocalizedText:AccessPackageAssignmentPolicyQuestionTextLocalizedText":{"properties":{"content":{"type":"string","description":"The localized content of this question\n"},"languageCode":{"type":"string","description":"The language code of this question content\n"}},"type":"object","required":["content","languageCode"]},"azuread:index/AccessPackageAssignmentPolicyRequestorSettings:AccessPackageAssignmentPolicyRequestorSettings":{"properties":{"requestors":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyRequestorSettingsRequestor:AccessPackageAssignmentPolicyRequestorSettingsRequestor"},"description":"A block specifying the users who are allowed to request on this policy, as documented below.\n"},"requestsAccepted":{"type":"boolean","description":"Whether to accept requests using this policy. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, no new requests can be made using this policy.\n"},"scopeType":{"type":"string","description":"Specifies the scopes of the requestors. Valid values are `AllConfiguredConnectedOrganizationSubjects`, `AllExistingConnectedOrganizationSubjects`, `AllExistingDirectoryMemberUsers`, `AllExistingDirectorySubjects`, `AllExternalSubjects`, `NoSubjects`, `SpecificConnectedOrganizationSubjects`, or `SpecificDirectorySubjects`.\n"}},"type":"object"},"azuread:index/AccessPackageAssignmentPolicyRequestorSettingsRequestor:AccessPackageAssignmentPolicyRequestorSettingsRequestor":{"properties":{"backup":{"type":"boolean","description":"For a user in an approval stage, this property indicates whether the user is a backup fallback approver\n"},"objectId":{"type":"string","description":"The object ID of the subject\n"},"subjectType":{"type":"string","description":"Type of users\n"}},"type":"object","required":["subjectType"]},"azuread:index/ApplicationApi:ApplicationApi":{"properties":{"knownClientApplications":{"type":"array","items":{"type":"string"},"description":"A set of client IDs, used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.\n"},"mappedClaimsEnabled":{"type":"boolean","description":"Allows an application to use claims mapping without specifying a custom signing key. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"oauth2PermissionScopes":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationApiOauth2PermissionScope:ApplicationApiOauth2PermissionScope"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`oauth2PermissionScope`\" pulumi-lang-dotnet=\"`Oauth2PermissionScope`\" pulumi-lang-go=\"`oauth2PermissionScope`\" pulumi-lang-python=\"`oauth2_permission_scope`\" pulumi-lang-yaml=\"`oauth2PermissionScope`\" pulumi-lang-java=\"`oauth2PermissionScope`\"\u003e`oauth2PermissionScope`\u003c/span\u003e blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.\n"},"requestedAccessTokenVersion":{"type":"integer","description":"The access token version expected by this resource. Must be one of \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e, and must be \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e when \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e.\n"}},"type":"object"},"azuread:index/ApplicationApiOauth2PermissionScope:ApplicationApiOauth2PermissionScope":{"properties":{"adminConsentDescription":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.\n"},"adminConsentDisplayName":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.\n"},"enabled":{"type":"boolean","description":"Determines if the permission scope is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"id":{"type":"string","description":"The unique identifier of the delegated permission. Must be a valid UUID.\n\n\u003e **Tip: Generating a UUID for the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e field** To generate a value for the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e field in cases where the actual UUID is not important, you can use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource. See the application example in the provider repository.\n"},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Defaults to `User`. Possible values are `User` or `Admin`.\n"},"userConsentDescription":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.\n"},"userConsentDisplayName":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth 2.0 access tokens.\n\n\u003e **Default \u003cspan pulumi-lang-nodejs=\"`userImpersonation`\" pulumi-lang-dotnet=\"`UserImpersonation`\" pulumi-lang-go=\"`userImpersonation`\" pulumi-lang-python=\"`user_impersonation`\" pulumi-lang-yaml=\"`userImpersonation`\" pulumi-lang-java=\"`userImpersonation`\"\u003e`userImpersonation`\u003c/span\u003e Scope** Unlike the Azure Portal, applications created with the Terraform AzureAD provider do not get assigned a default \u003cspan pulumi-lang-nodejs=\"`userImpersonation`\" pulumi-lang-dotnet=\"`UserImpersonation`\" pulumi-lang-go=\"`userImpersonation`\" pulumi-lang-python=\"`user_impersonation`\" pulumi-lang-yaml=\"`userImpersonation`\" pulumi-lang-java=\"`userImpersonation`\"\u003e`userImpersonation`\u003c/span\u003e scope. You will need to include a block for the \u003cspan pulumi-lang-nodejs=\"`userImpersonation`\" pulumi-lang-dotnet=\"`UserImpersonation`\" pulumi-lang-go=\"`userImpersonation`\" pulumi-lang-python=\"`user_impersonation`\" pulumi-lang-yaml=\"`userImpersonation`\" pulumi-lang-java=\"`userImpersonation`\"\u003e`userImpersonation`\u003c/span\u003e scope if you need it for your application.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles (\u003cspan pulumi-lang-nodejs=\"`appRole`\" pulumi-lang-dotnet=\"`AppRole`\" pulumi-lang-go=\"`appRole`\" pulumi-lang-python=\"`app_role`\" pulumi-lang-yaml=\"`appRole`\" pulumi-lang-java=\"`appRole`\"\u003e`appRole`\u003c/span\u003e) and permission scopes (\u003cspan pulumi-lang-nodejs=\"`oauth2PermissionScope`\" pulumi-lang-dotnet=\"`Oauth2PermissionScope`\" pulumi-lang-go=\"`oauth2PermissionScope`\" pulumi-lang-python=\"`oauth2_permission_scope`\" pulumi-lang-yaml=\"`oauth2PermissionScope`\" pulumi-lang-java=\"`oauth2PermissionScope`\"\u003e`oauth2PermissionScope`\u003c/span\u003e) exported by an application share the same namespace and cannot contain duplicate \u003cspan pulumi-lang-nodejs=\"`value`\" pulumi-lang-dotnet=\"`Value`\" pulumi-lang-go=\"`value`\" pulumi-lang-python=\"`value`\" pulumi-lang-yaml=\"`value`\" pulumi-lang-java=\"`value`\"\u003e`value`\u003c/span\u003es. Terraform will attempt to detect this during a plan or apply operation.\n"}},"type":"object","required":["id"]},"azuread:index/ApplicationAppRole:ApplicationAppRole":{"properties":{"allowedMemberTypes":{"type":"array","items":{"type":"string"},"description":"Specifies whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications (that are accessing this application in a standalone scenario) by setting to `Application`, or to both.\n"},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.\n"},"displayName":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences.\n"},"enabled":{"type":"boolean","description":"Determines if the app role is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"id":{"type":"string","description":"The unique identifier of the app role. Must be a valid UUID.\n\n\u003e **Tip: Generating a UUID for the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e field** To generate a value for the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e field in cases where the actual UUID is not important, you can use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource. See the application example in the provider repository.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`roles`\" pulumi-lang-dotnet=\"`Roles`\" pulumi-lang-go=\"`roles`\" pulumi-lang-python=\"`roles`\" pulumi-lang-yaml=\"`roles`\" pulumi-lang-java=\"`roles`\"\u003e`roles`\u003c/span\u003e claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles (\u003cspan pulumi-lang-nodejs=\"`appRole`\" pulumi-lang-dotnet=\"`AppRole`\" pulumi-lang-go=\"`appRole`\" pulumi-lang-python=\"`app_role`\" pulumi-lang-yaml=\"`appRole`\" pulumi-lang-java=\"`appRole`\"\u003e`appRole`\u003c/span\u003e) and permission scopes (\u003cspan pulumi-lang-nodejs=\"`oauth2PermissionScope`\" pulumi-lang-dotnet=\"`Oauth2PermissionScope`\" pulumi-lang-go=\"`oauth2PermissionScope`\" pulumi-lang-python=\"`oauth2_permission_scope`\" pulumi-lang-yaml=\"`oauth2PermissionScope`\" pulumi-lang-java=\"`oauth2PermissionScope`\"\u003e`oauth2PermissionScope`\u003c/span\u003e) exported by an application share the same namespace and cannot contain duplicate \u003cspan pulumi-lang-nodejs=\"`value`\" pulumi-lang-dotnet=\"`Value`\" pulumi-lang-go=\"`value`\" pulumi-lang-python=\"`value`\" pulumi-lang-yaml=\"`value`\" pulumi-lang-java=\"`value`\"\u003e`value`\u003c/span\u003es. Terraform will attempt to detect this during a plan or apply operation.\n"}},"type":"object","required":["allowedMemberTypes","description","displayName","id"]},"azuread:index/ApplicationFeatureTag:ApplicationFeatureTag":{"properties":{"customSingleSignOn":{"type":"boolean","description":"Whether this application represents a custom SAML application for linked service principals. Enabling this will assign the `WindowsAzureActiveDirectoryCustomSingleSignOnApplication` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enterprise":{"type":"boolean","description":"Whether this application represents an Enterprise Application for linked service principals. Enabling this will assign the `WindowsAzureActiveDirectoryIntegratedApp` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"gallery":{"type":"boolean","description":"Whether this application represents a gallery application for linked service principals. Enabling this will assign the `WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"hide":{"type":"boolean","description":"Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the `HideApp` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object"},"azuread:index/ApplicationOptionalClaims:ApplicationOptionalClaims":{"properties":{"accessTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsAccessToken:ApplicationOptionalClaimsAccessToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e blocks as documented below.\n"},"idTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsIdToken:ApplicationOptionalClaimsIdToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e blocks as documented below.\n"},"saml2Tokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsSaml2Token:ApplicationOptionalClaimsSaml2Token"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e blocks as documented below.\n"}},"type":"object"},"azuread:index/ApplicationOptionalClaimsAccessToken:ApplicationOptionalClaimsAccessToken":{"properties":{"additionalProperties":{"type":"array","items":{"type":"string"},"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: \u003cspan pulumi-lang-nodejs=\"`cloudDisplayname`\" pulumi-lang-dotnet=\"`CloudDisplayname`\" pulumi-lang-go=\"`cloudDisplayname`\" pulumi-lang-python=\"`cloud_displayname`\" pulumi-lang-yaml=\"`cloudDisplayname`\" pulumi-lang-java=\"`cloudDisplayname`\"\u003e`cloudDisplayname`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dnsDomainAndSamAccountName`\" pulumi-lang-dotnet=\"`DnsDomainAndSamAccountName`\" pulumi-lang-go=\"`dnsDomainAndSamAccountName`\" pulumi-lang-python=\"`dns_domain_and_sam_account_name`\" pulumi-lang-yaml=\"`dnsDomainAndSamAccountName`\" pulumi-lang-java=\"`dnsDomainAndSamAccountName`\"\u003e`dnsDomainAndSamAccountName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emitAsRoles`\" pulumi-lang-dotnet=\"`EmitAsRoles`\" pulumi-lang-go=\"`emitAsRoles`\" pulumi-lang-python=\"`emit_as_roles`\" pulumi-lang-yaml=\"`emitAsRoles`\" pulumi-lang-java=\"`emitAsRoles`\"\u003e`emitAsRoles`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-dotnet=\"`IncludeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-go=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-python=\"`include_externally_authenticated_upn_without_hash`\" pulumi-lang-yaml=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-java=\"`includeExternallyAuthenticatedUpnWithoutHash`\"\u003e`includeExternallyAuthenticatedUpnWithoutHash`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-dotnet=\"`IncludeExternallyAuthenticatedUpn`\" pulumi-lang-go=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-python=\"`include_externally_authenticated_upn`\" pulumi-lang-yaml=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-java=\"`includeExternallyAuthenticatedUpn`\"\u003e`includeExternallyAuthenticatedUpn`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`maxSizeLimit`\" pulumi-lang-dotnet=\"`MaxSizeLimit`\" pulumi-lang-go=\"`maxSizeLimit`\" pulumi-lang-python=\"`max_size_limit`\" pulumi-lang-yaml=\"`maxSizeLimit`\" pulumi-lang-java=\"`maxSizeLimit`\"\u003e`maxSizeLimit`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-dotnet=\"`NetbiosDomainAndSamAccountName`\" pulumi-lang-go=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-python=\"`netbios_domain_and_sam_account_name`\" pulumi-lang-yaml=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-java=\"`netbiosDomainAndSamAccountName`\"\u003e`netbiosDomainAndSamAccountName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`onPremiseSecurityIdentifier`\" pulumi-lang-dotnet=\"`OnPremiseSecurityIdentifier`\" pulumi-lang-go=\"`onPremiseSecurityIdentifier`\" pulumi-lang-python=\"`on_premise_security_identifier`\" pulumi-lang-yaml=\"`onPremiseSecurityIdentifier`\" pulumi-lang-java=\"`onPremiseSecurityIdentifier`\"\u003e`onPremiseSecurityIdentifier`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`samAccountName`\" pulumi-lang-dotnet=\"`SamAccountName`\" pulumi-lang-go=\"`samAccountName`\" pulumi-lang-python=\"`sam_account_name`\" pulumi-lang-yaml=\"`samAccountName`\" pulumi-lang-java=\"`samAccountName`\"\u003e`samAccountName`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`useGuid`\" pulumi-lang-dotnet=\"`UseGuid`\" pulumi-lang-go=\"`useGuid`\" pulumi-lang-python=\"`use_guid`\" pulumi-lang-yaml=\"`useGuid`\" pulumi-lang-java=\"`useGuid`\"\u003e`useGuid`\u003c/span\u003e.\n"},"essential":{"type":"boolean","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience.\n"},"name":{"type":"string","description":"The name of the optional claim.\n"},"source":{"type":"string","description":"The source of the claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is absent, the claim is a predefined optional claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e, the value of \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is the extension property from the user object.\n"}},"type":"object","required":["name"]},"azuread:index/ApplicationOptionalClaimsIdToken:ApplicationOptionalClaimsIdToken":{"properties":{"additionalProperties":{"type":"array","items":{"type":"string"},"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: \u003cspan pulumi-lang-nodejs=\"`cloudDisplayname`\" pulumi-lang-dotnet=\"`CloudDisplayname`\" pulumi-lang-go=\"`cloudDisplayname`\" pulumi-lang-python=\"`cloud_displayname`\" pulumi-lang-yaml=\"`cloudDisplayname`\" pulumi-lang-java=\"`cloudDisplayname`\"\u003e`cloudDisplayname`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dnsDomainAndSamAccountName`\" pulumi-lang-dotnet=\"`DnsDomainAndSamAccountName`\" pulumi-lang-go=\"`dnsDomainAndSamAccountName`\" pulumi-lang-python=\"`dns_domain_and_sam_account_name`\" pulumi-lang-yaml=\"`dnsDomainAndSamAccountName`\" pulumi-lang-java=\"`dnsDomainAndSamAccountName`\"\u003e`dnsDomainAndSamAccountName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emitAsRoles`\" pulumi-lang-dotnet=\"`EmitAsRoles`\" pulumi-lang-go=\"`emitAsRoles`\" pulumi-lang-python=\"`emit_as_roles`\" pulumi-lang-yaml=\"`emitAsRoles`\" pulumi-lang-java=\"`emitAsRoles`\"\u003e`emitAsRoles`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-dotnet=\"`IncludeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-go=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-python=\"`include_externally_authenticated_upn_without_hash`\" pulumi-lang-yaml=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-java=\"`includeExternallyAuthenticatedUpnWithoutHash`\"\u003e`includeExternallyAuthenticatedUpnWithoutHash`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-dotnet=\"`IncludeExternallyAuthenticatedUpn`\" pulumi-lang-go=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-python=\"`include_externally_authenticated_upn`\" pulumi-lang-yaml=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-java=\"`includeExternallyAuthenticatedUpn`\"\u003e`includeExternallyAuthenticatedUpn`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`maxSizeLimit`\" pulumi-lang-dotnet=\"`MaxSizeLimit`\" pulumi-lang-go=\"`maxSizeLimit`\" pulumi-lang-python=\"`max_size_limit`\" pulumi-lang-yaml=\"`maxSizeLimit`\" pulumi-lang-java=\"`maxSizeLimit`\"\u003e`maxSizeLimit`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-dotnet=\"`NetbiosDomainAndSamAccountName`\" pulumi-lang-go=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-python=\"`netbios_domain_and_sam_account_name`\" pulumi-lang-yaml=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-java=\"`netbiosDomainAndSamAccountName`\"\u003e`netbiosDomainAndSamAccountName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`onPremiseSecurityIdentifier`\" pulumi-lang-dotnet=\"`OnPremiseSecurityIdentifier`\" pulumi-lang-go=\"`onPremiseSecurityIdentifier`\" pulumi-lang-python=\"`on_premise_security_identifier`\" pulumi-lang-yaml=\"`onPremiseSecurityIdentifier`\" pulumi-lang-java=\"`onPremiseSecurityIdentifier`\"\u003e`onPremiseSecurityIdentifier`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`samAccountName`\" pulumi-lang-dotnet=\"`SamAccountName`\" pulumi-lang-go=\"`samAccountName`\" pulumi-lang-python=\"`sam_account_name`\" pulumi-lang-yaml=\"`samAccountName`\" pulumi-lang-java=\"`samAccountName`\"\u003e`samAccountName`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`useGuid`\" pulumi-lang-dotnet=\"`UseGuid`\" pulumi-lang-go=\"`useGuid`\" pulumi-lang-python=\"`use_guid`\" pulumi-lang-yaml=\"`useGuid`\" pulumi-lang-java=\"`useGuid`\"\u003e`useGuid`\u003c/span\u003e.\n"},"essential":{"type":"boolean","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience.\n"},"name":{"type":"string","description":"The name of the optional claim.\n"},"source":{"type":"string","description":"The source of the claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is absent, the claim is a predefined optional claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e, the value of \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is the extension property from the user object.\n"}},"type":"object","required":["name"]},"azuread:index/ApplicationOptionalClaimsSaml2Token:ApplicationOptionalClaimsSaml2Token":{"properties":{"additionalProperties":{"type":"array","items":{"type":"string"},"description":"List of additional properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim. Possible values are: \u003cspan pulumi-lang-nodejs=\"`cloudDisplayname`\" pulumi-lang-dotnet=\"`CloudDisplayname`\" pulumi-lang-go=\"`cloudDisplayname`\" pulumi-lang-python=\"`cloud_displayname`\" pulumi-lang-yaml=\"`cloudDisplayname`\" pulumi-lang-java=\"`cloudDisplayname`\"\u003e`cloudDisplayname`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dnsDomainAndSamAccountName`\" pulumi-lang-dotnet=\"`DnsDomainAndSamAccountName`\" pulumi-lang-go=\"`dnsDomainAndSamAccountName`\" pulumi-lang-python=\"`dns_domain_and_sam_account_name`\" pulumi-lang-yaml=\"`dnsDomainAndSamAccountName`\" pulumi-lang-java=\"`dnsDomainAndSamAccountName`\"\u003e`dnsDomainAndSamAccountName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emitAsRoles`\" pulumi-lang-dotnet=\"`EmitAsRoles`\" pulumi-lang-go=\"`emitAsRoles`\" pulumi-lang-python=\"`emit_as_roles`\" pulumi-lang-yaml=\"`emitAsRoles`\" pulumi-lang-java=\"`emitAsRoles`\"\u003e`emitAsRoles`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-dotnet=\"`IncludeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-go=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-python=\"`include_externally_authenticated_upn_without_hash`\" pulumi-lang-yaml=\"`includeExternallyAuthenticatedUpnWithoutHash`\" pulumi-lang-java=\"`includeExternallyAuthenticatedUpnWithoutHash`\"\u003e`includeExternallyAuthenticatedUpnWithoutHash`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-dotnet=\"`IncludeExternallyAuthenticatedUpn`\" pulumi-lang-go=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-python=\"`include_externally_authenticated_upn`\" pulumi-lang-yaml=\"`includeExternallyAuthenticatedUpn`\" pulumi-lang-java=\"`includeExternallyAuthenticatedUpn`\"\u003e`includeExternallyAuthenticatedUpn`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`maxSizeLimit`\" pulumi-lang-dotnet=\"`MaxSizeLimit`\" pulumi-lang-go=\"`maxSizeLimit`\" pulumi-lang-python=\"`max_size_limit`\" pulumi-lang-yaml=\"`maxSizeLimit`\" pulumi-lang-java=\"`maxSizeLimit`\"\u003e`maxSizeLimit`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-dotnet=\"`NetbiosDomainAndSamAccountName`\" pulumi-lang-go=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-python=\"`netbios_domain_and_sam_account_name`\" pulumi-lang-yaml=\"`netbiosDomainAndSamAccountName`\" pulumi-lang-java=\"`netbiosDomainAndSamAccountName`\"\u003e`netbiosDomainAndSamAccountName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`onPremiseSecurityIdentifier`\" pulumi-lang-dotnet=\"`OnPremiseSecurityIdentifier`\" pulumi-lang-go=\"`onPremiseSecurityIdentifier`\" pulumi-lang-python=\"`on_premise_security_identifier`\" pulumi-lang-yaml=\"`onPremiseSecurityIdentifier`\" pulumi-lang-java=\"`onPremiseSecurityIdentifier`\"\u003e`onPremiseSecurityIdentifier`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`samAccountName`\" pulumi-lang-dotnet=\"`SamAccountName`\" pulumi-lang-go=\"`samAccountName`\" pulumi-lang-python=\"`sam_account_name`\" pulumi-lang-yaml=\"`samAccountName`\" pulumi-lang-java=\"`samAccountName`\"\u003e`samAccountName`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`useGuid`\" pulumi-lang-dotnet=\"`UseGuid`\" pulumi-lang-go=\"`useGuid`\" pulumi-lang-python=\"`use_guid`\" pulumi-lang-yaml=\"`useGuid`\" pulumi-lang-java=\"`useGuid`\"\u003e`useGuid`\u003c/span\u003e.\n"},"essential":{"type":"boolean","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience.\n"},"name":{"type":"string","description":"The name of the optional claim.\n"},"source":{"type":"string","description":"The source of the claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is absent, the claim is a predefined optional claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e, the value of \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is the extension property from the user object.\n"}},"type":"object","required":["name"]},"azuread:index/ApplicationPassword:ApplicationPassword":{"properties":{"displayName":{"type":"string","description":"A display name for the password. Changing this field forces a new resource to be created.\n"},"endDate":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n"},"keyId":{"type":"string","description":"(Required) The unique key ID for the generated password.\n"},"startDate":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.\n"},"value":{"type":"string","description":"(Required) The generated password for the application.\n","secret":true}},"type":"object","required":["displayName"],"language":{"nodejs":{"requiredOutputs":["displayName","endDate","keyId","startDate","value"]}}},"azuread:index/ApplicationPublicClient:ApplicationPublicClient":{"properties":{"redirectUris":{"type":"array","items":{"type":"string"},"description":"A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid \u003cspan pulumi-lang-nodejs=\"`https`\" pulumi-lang-dotnet=\"`Https`\" pulumi-lang-go=\"`https`\" pulumi-lang-python=\"`https`\" pulumi-lang-yaml=\"`https`\" pulumi-lang-java=\"`https`\"\u003e`https`\u003c/span\u003e or `ms-appx-web` URL.\n"}},"type":"object"},"azuread:index/ApplicationRequiredResourceAccess:ApplicationRequiredResourceAccess":{"properties":{"resourceAccesses":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationRequiredResourceAccessResourceAccess:ApplicationRequiredResourceAccessResourceAccess"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`resourceAccess`\" pulumi-lang-dotnet=\"`ResourceAccess`\" pulumi-lang-go=\"`resourceAccess`\" pulumi-lang-python=\"`resource_access`\" pulumi-lang-yaml=\"`resourceAccess`\" pulumi-lang-java=\"`resourceAccess`\"\u003e`resourceAccess`\u003c/span\u003e blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.\n"},"resourceAppId":{"type":"string","description":"The unique identifier for the resource that the application requires access to. This should be the Application ID of the target application.\n\n\u003e **Note:** Documentation on \u003cspan pulumi-lang-nodejs=\"`resourceAppId`\" pulumi-lang-dotnet=\"`ResourceAppId`\" pulumi-lang-go=\"`resourceAppId`\" pulumi-lang-python=\"`resource_app_id`\" pulumi-lang-yaml=\"`resourceAppId`\" pulumi-lang-java=\"`resourceAppId`\"\u003e`resourceAppId`\u003c/span\u003e values for Microsoft APIs can be difficult to find, but you can use the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_list) to find them. (e.g. `az ad sp list --display-name \"Microsoft Graph\" --query '[].{appDisplayName:appDisplayName, appId:appId}'`)\n"}},"type":"object","required":["resourceAccesses","resourceAppId"]},"azuread:index/ApplicationRequiredResourceAccessResourceAccess:ApplicationRequiredResourceAccessResourceAccess":{"properties":{"id":{"type":"string","description":"The unique identifier for an app role or OAuth2 permission scope published by the resource application.\n"},"type":{"type":"string","description":"Specifies whether the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e property references an app role or an OAuth2 permission scope. Possible values are `Role` or `Scope`.\n"}},"type":"object","required":["id","type"]},"azuread:index/ApplicationSinglePageApplication:ApplicationSinglePageApplication":{"properties":{"redirectUris":{"type":"array","items":{"type":"string"},"description":"A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid \u003cspan pulumi-lang-nodejs=\"`https`\" pulumi-lang-dotnet=\"`Https`\" pulumi-lang-go=\"`https`\" pulumi-lang-python=\"`https`\" pulumi-lang-yaml=\"`https`\" pulumi-lang-java=\"`https`\"\u003e`https`\u003c/span\u003e URL.\n"}},"type":"object"},"azuread:index/ApplicationWeb:ApplicationWeb":{"properties":{"homepageUrl":{"type":"string","description":"Home page or landing page of the application.\n"},"implicitGrant":{"$ref":"#/types/azuread:index/ApplicationWebImplicitGrant:ApplicationWebImplicitGrant","description":"An \u003cspan pulumi-lang-nodejs=\"`implicitGrant`\" pulumi-lang-dotnet=\"`ImplicitGrant`\" pulumi-lang-go=\"`implicitGrant`\" pulumi-lang-python=\"`implicit_grant`\" pulumi-lang-yaml=\"`implicitGrant`\" pulumi-lang-java=\"`implicitGrant`\"\u003e`implicitGrant`\u003c/span\u003e block as documented above.\n"},"logoutUrl":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.\n"},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A set of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Must be a valid \u003cspan pulumi-lang-nodejs=\"`http`\" pulumi-lang-dotnet=\"`Http`\" pulumi-lang-go=\"`http`\" pulumi-lang-python=\"`http`\" pulumi-lang-yaml=\"`http`\" pulumi-lang-java=\"`http`\"\u003e`http`\u003c/span\u003e URL or a URN.\n"}},"type":"object"},"azuread:index/ApplicationWebImplicitGrant:ApplicationWebImplicitGrant":{"properties":{"accessTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an access token using OAuth 2.0 implicit flow.\n"},"idTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an ID token using OAuth 2.0 implicit flow.\n"}},"type":"object"},"azuread:index/ConditionalAccessPolicyConditions:ConditionalAccessPolicyConditions":{"properties":{"applications":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsApplications:ConditionalAccessPolicyConditionsApplications","description":"An \u003cspan pulumi-lang-nodejs=\"`applications`\" pulumi-lang-dotnet=\"`Applications`\" pulumi-lang-go=\"`applications`\" pulumi-lang-python=\"`applications`\" pulumi-lang-yaml=\"`applications`\" pulumi-lang-java=\"`applications`\"\u003e`applications`\u003c/span\u003e block as documented below, which specifies applications and user actions included in and excluded from the policy.\n"},"authenticationFlowTransferMethods":{"type":"array","items":{"type":"string"},"description":"A list of authentication flow transfer methods included in the policy. Possible values are: `authenticationTransfer` and `deviceCodeFlow`.\n"},"clientAppTypes":{"type":"array","items":{"type":"string"},"description":"A list of client application types included in the policy. Possible values are: \u003cspan pulumi-lang-nodejs=\"`all`\" pulumi-lang-dotnet=\"`All`\" pulumi-lang-go=\"`all`\" pulumi-lang-python=\"`all`\" pulumi-lang-yaml=\"`all`\" pulumi-lang-java=\"`all`\"\u003e`all`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`browser`\" pulumi-lang-dotnet=\"`Browser`\" pulumi-lang-go=\"`browser`\" pulumi-lang-python=\"`browser`\" pulumi-lang-yaml=\"`browser`\" pulumi-lang-java=\"`browser`\"\u003e`browser`\u003c/span\u003e, `mobileAppsAndDesktopClients`, `exchangeActiveSync`, `easSupported` and \u003cspan pulumi-lang-nodejs=\"`other`\" pulumi-lang-dotnet=\"`Other`\" pulumi-lang-go=\"`other`\" pulumi-lang-python=\"`other`\" pulumi-lang-yaml=\"`other`\" pulumi-lang-java=\"`other`\"\u003e`other`\u003c/span\u003e.\n"},"clientApplications":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsClientApplications:ConditionalAccessPolicyConditionsClientApplications","description":"An \u003cspan pulumi-lang-nodejs=\"`clientApplications`\" pulumi-lang-dotnet=\"`ClientApplications`\" pulumi-lang-go=\"`clientApplications`\" pulumi-lang-python=\"`client_applications`\" pulumi-lang-yaml=\"`clientApplications`\" pulumi-lang-java=\"`clientApplications`\"\u003e`clientApplications`\u003c/span\u003e block as documented below, which specifies service principals included in and excluded from the policy.\n"},"devices":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsDevices:ConditionalAccessPolicyConditionsDevices","description":"A \u003cspan pulumi-lang-nodejs=\"`devices`\" pulumi-lang-dotnet=\"`Devices`\" pulumi-lang-go=\"`devices`\" pulumi-lang-python=\"`devices`\" pulumi-lang-yaml=\"`devices`\" pulumi-lang-java=\"`devices`\"\u003e`devices`\u003c/span\u003e block as documented below, which describes devices to be included in and excluded from the policy. A \u003cspan pulumi-lang-nodejs=\"`devices`\" pulumi-lang-dotnet=\"`Devices`\" pulumi-lang-go=\"`devices`\" pulumi-lang-python=\"`devices`\" pulumi-lang-yaml=\"`devices`\" pulumi-lang-java=\"`devices`\"\u003e`devices`\u003c/span\u003e block can be added to an existing policy, but removing the \u003cspan pulumi-lang-nodejs=\"`devices`\" pulumi-lang-dotnet=\"`Devices`\" pulumi-lang-go=\"`devices`\" pulumi-lang-python=\"`devices`\" pulumi-lang-yaml=\"`devices`\" pulumi-lang-java=\"`devices`\"\u003e`devices`\u003c/span\u003e block forces a new resource to be created.\n"},"insiderRiskLevels":{"type":"string","description":"The insider risk level in the policy. Possible values are: \u003cspan pulumi-lang-nodejs=\"`minor`\" pulumi-lang-dotnet=\"`Minor`\" pulumi-lang-go=\"`minor`\" pulumi-lang-python=\"`minor`\" pulumi-lang-yaml=\"`minor`\" pulumi-lang-java=\"`minor`\"\u003e`minor`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`moderate`\" pulumi-lang-dotnet=\"`Moderate`\" pulumi-lang-go=\"`moderate`\" pulumi-lang-python=\"`moderate`\" pulumi-lang-yaml=\"`moderate`\" pulumi-lang-java=\"`moderate`\"\u003e`moderate`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`elevated`\" pulumi-lang-dotnet=\"`Elevated`\" pulumi-lang-go=\"`elevated`\" pulumi-lang-python=\"`elevated`\" pulumi-lang-yaml=\"`elevated`\" pulumi-lang-java=\"`elevated`\"\u003e`elevated`\u003c/span\u003e, `unknownFutureValue`.\n"},"locations":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsLocations:ConditionalAccessPolicyConditionsLocations","description":"A \u003cspan pulumi-lang-nodejs=\"`locations`\" pulumi-lang-dotnet=\"`Locations`\" pulumi-lang-go=\"`locations`\" pulumi-lang-python=\"`locations`\" pulumi-lang-yaml=\"`locations`\" pulumi-lang-java=\"`locations`\"\u003e`locations`\u003c/span\u003e block as documented below, which specifies locations included in and excluded from the policy.\n"},"platforms":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsPlatforms:ConditionalAccessPolicyConditionsPlatforms","description":"A \u003cspan pulumi-lang-nodejs=\"`platforms`\" pulumi-lang-dotnet=\"`Platforms`\" pulumi-lang-go=\"`platforms`\" pulumi-lang-python=\"`platforms`\" pulumi-lang-yaml=\"`platforms`\" pulumi-lang-java=\"`platforms`\"\u003e`platforms`\u003c/span\u003e block as documented below, which specifies platforms included in and excluded from the policy.\n"},"servicePrincipalRiskLevels":{"type":"array","items":{"type":"string"},"description":"A list of service principal sign-in risk levels included in the policy. Possible values are: \u003cspan pulumi-lang-nodejs=\"`low`\" pulumi-lang-dotnet=\"`Low`\" pulumi-lang-go=\"`low`\" pulumi-lang-python=\"`low`\" pulumi-lang-yaml=\"`low`\" pulumi-lang-java=\"`low`\"\u003e`low`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`medium`\" pulumi-lang-dotnet=\"`Medium`\" pulumi-lang-go=\"`medium`\" pulumi-lang-python=\"`medium`\" pulumi-lang-yaml=\"`medium`\" pulumi-lang-java=\"`medium`\"\u003e`medium`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`high`\" pulumi-lang-dotnet=\"`High`\" pulumi-lang-go=\"`high`\" pulumi-lang-python=\"`high`\" pulumi-lang-yaml=\"`high`\" pulumi-lang-java=\"`high`\"\u003e`high`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`none`\" pulumi-lang-dotnet=\"`None`\" pulumi-lang-go=\"`none`\" pulumi-lang-python=\"`none`\" pulumi-lang-yaml=\"`none`\" pulumi-lang-java=\"`none`\"\u003e`none`\u003c/span\u003e, `unknownFutureValue`.\n"},"signInRiskLevels":{"type":"array","items":{"type":"string"},"description":"A list of user sign-in risk levels included in the policy. Possible values are: \u003cspan pulumi-lang-nodejs=\"`low`\" pulumi-lang-dotnet=\"`Low`\" pulumi-lang-go=\"`low`\" pulumi-lang-python=\"`low`\" pulumi-lang-yaml=\"`low`\" pulumi-lang-java=\"`low`\"\u003e`low`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`medium`\" pulumi-lang-dotnet=\"`Medium`\" pulumi-lang-go=\"`medium`\" pulumi-lang-python=\"`medium`\" pulumi-lang-yaml=\"`medium`\" pulumi-lang-java=\"`medium`\"\u003e`medium`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`high`\" pulumi-lang-dotnet=\"`High`\" pulumi-lang-go=\"`high`\" pulumi-lang-python=\"`high`\" pulumi-lang-yaml=\"`high`\" pulumi-lang-java=\"`high`\"\u003e`high`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`hidden`\" pulumi-lang-dotnet=\"`Hidden`\" pulumi-lang-go=\"`hidden`\" pulumi-lang-python=\"`hidden`\" pulumi-lang-yaml=\"`hidden`\" pulumi-lang-java=\"`hidden`\"\u003e`hidden`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`none`\" pulumi-lang-dotnet=\"`None`\" pulumi-lang-go=\"`none`\" pulumi-lang-python=\"`none`\" pulumi-lang-yaml=\"`none`\" pulumi-lang-java=\"`none`\"\u003e`none`\u003c/span\u003e, `unknownFutureValue`.\n"},"userRiskLevels":{"type":"array","items":{"type":"string"},"description":"A list of user risk levels included in the policy. Possible values are: \u003cspan pulumi-lang-nodejs=\"`low`\" pulumi-lang-dotnet=\"`Low`\" pulumi-lang-go=\"`low`\" pulumi-lang-python=\"`low`\" pulumi-lang-yaml=\"`low`\" pulumi-lang-java=\"`low`\"\u003e`low`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`medium`\" pulumi-lang-dotnet=\"`Medium`\" pulumi-lang-go=\"`medium`\" pulumi-lang-python=\"`medium`\" pulumi-lang-yaml=\"`medium`\" pulumi-lang-java=\"`medium`\"\u003e`medium`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`high`\" pulumi-lang-dotnet=\"`High`\" pulumi-lang-go=\"`high`\" pulumi-lang-python=\"`high`\" pulumi-lang-yaml=\"`high`\" pulumi-lang-java=\"`high`\"\u003e`high`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`hidden`\" pulumi-lang-dotnet=\"`Hidden`\" pulumi-lang-go=\"`hidden`\" pulumi-lang-python=\"`hidden`\" pulumi-lang-yaml=\"`hidden`\" pulumi-lang-java=\"`hidden`\"\u003e`hidden`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`none`\" pulumi-lang-dotnet=\"`None`\" pulumi-lang-go=\"`none`\" pulumi-lang-python=\"`none`\" pulumi-lang-yaml=\"`none`\" pulumi-lang-java=\"`none`\"\u003e`none`\u003c/span\u003e, `unknownFutureValue`.\n"},"users":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsUsers:ConditionalAccessPolicyConditionsUsers","description":"A \u003cspan pulumi-lang-nodejs=\"`users`\" pulumi-lang-dotnet=\"`Users`\" pulumi-lang-go=\"`users`\" pulumi-lang-python=\"`users`\" pulumi-lang-yaml=\"`users`\" pulumi-lang-java=\"`users`\"\u003e`users`\u003c/span\u003e block as documented below, which specifies users, groups, and roles included in and excluded from the policy.\n"}},"type":"object","required":["applications","clientAppTypes","users"],"language":{"nodejs":{"requiredOutputs":["applications","clientAppTypes","insiderRiskLevels","users"]}}},"azuread:index/ConditionalAccessPolicyConditionsApplications:ConditionalAccessPolicyConditionsApplications":{"properties":{"excludedApplications":{"type":"array","items":{"type":"string"},"description":"A list of application IDs explicitly excluded from the policy. Can also be set to `Office365`.\n"},"includedApplications":{"type":"array","items":{"type":"string"},"description":"A list of application IDs the policy applies to, unless explicitly excluded (in \u003cspan pulumi-lang-nodejs=\"`excludedApplications`\" pulumi-lang-dotnet=\"`ExcludedApplications`\" pulumi-lang-go=\"`excludedApplications`\" pulumi-lang-python=\"`excluded_applications`\" pulumi-lang-yaml=\"`excludedApplications`\" pulumi-lang-java=\"`excludedApplications`\"\u003e`excludedApplications`\u003c/span\u003e). Can also be set to `All`, `None` or `Office365`. Cannot be specified with \u003cspan pulumi-lang-nodejs=\"`includedUserActions`\" pulumi-lang-dotnet=\"`IncludedUserActions`\" pulumi-lang-go=\"`includedUserActions`\" pulumi-lang-python=\"`included_user_actions`\" pulumi-lang-yaml=\"`includedUserActions`\" pulumi-lang-java=\"`includedUserActions`\"\u003e`includedUserActions`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedApplications`\" pulumi-lang-dotnet=\"`IncludedApplications`\" pulumi-lang-go=\"`includedApplications`\" pulumi-lang-python=\"`included_applications`\" pulumi-lang-yaml=\"`includedApplications`\" pulumi-lang-java=\"`includedApplications`\"\u003e`includedApplications`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedUserActions`\" pulumi-lang-dotnet=\"`IncludedUserActions`\" pulumi-lang-go=\"`includedUserActions`\" pulumi-lang-python=\"`included_user_actions`\" pulumi-lang-yaml=\"`includedUserActions`\" pulumi-lang-java=\"`includedUserActions`\"\u003e`includedUserActions`\u003c/span\u003e must be specified.\n"},"includedUserActions":{"type":"array","items":{"type":"string"},"description":"A list of user actions to include. Supported values are `urn:user:registerdevice` and `urn:user:registersecurityinfo`. Cannot be specified with \u003cspan pulumi-lang-nodejs=\"`includedApplications`\" pulumi-lang-dotnet=\"`IncludedApplications`\" pulumi-lang-go=\"`includedApplications`\" pulumi-lang-python=\"`included_applications`\" pulumi-lang-yaml=\"`includedApplications`\" pulumi-lang-java=\"`includedApplications`\"\u003e`includedApplications`\u003c/span\u003e. One of \u003cspan pulumi-lang-nodejs=\"`includedApplications`\" pulumi-lang-dotnet=\"`IncludedApplications`\" pulumi-lang-go=\"`includedApplications`\" pulumi-lang-python=\"`included_applications`\" pulumi-lang-yaml=\"`includedApplications`\" pulumi-lang-java=\"`includedApplications`\"\u003e`includedApplications`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedUserActions`\" pulumi-lang-dotnet=\"`IncludedUserActions`\" pulumi-lang-go=\"`includedUserActions`\" pulumi-lang-python=\"`included_user_actions`\" pulumi-lang-yaml=\"`includedUserActions`\" pulumi-lang-java=\"`includedUserActions`\"\u003e`includedUserActions`\u003c/span\u003e must be specified.\n"}},"type":"object"},"azuread:index/ConditionalAccessPolicyConditionsClientApplications:ConditionalAccessPolicyConditionsClientApplications":{"properties":{"excludedServicePrincipals":{"type":"array","items":{"type":"string"},"description":"A list of service principal IDs explicitly excluded in the policy.\n"},"filter":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsClientApplicationsFilter:ConditionalAccessPolicyConditionsClientApplicationsFilter","description":"A \u003cspan pulumi-lang-nodejs=\"`filter`\" pulumi-lang-dotnet=\"`Filter`\" pulumi-lang-go=\"`filter`\" pulumi-lang-python=\"`filter`\" pulumi-lang-yaml=\"`filter`\" pulumi-lang-java=\"`filter`\"\u003e`filter`\u003c/span\u003e block as documented below.\n\n\u003e **Note:** Specifying \u003cspan pulumi-lang-nodejs=\"`filter`\" pulumi-lang-dotnet=\"`Filter`\" pulumi-lang-go=\"`filter`\" pulumi-lang-python=\"`filter`\" pulumi-lang-yaml=\"`filter`\" pulumi-lang-java=\"`filter`\"\u003e`filter`\u003c/span\u003e requires the `Attribute Definition Reader` role, this is not included in the `Global Administrator` or other administrator roles and must be separately assigned.\n"},"includedServicePrincipals":{"type":"array","items":{"type":"string"},"description":"A list of service principal IDs explicitly included in the policy. Can be set to `ServicePrincipalsInMyTenant` to include all service principals. This is mandatory value when at least one \u003cspan pulumi-lang-nodejs=\"`excludedServicePrincipals`\" pulumi-lang-dotnet=\"`ExcludedServicePrincipals`\" pulumi-lang-go=\"`excludedServicePrincipals`\" pulumi-lang-python=\"`excluded_service_principals`\" pulumi-lang-yaml=\"`excludedServicePrincipals`\" pulumi-lang-java=\"`excludedServicePrincipals`\"\u003e`excludedServicePrincipals`\u003c/span\u003e is set.\n"}},"type":"object"},"azuread:index/ConditionalAccessPolicyConditionsClientApplicationsFilter:ConditionalAccessPolicyConditionsClientApplicationsFilter":{"properties":{"mode":{"type":"string","description":"Whether to include in, or exclude from, matching items from the policy. Supported values are \u003cspan pulumi-lang-nodejs=\"`include`\" pulumi-lang-dotnet=\"`Include`\" pulumi-lang-go=\"`include`\" pulumi-lang-python=\"`include`\" pulumi-lang-yaml=\"`include`\" pulumi-lang-java=\"`include`\"\u003e`include`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`exclude`\" pulumi-lang-dotnet=\"`Exclude`\" pulumi-lang-go=\"`exclude`\" pulumi-lang-python=\"`exclude`\" pulumi-lang-yaml=\"`exclude`\" pulumi-lang-java=\"`exclude`\"\u003e`exclude`\u003c/span\u003e.\n"},"rule":{"type":"string","description":"Condition filter to match items.\n"}},"type":"object","required":["mode","rule"]},"azuread:index/ConditionalAccessPolicyConditionsDevices:ConditionalAccessPolicyConditionsDevices":{"properties":{"filter":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsDevicesFilter:ConditionalAccessPolicyConditionsDevicesFilter","description":"A \u003cspan pulumi-lang-nodejs=\"`filter`\" pulumi-lang-dotnet=\"`Filter`\" pulumi-lang-go=\"`filter`\" pulumi-lang-python=\"`filter`\" pulumi-lang-yaml=\"`filter`\" pulumi-lang-java=\"`filter`\"\u003e`filter`\u003c/span\u003e block as documented below.\n\n\u003e **Note:** For more information on device filters, see the [official documentation](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-condition-filters-for-devices#supported-operators-and-device-properties-for-filters).\n"}},"type":"object"},"azuread:index/ConditionalAccessPolicyConditionsDevicesFilter:ConditionalAccessPolicyConditionsDevicesFilter":{"properties":{"mode":{"type":"string","description":"Whether to include in, or exclude from, matching items from the policy. Supported values are \u003cspan pulumi-lang-nodejs=\"`include`\" pulumi-lang-dotnet=\"`Include`\" pulumi-lang-go=\"`include`\" pulumi-lang-python=\"`include`\" pulumi-lang-yaml=\"`include`\" pulumi-lang-java=\"`include`\"\u003e`include`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`exclude`\" pulumi-lang-dotnet=\"`Exclude`\" pulumi-lang-go=\"`exclude`\" pulumi-lang-python=\"`exclude`\" pulumi-lang-yaml=\"`exclude`\" pulumi-lang-java=\"`exclude`\"\u003e`exclude`\u003c/span\u003e.\n"},"rule":{"type":"string","description":"Condition filter to match items.\n"}},"type":"object","required":["mode","rule"]},"azuread:index/ConditionalAccessPolicyConditionsLocations:ConditionalAccessPolicyConditionsLocations":{"properties":{"excludedLocations":{"type":"array","items":{"type":"string"},"description":"A list of location IDs excluded from scope of policy. Can also be set to `AllTrusted`.\n"},"includedLocations":{"type":"array","items":{"type":"string"},"description":"A list of location IDs in scope of policy unless explicitly excluded. Can also be set to `All`, or `AllTrusted`.\n"}},"type":"object","required":["includedLocations"]},"azuread:index/ConditionalAccessPolicyConditionsPlatforms:ConditionalAccessPolicyConditionsPlatforms":{"properties":{"excludedPlatforms":{"type":"array","items":{"type":"string"},"description":"A list of platforms explicitly excluded from the policy. Possible values are: \u003cspan pulumi-lang-nodejs=\"`all`\" pulumi-lang-dotnet=\"`All`\" pulumi-lang-go=\"`all`\" pulumi-lang-python=\"`all`\" pulumi-lang-yaml=\"`all`\" pulumi-lang-java=\"`all`\"\u003e`all`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`android`\" pulumi-lang-dotnet=\"`Android`\" pulumi-lang-go=\"`android`\" pulumi-lang-python=\"`android`\" pulumi-lang-yaml=\"`android`\" pulumi-lang-java=\"`android`\"\u003e`android`\u003c/span\u003e, `iOS`, \u003cspan pulumi-lang-nodejs=\"`linux`\" pulumi-lang-dotnet=\"`Linux`\" pulumi-lang-go=\"`linux`\" pulumi-lang-python=\"`linux`\" pulumi-lang-yaml=\"`linux`\" pulumi-lang-java=\"`linux`\"\u003e`linux`\u003c/span\u003e, `macOS`, \u003cspan pulumi-lang-nodejs=\"`windows`\" pulumi-lang-dotnet=\"`Windows`\" pulumi-lang-go=\"`windows`\" pulumi-lang-python=\"`windows`\" pulumi-lang-yaml=\"`windows`\" pulumi-lang-java=\"`windows`\"\u003e`windows`\u003c/span\u003e, `windowsPhone` or `unknownFutureValue`.\n"},"includedPlatforms":{"type":"array","items":{"type":"string"},"description":"A list of platforms the policy applies to, unless explicitly excluded. Possible values are: \u003cspan pulumi-lang-nodejs=\"`all`\" pulumi-lang-dotnet=\"`All`\" pulumi-lang-go=\"`all`\" pulumi-lang-python=\"`all`\" pulumi-lang-yaml=\"`all`\" pulumi-lang-java=\"`all`\"\u003e`all`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`android`\" pulumi-lang-dotnet=\"`Android`\" pulumi-lang-go=\"`android`\" pulumi-lang-python=\"`android`\" pulumi-lang-yaml=\"`android`\" pulumi-lang-java=\"`android`\"\u003e`android`\u003c/span\u003e, `iOS`, \u003cspan pulumi-lang-nodejs=\"`linux`\" pulumi-lang-dotnet=\"`Linux`\" pulumi-lang-go=\"`linux`\" pulumi-lang-python=\"`linux`\" pulumi-lang-yaml=\"`linux`\" pulumi-lang-java=\"`linux`\"\u003e`linux`\u003c/span\u003e, `macOS`, \u003cspan pulumi-lang-nodejs=\"`windows`\" pulumi-lang-dotnet=\"`Windows`\" pulumi-lang-go=\"`windows`\" pulumi-lang-python=\"`windows`\" pulumi-lang-yaml=\"`windows`\" pulumi-lang-java=\"`windows`\"\u003e`windows`\u003c/span\u003e, `windowsPhone` or `unknownFutureValue`.\n"}},"type":"object","required":["includedPlatforms"]},"azuread:index/ConditionalAccessPolicyConditionsUsers:ConditionalAccessPolicyConditionsUsers":{"properties":{"excludedGroups":{"type":"array","items":{"type":"string"},"description":"A list of group IDs excluded from scope of policy.\n"},"excludedGuestsOrExternalUsers":{"type":"array","items":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUser:ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUser"},"description":"A \u003cspan pulumi-lang-nodejs=\"`guestsOrExternalUsers`\" pulumi-lang-dotnet=\"`GuestsOrExternalUsers`\" pulumi-lang-go=\"`guestsOrExternalUsers`\" pulumi-lang-python=\"`guests_or_external_users`\" pulumi-lang-yaml=\"`guestsOrExternalUsers`\" pulumi-lang-java=\"`guestsOrExternalUsers`\"\u003e`guestsOrExternalUsers`\u003c/span\u003e block as documented below, which specifies internal guests and external users excluded from scope of policy.\n"},"excludedRoles":{"type":"array","items":{"type":"string"},"description":"A list of role IDs excluded from scope of policy.\n"},"excludedUsers":{"type":"array","items":{"type":"string"},"description":"A list of user IDs excluded from scope of policy and/or `GuestsOrExternalUsers`.\n"},"includedGroups":{"type":"array","items":{"type":"string"},"description":"A list of group IDs in scope of policy unless explicitly excluded.\n"},"includedGuestsOrExternalUsers":{"type":"array","items":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUser:ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUser"},"description":"A \u003cspan pulumi-lang-nodejs=\"`guestsOrExternalUsers`\" pulumi-lang-dotnet=\"`GuestsOrExternalUsers`\" pulumi-lang-go=\"`guestsOrExternalUsers`\" pulumi-lang-python=\"`guests_or_external_users`\" pulumi-lang-yaml=\"`guestsOrExternalUsers`\" pulumi-lang-java=\"`guestsOrExternalUsers`\"\u003e`guestsOrExternalUsers`\u003c/span\u003e block as documented below, which specifies internal guests and external users in scope of policy.\n"},"includedRoles":{"type":"array","items":{"type":"string"},"description":"A list of role IDs in scope of policy unless explicitly excluded.\n"},"includedUsers":{"type":"array","items":{"type":"string"},"description":"A list of user IDs in scope of policy unless explicitly excluded, or `None` or `All` or `GuestsOrExternalUsers`.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`includedGroups`\" pulumi-lang-dotnet=\"`IncludedGroups`\" pulumi-lang-go=\"`includedGroups`\" pulumi-lang-python=\"`included_groups`\" pulumi-lang-yaml=\"`includedGroups`\" pulumi-lang-java=\"`includedGroups`\"\u003e`includedGroups`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includedGuestsOrExternalUsers`\" pulumi-lang-dotnet=\"`IncludedGuestsOrExternalUsers`\" pulumi-lang-go=\"`includedGuestsOrExternalUsers`\" pulumi-lang-python=\"`included_guests_or_external_users`\" pulumi-lang-yaml=\"`includedGuestsOrExternalUsers`\" pulumi-lang-java=\"`includedGuestsOrExternalUsers`\"\u003e`includedGuestsOrExternalUsers`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`includedRoles`\" pulumi-lang-dotnet=\"`IncludedRoles`\" pulumi-lang-go=\"`includedRoles`\" pulumi-lang-python=\"`included_roles`\" pulumi-lang-yaml=\"`includedRoles`\" pulumi-lang-java=\"`includedRoles`\"\u003e`includedRoles`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`includedUsers`\" pulumi-lang-dotnet=\"`IncludedUsers`\" pulumi-lang-go=\"`includedUsers`\" pulumi-lang-python=\"`included_users`\" pulumi-lang-yaml=\"`includedUsers`\" pulumi-lang-java=\"`includedUsers`\"\u003e`includedUsers`\u003c/span\u003e must be specified.\n"}},"type":"object"},"azuread:index/ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUser:ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUser":{"properties":{"externalTenants":{"type":"array","items":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUserExternalTenant:ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUserExternalTenant"},"description":"An \u003cspan pulumi-lang-nodejs=\"`externalTenants`\" pulumi-lang-dotnet=\"`ExternalTenants`\" pulumi-lang-go=\"`externalTenants`\" pulumi-lang-python=\"`external_tenants`\" pulumi-lang-yaml=\"`externalTenants`\" pulumi-lang-java=\"`externalTenants`\"\u003e`externalTenants`\u003c/span\u003e block as documented below, which specifies external tenants in a policy scope.\n"},"guestOrExternalUserTypes":{"type":"array","items":{"type":"string"},"description":"A list of guest or external user types. Possible values are: `b2bCollaborationGuest`, `b2bCollaborationMember`, `b2bDirectConnectUser`, `internalGuest`, \u003cspan pulumi-lang-nodejs=\"`none`\" pulumi-lang-dotnet=\"`None`\" pulumi-lang-go=\"`none`\" pulumi-lang-python=\"`none`\" pulumi-lang-yaml=\"`none`\" pulumi-lang-java=\"`none`\"\u003e`none`\u003c/span\u003e, `otherExternalUser`, `serviceProvider`, `unknownFutureValue`.\n"}},"type":"object","required":["guestOrExternalUserTypes"]},"azuread:index/ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUserExternalTenant:ConditionalAccessPolicyConditionsUsersExcludedGuestsOrExternalUserExternalTenant":{"properties":{"members":{"type":"array","items":{"type":"string"},"description":"A list tenant IDs. Can only be specified if \u003cspan pulumi-lang-nodejs=\"`membershipKind`\" pulumi-lang-dotnet=\"`MembershipKind`\" pulumi-lang-go=\"`membershipKind`\" pulumi-lang-python=\"`membership_kind`\" pulumi-lang-yaml=\"`membershipKind`\" pulumi-lang-java=\"`membershipKind`\"\u003e`membershipKind`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`enumerated`\" pulumi-lang-dotnet=\"`Enumerated`\" pulumi-lang-go=\"`enumerated`\" pulumi-lang-python=\"`enumerated`\" pulumi-lang-yaml=\"`enumerated`\" pulumi-lang-java=\"`enumerated`\"\u003e`enumerated`\u003c/span\u003e.\n"},"membershipKind":{"type":"string","description":"The external tenant membership kind. Possible values are: \u003cspan pulumi-lang-nodejs=\"`all`\" pulumi-lang-dotnet=\"`All`\" pulumi-lang-go=\"`all`\" pulumi-lang-python=\"`all`\" pulumi-lang-yaml=\"`all`\" pulumi-lang-java=\"`all`\"\u003e`all`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`enumerated`\" pulumi-lang-dotnet=\"`Enumerated`\" pulumi-lang-go=\"`enumerated`\" pulumi-lang-python=\"`enumerated`\" pulumi-lang-yaml=\"`enumerated`\" pulumi-lang-java=\"`enumerated`\"\u003e`enumerated`\u003c/span\u003e, `unknownFutureValue`.\n"}},"type":"object","required":["membershipKind"]},"azuread:index/ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUser:ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUser":{"properties":{"externalTenants":{"type":"array","items":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUserExternalTenant:ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUserExternalTenant"},"description":"An \u003cspan pulumi-lang-nodejs=\"`externalTenants`\" pulumi-lang-dotnet=\"`ExternalTenants`\" pulumi-lang-go=\"`externalTenants`\" pulumi-lang-python=\"`external_tenants`\" pulumi-lang-yaml=\"`externalTenants`\" pulumi-lang-java=\"`externalTenants`\"\u003e`externalTenants`\u003c/span\u003e block as documented below, which specifies external tenants in a policy scope.\n"},"guestOrExternalUserTypes":{"type":"array","items":{"type":"string"},"description":"A list of guest or external user types. Possible values are: `b2bCollaborationGuest`, `b2bCollaborationMember`, `b2bDirectConnectUser`, `internalGuest`, \u003cspan pulumi-lang-nodejs=\"`none`\" pulumi-lang-dotnet=\"`None`\" pulumi-lang-go=\"`none`\" pulumi-lang-python=\"`none`\" pulumi-lang-yaml=\"`none`\" pulumi-lang-java=\"`none`\"\u003e`none`\u003c/span\u003e, `otherExternalUser`, `serviceProvider`, `unknownFutureValue`.\n"}},"type":"object","required":["guestOrExternalUserTypes"]},"azuread:index/ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUserExternalTenant:ConditionalAccessPolicyConditionsUsersIncludedGuestsOrExternalUserExternalTenant":{"properties":{"members":{"type":"array","items":{"type":"string"},"description":"A list tenant IDs. Can only be specified if \u003cspan pulumi-lang-nodejs=\"`membershipKind`\" pulumi-lang-dotnet=\"`MembershipKind`\" pulumi-lang-go=\"`membershipKind`\" pulumi-lang-python=\"`membership_kind`\" pulumi-lang-yaml=\"`membershipKind`\" pulumi-lang-java=\"`membershipKind`\"\u003e`membershipKind`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`enumerated`\" pulumi-lang-dotnet=\"`Enumerated`\" pulumi-lang-go=\"`enumerated`\" pulumi-lang-python=\"`enumerated`\" pulumi-lang-yaml=\"`enumerated`\" pulumi-lang-java=\"`enumerated`\"\u003e`enumerated`\u003c/span\u003e.\n"},"membershipKind":{"type":"string","description":"The external tenant membership kind. Possible values are: \u003cspan pulumi-lang-nodejs=\"`all`\" pulumi-lang-dotnet=\"`All`\" pulumi-lang-go=\"`all`\" pulumi-lang-python=\"`all`\" pulumi-lang-yaml=\"`all`\" pulumi-lang-java=\"`all`\"\u003e`all`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`enumerated`\" pulumi-lang-dotnet=\"`Enumerated`\" pulumi-lang-go=\"`enumerated`\" pulumi-lang-python=\"`enumerated`\" pulumi-lang-yaml=\"`enumerated`\" pulumi-lang-java=\"`enumerated`\"\u003e`enumerated`\u003c/span\u003e, `unknownFutureValue`.\n"}},"type":"object","required":["membershipKind"]},"azuread:index/ConditionalAccessPolicyGrantControls:ConditionalAccessPolicyGrantControls":{"properties":{"authenticationStrengthPolicyId":{"type":"string","description":"ID of an Authentication Strength Policy to use in this policy. When using a hard-coded ID, the UUID value should be prefixed with: `/policies/authenticationStrengthPolicies/`.\n"},"builtInControls":{"type":"array","items":{"type":"string"},"description":"List of built-in controls required by the policy. Possible values are: \u003cspan pulumi-lang-nodejs=\"`block`\" pulumi-lang-dotnet=\"`Block`\" pulumi-lang-go=\"`block`\" pulumi-lang-python=\"`block`\" pulumi-lang-yaml=\"`block`\" pulumi-lang-java=\"`block`\"\u003e`block`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mfa`\" pulumi-lang-dotnet=\"`Mfa`\" pulumi-lang-go=\"`mfa`\" pulumi-lang-python=\"`mfa`\" pulumi-lang-yaml=\"`mfa`\" pulumi-lang-java=\"`mfa`\"\u003e`mfa`\u003c/span\u003e, `approvedApplication`, `compliantApplication`, `compliantDevice`, `domainJoinedDevice`, `passwordChange` or `unknownFutureValue`.\n"},"customAuthenticationFactors":{"type":"array","items":{"type":"string"},"description":"List of custom controls IDs required by the policy.\n"},"operator":{"type":"string","description":"Defines the relationship of the grant controls. Possible values are: `AND`, `OR`.\n"},"termsOfUses":{"type":"array","items":{"type":"string"},"description":"List of terms of use IDs required by the policy.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`authenticationStrengthPolicyId`\" pulumi-lang-dotnet=\"`AuthenticationStrengthPolicyId`\" pulumi-lang-go=\"`authenticationStrengthPolicyId`\" pulumi-lang-python=\"`authentication_strength_policy_id`\" pulumi-lang-yaml=\"`authenticationStrengthPolicyId`\" pulumi-lang-java=\"`authenticationStrengthPolicyId`\"\u003e`authenticationStrengthPolicyId`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`builtInControls`\" pulumi-lang-dotnet=\"`BuiltInControls`\" pulumi-lang-go=\"`builtInControls`\" pulumi-lang-python=\"`built_in_controls`\" pulumi-lang-yaml=\"`builtInControls`\" pulumi-lang-java=\"`builtInControls`\"\u003e`builtInControls`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`termsOfUse`\" pulumi-lang-dotnet=\"`TermsOfUse`\" pulumi-lang-go=\"`termsOfUse`\" pulumi-lang-python=\"`terms_of_use`\" pulumi-lang-yaml=\"`termsOfUse`\" pulumi-lang-java=\"`termsOfUse`\"\u003e`termsOfUse`\u003c/span\u003e must be specified.\n"}},"type":"object","required":["operator"]},"azuread:index/ConditionalAccessPolicySessionControls:ConditionalAccessPolicySessionControls":{"properties":{"applicationEnforcedRestrictionsEnabled":{"type":"boolean","description":"Whether application enforced restrictions are enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n\u003e Only Office 365, Exchange Online and Sharepoint Online support application enforced restrictions.\n"},"cloudAppSecurityPolicy":{"type":"string","description":"Enables cloud app security and specifies the cloud app security policy to use. Possible values are: `blockDownloads`, `mcasConfigured`, `monitorOnly` or `unknownFutureValue`.\n"},"disableResilienceDefaults":{"type":"boolean","description":"Disables [resilience defaults](https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/resilience-defaults). Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"persistentBrowserMode":{"type":"string","description":"Session control to define whether to persist cookies. Possible values are: \u003cspan pulumi-lang-nodejs=\"`always`\" pulumi-lang-dotnet=\"`Always`\" pulumi-lang-go=\"`always`\" pulumi-lang-python=\"`always`\" pulumi-lang-yaml=\"`always`\" pulumi-lang-java=\"`always`\"\u003e`always`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`never`\" pulumi-lang-dotnet=\"`Never`\" pulumi-lang-go=\"`never`\" pulumi-lang-python=\"`never`\" pulumi-lang-yaml=\"`never`\" pulumi-lang-java=\"`never`\"\u003e`never`\u003c/span\u003e.\n"},"signInFrequency":{"type":"integer","description":"Number of days or hours to enforce sign-in frequency. Required when \u003cspan pulumi-lang-nodejs=\"`signInFrequencyPeriod`\" pulumi-lang-dotnet=\"`SignInFrequencyPeriod`\" pulumi-lang-go=\"`signInFrequencyPeriod`\" pulumi-lang-python=\"`sign_in_frequency_period`\" pulumi-lang-yaml=\"`signInFrequencyPeriod`\" pulumi-lang-java=\"`signInFrequencyPeriod`\"\u003e`signInFrequencyPeriod`\u003c/span\u003e is specified.\n"},"signInFrequencyAuthenticationType":{"type":"string","description":"Authentication type for enforcing sign-in frequency. Possible values are: `primaryAndSecondaryAuthentication` or `secondaryAuthentication`. Defaults to `primaryAndSecondaryAuthentication`.\n"},"signInFrequencyInterval":{"type":"string","description":"The interval to apply to sign-in frequency control. Possible values are: `timeBased` or `everyTime`. Defaults to `timeBased`.\n"},"signInFrequencyPeriod":{"type":"string","description":"The time period to enforce sign-in frequency. Possible values are: \u003cspan pulumi-lang-nodejs=\"`hours`\" pulumi-lang-dotnet=\"`Hours`\" pulumi-lang-go=\"`hours`\" pulumi-lang-python=\"`hours`\" pulumi-lang-yaml=\"`hours`\" pulumi-lang-java=\"`hours`\"\u003e`hours`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`days`\" pulumi-lang-dotnet=\"`Days`\" pulumi-lang-go=\"`days`\" pulumi-lang-python=\"`days`\" pulumi-lang-yaml=\"`days`\" pulumi-lang-java=\"`days`\"\u003e`days`\u003c/span\u003e. Required when \u003cspan pulumi-lang-nodejs=\"`signInFrequencyPeriod`\" pulumi-lang-dotnet=\"`SignInFrequencyPeriod`\" pulumi-lang-go=\"`signInFrequencyPeriod`\" pulumi-lang-python=\"`sign_in_frequency_period`\" pulumi-lang-yaml=\"`signInFrequencyPeriod`\" pulumi-lang-java=\"`signInFrequencyPeriod`\"\u003e`signInFrequencyPeriod`\u003c/span\u003e is specified.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["signInFrequencyAuthenticationType","signInFrequencyInterval"]}}},"azuread:index/CustomDirectoryRolePermission:CustomDirectoryRolePermission":{"properties":{"allowedResourceActions":{"type":"array","items":{"type":"string"},"description":"A set of tasks that can be performed on a resource. For more information, see the [Permissions Reference](https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference) documentation.\n"}},"type":"object","required":["allowedResourceActions"]},"azuread:index/GroupDynamicMembership:GroupDynamicMembership":{"properties":{"enabled":{"type":"boolean","description":"Whether rule processing is \"On\" (true) or \"Paused\" (false).\n"},"rule":{"type":"string","description":"The rule that determines membership of this group. For more information, see official documentation on [membership rules syntax](https://docs.microsoft.com/en-gb/azure/active-directory/enterprise-users/groups-dynamic-membership).\n\n\u003e **Dynamic Group Memberships** Remember to include `DynamicMembership` in the set of \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e for the group when configuring a dynamic membership rule. Dynamic membership is a premium feature which requires an Azure Active Directory P1 or P2 license.\n"}},"type":"object","required":["enabled","rule"]},"azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules":{"properties":{"approvalStage":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStage:GroupRoleManagementPolicyActivationRulesApprovalStage","description":"An \u003cspan pulumi-lang-nodejs=\"`approvalStage`\" pulumi-lang-dotnet=\"`ApprovalStage`\" pulumi-lang-go=\"`approvalStage`\" pulumi-lang-python=\"`approval_stage`\" pulumi-lang-yaml=\"`approvalStage`\" pulumi-lang-java=\"`approvalStage`\"\u003e`approvalStage`\u003c/span\u003e block as defined below.\n"},"maximumDuration":{"type":"string","description":"The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`.\n"},"requireApproval":{"type":"boolean","description":"Is approval required for activation. If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e an \u003cspan pulumi-lang-nodejs=\"`approvalStage`\" pulumi-lang-dotnet=\"`ApprovalStage`\" pulumi-lang-go=\"`approvalStage`\" pulumi-lang-python=\"`approval_stage`\" pulumi-lang-yaml=\"`approvalStage`\" pulumi-lang-java=\"`approvalStage`\"\u003e`approvalStage`\u003c/span\u003e block must be provided.\n"},"requireJustification":{"type":"boolean","description":"Is a justification required during activation of the role.\n"},"requireMultifactorAuthentication":{"type":"boolean","description":"Is multi-factor authentication required to activate the role. Conflicts with \u003cspan pulumi-lang-nodejs=\"`requiredConditionalAccessAuthenticationContext`\" pulumi-lang-dotnet=\"`RequiredConditionalAccessAuthenticationContext`\" pulumi-lang-go=\"`requiredConditionalAccessAuthenticationContext`\" pulumi-lang-python=\"`required_conditional_access_authentication_context`\" pulumi-lang-yaml=\"`requiredConditionalAccessAuthenticationContext`\" pulumi-lang-java=\"`requiredConditionalAccessAuthenticationContext`\"\u003e`requiredConditionalAccessAuthenticationContext`\u003c/span\u003e.\n"},"requireTicketInfo":{"type":"boolean","description":"Is ticket information requrired during activation of the role.\n"},"requiredConditionalAccessAuthenticationContext":{"type":"string","description":"The Entra ID Conditional Access context that must be present for activation (e.g \u003cspan pulumi-lang-nodejs=\"`c1`\" pulumi-lang-dotnet=\"`C1`\" pulumi-lang-go=\"`c1`\" pulumi-lang-python=\"`c1`\" pulumi-lang-yaml=\"`c1`\" pulumi-lang-java=\"`c1`\"\u003e`c1`\u003c/span\u003e). Conflicts with \u003cspan pulumi-lang-nodejs=\"`requireMultifactorAuthentication`\" pulumi-lang-dotnet=\"`RequireMultifactorAuthentication`\" pulumi-lang-go=\"`requireMultifactorAuthentication`\" pulumi-lang-python=\"`require_multifactor_authentication`\" pulumi-lang-yaml=\"`requireMultifactorAuthentication`\" pulumi-lang-java=\"`requireMultifactorAuthentication`\"\u003e`requireMultifactorAuthentication`\u003c/span\u003e.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["approvalStage","maximumDuration","requireApproval","requireJustification","requireMultifactorAuthentication","requireTicketInfo","requiredConditionalAccessAuthenticationContext"]}}},"azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStage:GroupRoleManagementPolicyActivationRulesApprovalStage":{"properties":{"primaryApprovers":{"type":"array","items":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover:GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover"},"description":"The IDs of the users or groups who can approve the activation\n"}},"type":"object","required":["primaryApprovers"]},"azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover:GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover":{"properties":{"objectId":{"type":"string","description":"The ID of the object which will act as an approver.\n"},"type":{"type":"string","description":"The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`.\n"}},"type":"object","required":["objectId"]},"azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules":{"properties":{"expirationRequired":{"type":"boolean","description":"Must an assignment have an expiry date. \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e allows permanent assignment.\n"},"expireAfter":{"type":"string","description":"The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`.\n"},"requireJustification":{"type":"boolean","description":"Is a justification required to create new assignments.\n"},"requireMultifactorAuthentication":{"type":"boolean","description":"Is multi-factor authentication required to create new assignments.\n"},"requireTicketInfo":{"type":"boolean","description":"Is ticket information required to create new assignments.\n\nOne of \u003cspan pulumi-lang-nodejs=\"`expirationRequired`\" pulumi-lang-dotnet=\"`ExpirationRequired`\" pulumi-lang-go=\"`expirationRequired`\" pulumi-lang-python=\"`expiration_required`\" pulumi-lang-yaml=\"`expirationRequired`\" pulumi-lang-java=\"`expirationRequired`\"\u003e`expirationRequired`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`expireAfter`\" pulumi-lang-dotnet=\"`ExpireAfter`\" pulumi-lang-go=\"`expireAfter`\" pulumi-lang-python=\"`expire_after`\" pulumi-lang-yaml=\"`expireAfter`\" pulumi-lang-java=\"`expireAfter`\"\u003e`expireAfter`\u003c/span\u003e must be provided.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["expirationRequired","expireAfter","requireJustification","requireMultifactorAuthentication","requireTicketInfo"]}}},"azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules":{"properties":{"expirationRequired":{"type":"boolean","description":"Must an assignment have an expiry date. \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e allows permanent assignment.\n"},"expireAfter":{"type":"string","description":"The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`.\n\nOne of \u003cspan pulumi-lang-nodejs=\"`expirationRequired`\" pulumi-lang-dotnet=\"`ExpirationRequired`\" pulumi-lang-go=\"`expirationRequired`\" pulumi-lang-python=\"`expiration_required`\" pulumi-lang-yaml=\"`expirationRequired`\" pulumi-lang-java=\"`expirationRequired`\"\u003e`expirationRequired`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`expireAfter`\" pulumi-lang-dotnet=\"`ExpireAfter`\" pulumi-lang-go=\"`expireAfter`\" pulumi-lang-python=\"`expire_after`\" pulumi-lang-yaml=\"`expireAfter`\" pulumi-lang-java=\"`expireAfter`\"\u003e`expireAfter`\u003c/span\u003e must be provided.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["expirationRequired","expireAfter"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules":{"properties":{"activeAssignments":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignments:GroupRoleManagementPolicyNotificationRulesActiveAssignments","description":"A \u003cspan pulumi-lang-nodejs=\"`notificationTarget`\" pulumi-lang-dotnet=\"`NotificationTarget`\" pulumi-lang-go=\"`notificationTarget`\" pulumi-lang-python=\"`notification_target`\" pulumi-lang-yaml=\"`notificationTarget`\" pulumi-lang-java=\"`notificationTarget`\"\u003e`notificationTarget`\u003c/span\u003e block as defined below to configure notfications on active role assignments.\n"},"eligibleActivations":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivations:GroupRoleManagementPolicyNotificationRulesEligibleActivations","description":"A \u003cspan pulumi-lang-nodejs=\"`notificationTarget`\" pulumi-lang-dotnet=\"`NotificationTarget`\" pulumi-lang-go=\"`notificationTarget`\" pulumi-lang-python=\"`notification_target`\" pulumi-lang-yaml=\"`notificationTarget`\" pulumi-lang-java=\"`notificationTarget`\"\u003e`notificationTarget`\u003c/span\u003e block as defined below for configuring notifications on activation of eligible role.\n"},"eligibleAssignments":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignments:GroupRoleManagementPolicyNotificationRulesEligibleAssignments","description":"A \u003cspan pulumi-lang-nodejs=\"`notificationTarget`\" pulumi-lang-dotnet=\"`NotificationTarget`\" pulumi-lang-go=\"`notificationTarget`\" pulumi-lang-python=\"`notification_target`\" pulumi-lang-yaml=\"`notificationTarget`\" pulumi-lang-java=\"`notificationTarget`\"\u003e`notificationTarget`\u003c/span\u003e block as defined below to configure notification on eligible role assignments.\n\nAt least one \u003cspan pulumi-lang-nodejs=\"`notificationTarget`\" pulumi-lang-dotnet=\"`NotificationTarget`\" pulumi-lang-go=\"`notificationTarget`\" pulumi-lang-python=\"`notification_target`\" pulumi-lang-yaml=\"`notificationTarget`\" pulumi-lang-java=\"`notificationTarget`\"\u003e`notificationTarget`\u003c/span\u003e block must be provided.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["activeAssignments","eligibleActivations","eligibleAssignments"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignments:GroupRoleManagementPolicyNotificationRulesActiveAssignments":{"properties":{"adminNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications","description":"Admin notification settings\n"},"approverNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications","description":"Approver notification settings\n"},"assigneeNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications","description":"Assignee notification settings\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["adminNotifications","approverNotifications","assigneeNotifications"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivations:GroupRoleManagementPolicyNotificationRulesEligibleActivations":{"properties":{"adminNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications","description":"Admin notification settings\n"},"approverNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications","description":"Approver notification settings\n"},"assigneeNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications","description":"Assignee notification settings\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["adminNotifications","approverNotifications","assigneeNotifications"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignments:GroupRoleManagementPolicyNotificationRulesEligibleAssignments":{"properties":{"adminNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications","description":"Admin notification settings\n"},"approverNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications","description":"Approver notification settings\n"},"assigneeNotifications":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications","description":"Assignee notification settings\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["adminNotifications","approverNotifications","assigneeNotifications"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications":{"properties":{"additionalRecipients":{"type":"array","items":{"type":"string"},"description":"The additional recipients to notify\n"},"defaultRecipients":{"type":"boolean","description":"Whether the default recipients are notified\n"},"notificationLevel":{"type":"string","description":"What level of notifications are sent\n"}},"type":"object","required":["defaultRecipients","notificationLevel"],"language":{"nodejs":{"requiredOutputs":["additionalRecipients","defaultRecipients","notificationLevel"]}}},"azuread:index/GroupWithoutMembersDynamicMembership:GroupWithoutMembersDynamicMembership":{"properties":{"enabled":{"type":"boolean","description":"Whether rule processing is \"On\" (true) or \"Paused\" (false).\n"},"rule":{"type":"string","description":"The rule that determines membership of this group. For more information, see official documentation on [membership rules syntax](https://docs.microsoft.com/en-gb/azure/active-directory/enterprise-users/groups-dynamic-membership).\n\n\u003e **Dynamic Group Memberships** Remember to include `DynamicMembership` in the set of \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e for the group when configuring a dynamic membership rule. Dynamic membership is a premium feature which requires an Azure Active Directory P1 or P2 license.\n"}},"type":"object","required":["enabled","rule"]},"azuread:index/InvitationMessage:InvitationMessage":{"properties":{"additionalRecipients":{"type":"string","description":"Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure.\n"},"body":{"type":"string","description":"Customized message body you want to send if you don't want to send the default message. Cannot be specified with \u003cspan pulumi-lang-nodejs=\"`language`\" pulumi-lang-dotnet=\"`Language`\" pulumi-lang-go=\"`language`\" pulumi-lang-python=\"`language`\" pulumi-lang-yaml=\"`language`\" pulumi-lang-java=\"`language`\"\u003e`language`\u003c/span\u003e.\n"},"language":{"type":"string","description":"The language you want to send the default message in. The value specified must be in ISO 639 format. Defaults to `en-US`. Cannot be specified with \u003cspan pulumi-lang-nodejs=\"`body`\" pulumi-lang-dotnet=\"`Body`\" pulumi-lang-go=\"`body`\" pulumi-lang-python=\"`body`\" pulumi-lang-yaml=\"`body`\" pulumi-lang-java=\"`body`\"\u003e`body`\u003c/span\u003e.\n"}},"type":"object"},"azuread:index/NamedLocationCountry:NamedLocationCountry":{"properties":{"countriesAndRegions":{"type":"array","items":{"type":"string"},"description":"List of countries and/or regions in two-letter format specified by ISO 3166-2.\n"},"countryLookupMethod":{"type":"string","description":"Method of detecting country the user is located in. Possible values are `clientIpAddress` for IP-based location and `authenticatorAppGps` for Authenticator app GPS-based location.  Defaults to `clientIpAddress`.\n"},"includeUnknownCountriesAndRegions":{"type":"boolean","description":"Whether IP addresses that don't map to a country or region should be included in the named location. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object","required":["countriesAndRegions"]},"azuread:index/NamedLocationIp:NamedLocationIp":{"properties":{"ipRanges":{"type":"array","items":{"type":"string"},"description":"List of IP address ranges in IPv4 CIDR format (e.g. `1.2.3.4/32`) or any allowable IPv6 format from IETF RFC596. Each CIDR prefix must be `/8` or larger.\n"},"trusted":{"type":"boolean","description":"Whether the named location is trusted. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object","required":["ipRanges"]},"azuread:index/ServicePrincipalAppRole:ServicePrincipalAppRole":{"properties":{"allowedMemberTypes":{"type":"array","items":{"type":"string"},"description":"Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are: `User` and `Application`, or both.\n"},"description":{"type":"string","description":"A description of the service principal provided for internal end-users.\n"},"displayName":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences.\n"},"enabled":{"type":"boolean","description":"Specifies whether the permission scope is enabled.\n"},"id":{"type":"string","description":"The unique identifier of the delegated permission.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth 2.0 access tokens.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["allowedMemberTypes","description","displayName","enabled","id","value"]}}},"azuread:index/ServicePrincipalFeature:ServicePrincipalFeature":{"properties":{"customSingleSignOnApp":{"type":"boolean","description":"Whether this service principal represents a custom SAML application\n"},"enterpriseApplication":{"type":"boolean","description":"Whether this service principal represents an Enterprise Application\n"},"galleryApplication":{"type":"boolean","description":"Whether this service principal represents a gallery application\n"},"visibleToUsers":{"type":"boolean","description":"Whether this app is visible to users in My Apps and Office 365 Launcher\n"}},"type":"object"},"azuread:index/ServicePrincipalFeatureTag:ServicePrincipalFeatureTag":{"properties":{"customSingleSignOn":{"type":"boolean","description":"Whether this service principal represents a custom SAML application. Enabling this will assign the `WindowsAzureActiveDirectoryCustomSingleSignOnApplication` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"enterprise":{"type":"boolean","description":"Whether this service principal represents an Enterprise Application. Enabling this will assign the `WindowsAzureActiveDirectoryIntegratedApp` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"gallery":{"type":"boolean","description":"Whether this service principal represents a gallery application. Enabling this will assign the `WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"hide":{"type":"boolean","description":"Whether this app is invisible to users in My Apps and Office 365 Launcher. Enabling this will assign the `HideApp` tag. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"}},"type":"object"},"azuread:index/ServicePrincipalOauth2PermissionScope:ServicePrincipalOauth2PermissionScope":{"properties":{"adminConsentDescription":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.\n"},"adminConsentDisplayName":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.\n"},"enabled":{"type":"boolean","description":"Specifies whether the permission scope is enabled.\n"},"id":{"type":"string","description":"The unique identifier of the delegated permission.\n"},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.\n"},"userConsentDescription":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.\n"},"userConsentDisplayName":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth 2.0 access tokens.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["adminConsentDescription","adminConsentDisplayName","enabled","id","type","userConsentDescription","userConsentDisplayName","value"]}}},"azuread:index/ServicePrincipalSamlSingleSignOn:ServicePrincipalSamlSingleSignOn":{"properties":{"relayState":{"type":"string","description":"The relative URI the service provider would redirect to after completion of the single sign-on flow.\n"}},"type":"object"},"azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter":{"properties":{"ruleId":{"type":"string","description":"The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template.\n","willReplaceOnChanges":true},"subjects":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationJobProvisionOnDemandParameterSubject:SynchronizationJobProvisionOnDemandParameterSubject"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`subject`\" pulumi-lang-dotnet=\"`Subject`\" pulumi-lang-go=\"`subject`\" pulumi-lang-python=\"`subject`\" pulumi-lang-yaml=\"`subject`\" pulumi-lang-java=\"`subject`\"\u003e`subject`\u003c/span\u003e blocks as documented below.\n","willReplaceOnChanges":true}},"type":"object","required":["ruleId","subjects"]},"azuread:index/SynchronizationJobProvisionOnDemandParameterSubject:SynchronizationJobProvisionOnDemandParameterSubject":{"properties":{"objectId":{"type":"string","description":"The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD.\n"},"objectTypeName":{"type":"string","description":"The type of the object to which a synchronization job is to be applied. Can be one of the following: \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application.\n"}},"type":"object","required":["objectId","objectTypeName"]},"azuread:index/SynchronizationJobSchedule:SynchronizationJobSchedule":{"properties":{"expiration":{"type":"string","description":"Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n"},"interval":{"type":"string","description":"The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes.\n"},"state":{"type":"string","description":"State of the job.\n"}},"type":"object","language":{"nodejs":{"requiredOutputs":["expiration","interval","state"]}}},"azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential":{"properties":{"key":{"type":"string","description":"The key of the secret.\n"},"value":{"type":"string","description":"The value of the secret.\n","secret":true}},"type":"object","required":["key","value"]},"azuread:index/getApplicationApi:getApplicationApi":{"properties":{"knownClientApplications":{"type":"array","items":{"type":"string"},"description":"A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app.\n"},"mappedClaimsEnabled":{"type":"boolean","description":"Allows an application to use claims mapping without specifying a custom signing key.\n"},"oauth2PermissionScopes":{"type":"array","items":{"$ref":"#/types/azuread:index/getApplicationApiOauth2PermissionScope:getApplicationApiOauth2PermissionScope"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`oauth2PermissionScope`\" pulumi-lang-dotnet=\"`Oauth2PermissionScope`\" pulumi-lang-go=\"`oauth2PermissionScope`\" pulumi-lang-python=\"`oauth2_permission_scope`\" pulumi-lang-yaml=\"`oauth2PermissionScope`\" pulumi-lang-java=\"`oauth2PermissionScope`\"\u003e`oauth2PermissionScope`\u003c/span\u003e blocks as documented below, to describe delegated permissions exposed by the web API represented by this application.\n"},"requestedAccessTokenVersion":{"type":"integer","description":"The access token version expected by this resource. Possible values are \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e.\n"}},"type":"object","required":["knownClientApplications","mappedClaimsEnabled","oauth2PermissionScopes","requestedAccessTokenVersion"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationApiOauth2PermissionScope:getApplicationApiOauth2PermissionScope":{"properties":{"adminConsentDescription":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.\n"},"adminConsentDisplayName":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.\n"},"enabled":{"type":"boolean","description":"Determines if the app role is enabled.\n"},"id":{"type":"string","description":"The unique identifier for an app role or OAuth2 permission scope published by the resource application.\n"},"type":{"type":"string","description":"Specifies whether the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e property references an app role or an OAuth2 permission scope. Possible values are `Role` or `Scope`.\n"},"userConsentDescription":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.\n"},"userConsentDisplayName":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`roles`\" pulumi-lang-dotnet=\"`Roles`\" pulumi-lang-go=\"`roles`\" pulumi-lang-python=\"`roles`\" pulumi-lang-yaml=\"`roles`\" pulumi-lang-java=\"`roles`\"\u003e`roles`\u003c/span\u003e claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.\n"}},"type":"object","required":["adminConsentDescription","adminConsentDisplayName","enabled","id","type","userConsentDescription","userConsentDisplayName","value"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationAppRole:getApplicationAppRole":{"properties":{"allowedMemberTypes":{"type":"array","items":{"type":"string"},"description":"Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in a standalone scenario). Possible values are `User` or `Application`, or both.\n"},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.\n"},"displayName":{"type":"string","description":"Specifies the display name of the application.\n"},"enabled":{"type":"boolean","description":"Determines if the app role is enabled.\n"},"id":{"type":"string","description":"The unique identifier for an app role or OAuth2 permission scope published by the resource application.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`roles`\" pulumi-lang-dotnet=\"`Roles`\" pulumi-lang-go=\"`roles`\" pulumi-lang-python=\"`roles`\" pulumi-lang-yaml=\"`roles`\" pulumi-lang-java=\"`roles`\"\u003e`roles`\u003c/span\u003e claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.\n"}},"type":"object","required":["allowedMemberTypes","description","displayName","enabled","id","value"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationFeatureTag:getApplicationFeatureTag":{"properties":{"customSingleSignOn":{"type":"boolean","description":"Whether this application represents a custom SAML application for linked service principals.\n"},"enterprise":{"type":"boolean","description":"Whether this application represents an Enterprise Application for linked service principals.\n"},"gallery":{"type":"boolean","description":"Whether this application represents a gallery application for linked service principals.\n"},"hide":{"type":"boolean","description":"Whether this app is visible to users in My Apps and Office 365 Launcher.\n"}},"type":"object"},"azuread:index/getApplicationOptionalClaim:getApplicationOptionalClaim":{"properties":{"accessTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/getApplicationOptionalClaimAccessToken:getApplicationOptionalClaimAccessToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e blocks as documented below.\n"},"idTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/getApplicationOptionalClaimIdToken:getApplicationOptionalClaimIdToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e blocks as documented below.\n"},"saml2Tokens":{"type":"array","items":{"$ref":"#/types/azuread:index/getApplicationOptionalClaimSaml2Token:getApplicationOptionalClaimSaml2Token"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e blocks as documented below.\n"}},"type":"object"},"azuread:index/getApplicationOptionalClaimAccessToken:getApplicationOptionalClaimAccessToken":{"properties":{"additionalProperties":{"type":"array","items":{"type":"string"},"description":"List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.\n"},"essential":{"type":"boolean","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience.\n"},"name":{"type":"string","description":"The name of the optional claim.\n"},"source":{"type":"string","description":"The source of the claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is absent, the claim is a predefined optional claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e, the value of \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is the extension property from the user object.\n"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationOptionalClaimIdToken:getApplicationOptionalClaimIdToken":{"properties":{"additionalProperties":{"type":"array","items":{"type":"string"},"description":"List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.\n"},"essential":{"type":"boolean","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience.\n"},"name":{"type":"string","description":"The name of the optional claim.\n"},"source":{"type":"string","description":"The source of the claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is absent, the claim is a predefined optional claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e, the value of \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is the extension property from the user object.\n"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationOptionalClaimSaml2Token:getApplicationOptionalClaimSaml2Token":{"properties":{"additionalProperties":{"type":"array","items":{"type":"string"},"description":"List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.\n"},"essential":{"type":"boolean","description":"Whether the claim specified by the client is necessary to ensure a smooth authorization experience.\n"},"name":{"type":"string","description":"The name of the optional claim.\n"},"source":{"type":"string","description":"The source of the claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is absent, the claim is a predefined optional claim. If \u003cspan pulumi-lang-nodejs=\"`source`\" pulumi-lang-dotnet=\"`Source`\" pulumi-lang-go=\"`source`\" pulumi-lang-python=\"`source`\" pulumi-lang-yaml=\"`source`\" pulumi-lang-java=\"`source`\"\u003e`source`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e, the value of \u003cspan pulumi-lang-nodejs=\"`name`\" pulumi-lang-dotnet=\"`Name`\" pulumi-lang-go=\"`name`\" pulumi-lang-python=\"`name`\" pulumi-lang-yaml=\"`name`\" pulumi-lang-java=\"`name`\"\u003e`name`\u003c/span\u003e is the extension property from the user object.\n"}},"type":"object","required":["name"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationPublicClient:getApplicationPublicClient":{"properties":{"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent.\n"}},"type":"object","required":["redirectUris"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationRequiredResourceAccess:getApplicationRequiredResourceAccess":{"properties":{"resourceAccesses":{"type":"array","items":{"$ref":"#/types/azuread:index/getApplicationRequiredResourceAccessResourceAccess:getApplicationRequiredResourceAccessResourceAccess"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`resourceAccess`\" pulumi-lang-dotnet=\"`ResourceAccess`\" pulumi-lang-go=\"`resourceAccess`\" pulumi-lang-python=\"`resource_access`\" pulumi-lang-yaml=\"`resourceAccess`\" pulumi-lang-java=\"`resourceAccess`\"\u003e`resourceAccess`\u003c/span\u003e blocks as documented below, describing OAuth2.0 permission scopes and app roles that the application requires from the specified resource.\n"},"resourceAppId":{"type":"string","description":"The unique identifier for the resource that the application requires access to. This is the Application ID of the target application.\n"}},"type":"object","required":["resourceAccesses","resourceAppId"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationRequiredResourceAccessResourceAccess:getApplicationRequiredResourceAccessResourceAccess":{"properties":{"id":{"type":"string","description":"The unique identifier for an app role or OAuth2 permission scope published by the resource application.\n"},"type":{"type":"string","description":"Specifies whether the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e property references an app role or an OAuth2 permission scope. Possible values are `Role` or `Scope`.\n"}},"type":"object","required":["id","type"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationSinglePageApplication:getApplicationSinglePageApplication":{"properties":{"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent.\n"}},"type":"object","required":["redirectUris"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationWeb:getApplicationWeb":{"properties":{"homepageUrl":{"type":"string","description":"Home page or landing page of the application.\n"},"implicitGrants":{"type":"array","items":{"$ref":"#/types/azuread:index/getApplicationWebImplicitGrant:getApplicationWebImplicitGrant"},"description":"An \u003cspan pulumi-lang-nodejs=\"`implicitGrant`\" pulumi-lang-dotnet=\"`ImplicitGrant`\" pulumi-lang-go=\"`implicitGrant`\" pulumi-lang-python=\"`implicit_grant`\" pulumi-lang-yaml=\"`implicitGrant`\" pulumi-lang-java=\"`implicitGrant`\"\u003e`implicitGrant`\u003c/span\u003e block as documented above.\n"},"logoutUrl":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.\n"},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent.\n"}},"type":"object","required":["homepageUrl","implicitGrants","logoutUrl","redirectUris"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getApplicationWebImplicitGrant:getApplicationWebImplicitGrant":{"properties":{"accessTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an access token using OAuth 2.0 implicit flow.\n"},"idTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an ID token using OAuth 2.0 implicit flow.\n"}},"type":"object","required":["accessTokenIssuanceEnabled","idTokenIssuanceEnabled"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getDirectoryRoleTemplatesRoleTemplate:getDirectoryRoleTemplatesRoleTemplate":{"properties":{"description":{"type":"string","description":"The description of the directory role template.\n"},"displayName":{"type":"string","description":"The display name of the directory role template.\n"},"objectId":{"type":"string","description":"The object ID of the directory role template.\n"}},"type":"object","required":["description","displayName","objectId"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getDirectoryRolesRole:getDirectoryRolesRole":{"properties":{"description":{"type":"string","description":"The description of the directory role.\n"},"displayName":{"type":"string","description":"The display name of the directory role.\n"},"objectId":{"type":"string","description":"The object ID of the directory role.\n"},"templateId":{"type":"string","description":"The template ID of the directory role.\n"}},"type":"object","required":["description","displayName","objectId","templateId"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getDomainsDomain:getDomainsDomain":{"properties":{"adminManaged":{"type":"boolean","description":"Set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e to only return domains whose DNS is managed by Microsoft 365. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"authenticationType":{"type":"string","description":"The authentication type of the domain. Possible values include `Managed` or `Federated`.\n"},"default":{"type":"boolean","description":"Whether this is the default domain that is used for user creation.\n"},"domainName":{"type":"string","description":"The name of the domain.\n"},"initial":{"type":"boolean","description":"Whether this is the initial domain created by Azure Active Directory.\n"},"root":{"type":"boolean","description":"Whether the domain is a verified root domain (not a subdomain).\n"},"supportedServices":{"type":"array","items":{"type":"string"},"description":"A list of capabilities / services supported by the domain. Possible values include `Email`, `Sharepoint`, `EmailInternalRelayOnly`, `OfficeCommunicationsOnline`, `SharePointDefaultDomain`, `FullRedelegation`, `SharePointPublic`, `OrgIdAuthentication`, `Yammer` and `Intune`.\n"},"verified":{"type":"boolean","description":"Whether the domain has completed domain ownership verification.\n"}},"type":"object","required":["adminManaged","authenticationType","default","domainName","initial","root","supportedServices","verified"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getGroupDynamicMembership:getGroupDynamicMembership":{"properties":{"enabled":{"type":"boolean","description":"Whether rule processing is \"On\" (true) or \"Paused\" (false).\n"},"rule":{"type":"string","description":"The rule that determines membership of this group.\n"}},"type":"object","required":["enabled","rule"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getNamedLocationCountry:getNamedLocationCountry":{"properties":{"countriesAndRegions":{"type":"array","items":{"type":"string"}},"countryLookupMethod":{"type":"string"},"includeUnknownCountriesAndRegions":{"type":"boolean"}},"type":"object","required":["countriesAndRegions","countryLookupMethod","includeUnknownCountriesAndRegions"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getNamedLocationIp:getNamedLocationIp":{"properties":{"ipRanges":{"type":"array","items":{"type":"string"}},"trusted":{"type":"boolean"}},"type":"object","required":["ipRanges","trusted"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getServicePrincipalAppRole:getServicePrincipalAppRole":{"properties":{"allowedMemberTypes":{"type":"array","items":{"type":"string"},"description":"Specifies whether this app role definition can be assigned to users and groups, or to other applications (that are accessing this application in daemon service scenarios). Possible values are: `User` and `Application`, or both.\n"},"description":{"type":"string","description":"Permission help text that appears in the admin app assignment and consent experiences.\n"},"displayName":{"type":"string","description":"The display name of the application associated with this service principal.\n"},"enabled":{"type":"boolean","description":"Determines if the permission scope is enabled.\n"},"id":{"type":"string","description":"The unique identifier of the delegated permission. Must be a valid UUID.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth 2.0 access tokens.\n"}},"type":"object","required":["allowedMemberTypes","description","displayName","enabled","id","value"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getServicePrincipalFeature:getServicePrincipalFeature":{"properties":{"customSingleSignOnApp":{"type":"boolean","description":"Whether this service principal represents a custom SAML application.\n"},"enterpriseApplication":{"type":"boolean","description":"Whether this service principal represents an Enterprise Application.\n"},"galleryApplication":{"type":"boolean","description":"Whether this service principal represents a gallery application.\n"},"visibleToUsers":{"type":"boolean","description":"Whether this app is visible to users in My Apps and Office 365 Launcher.\n"}},"type":"object","required":["customSingleSignOnApp","enterpriseApplication","galleryApplication","visibleToUsers"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getServicePrincipalFeatureTag:getServicePrincipalFeatureTag":{"properties":{"customSingleSignOn":{"type":"boolean","description":"Whether this service principal represents a custom SAML application\n"},"enterprise":{"type":"boolean","description":"Whether this service principal represents an Enterprise Application\n"},"gallery":{"type":"boolean","description":"Whether this service principal represents a gallery application\n"},"hide":{"type":"boolean","description":"Whether this app is invisible to users in My Apps and Office 365 Launcher\n"}},"type":"object","required":["customSingleSignOn","enterprise","gallery","hide"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getServicePrincipalOauth2PermissionScope:getServicePrincipalOauth2PermissionScope":{"properties":{"adminConsentDescription":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.\n"},"adminConsentDisplayName":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.\n"},"enabled":{"type":"boolean","description":"Determines if the permission scope is enabled.\n"},"id":{"type":"string","description":"The unique identifier of the delegated permission. Must be a valid UUID.\n"},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.\n"},"userConsentDescription":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.\n"},"userConsentDisplayName":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience.\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth 2.0 access tokens.\n"}},"type":"object","required":["adminConsentDescription","adminConsentDisplayName","enabled","id","type","userConsentDescription","userConsentDisplayName","value"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getServicePrincipalSamlSingleSignOn:getServicePrincipalSamlSingleSignOn":{"properties":{"relayState":{"type":"string","description":"The relative URI the service provider would redirect to after completion of the single sign-on flow.\n"}},"type":"object","required":["relayState"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getServicePrincipalsServicePrincipal:getServicePrincipalsServicePrincipal":{"properties":{"accountEnabled":{"type":"boolean","description":"Whether the service principal account is enabled.\n"},"appRoleAssignmentRequired":{"type":"boolean","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.\n"},"applicationTenantId":{"type":"string","description":"The tenant ID where the associated application is registered.\n"},"clientId":{"type":"string","description":"The application ID (client ID) for the associated application\n"},"displayName":{"type":"string","description":"The display name of the application associated with this service principal.\n"},"objectId":{"type":"string","description":"The object ID of the service principal.\n"},"preferredSingleSignOnMode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.\n"},"samlMetadataUrl":{"type":"string","description":"The URL where the service exposes SAML metadata for federation.\n"},"servicePrincipalNames":{"type":"array","items":{"type":"string"},"description":"A list of identifier URI(s), copied over from the associated application.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.\n"},"tags":{"type":"array","items":{"type":"string"},"description":"A list of tags applied to the service principal.\n"},"type":{"type":"string","description":"Identifies whether the service principal represents an application or a managed identity. Possible values include `Application` or `ManagedIdentity`.\n"}},"type":"object","required":["accountEnabled","appRoleAssignmentRequired","applicationTenantId","clientId","displayName","objectId","preferredSingleSignOnMode","samlMetadataUrl","servicePrincipalNames","signInAudience","tags","type"],"language":{"nodejs":{"requiredInputs":[]}}},"azuread:index/getUsersUser:getUsersUser":{"properties":{"accountEnabled":{"type":"boolean","description":"Whether the account is enabled.\n"},"displayName":{"type":"string","description":"The display name of the user.\n"},"employeeId":{"type":"string","description":"The employee identifier assigned to the user by the organisation.\n"},"mail":{"type":"string","description":"The SMTP email address of the user.\n"},"mailNickname":{"type":"string","description":"The email alias of the user.\n"},"objectId":{"type":"string","description":"The object ID of the user.\n"},"onpremisesImmutableId":{"type":"string","description":"The value used to associate an on-premises Active Directory user account with their Azure AD user object.\n"},"onpremisesSamAccountName":{"type":"string","description":"The on-premise SAM account name of the user.\n"},"onpremisesUserPrincipalName":{"type":"string","description":"The on-premise user principal name of the user.\n"},"usageLocation":{"type":"string","description":"The usage location of the user.\n"},"userPrincipalName":{"type":"string","description":"The user principal name (UPN) of the user.\n"}},"type":"object","required":["accountEnabled","displayName","employeeId","mail","mailNickname","objectId","onpremisesImmutableId","onpremisesSamAccountName","onpremisesUserPrincipalName","usageLocation","userPrincipalName"],"language":{"nodejs":{"requiredInputs":[]}}}},"provider":{"description":"The provider type for the azuread package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n","properties":{"adoPipelineServiceConnectionId":{"type":"string","description":"The Azure DevOps Pipeline Service Connection ID."},"clientCertificate":{"type":"string","description":"Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate"},"clientCertificatePassword":{"type":"string","description":"The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate","secret":true},"clientCertificatePath":{"type":"string","description":"The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate"},"clientId":{"type":"string","description":"The Client ID which should be used for service principal authentication","secret":true},"clientIdFilePath":{"type":"string","description":"The path to a file containing the Client ID which should be used for service principal authentication"},"clientSecret":{"type":"string","description":"The application password to use when authenticating as a Service Principal using a Client Secret","secret":true},"clientSecretFilePath":{"type":"string","description":"The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret"},"disableTerraformPartnerId":{"type":"boolean","description":"Disable the Terraform Partner ID, which is used if a custom \u003cspan pulumi-lang-nodejs=\"`partnerId`\" pulumi-lang-dotnet=\"`PartnerId`\" pulumi-lang-go=\"`partnerId`\" pulumi-lang-python=\"`partner_id`\" pulumi-lang-yaml=\"`partnerId`\" pulumi-lang-java=\"`partnerId`\"\u003e`partnerId`\u003c/span\u003e isn't specified"},"environment":{"type":"string","description":"The cloud environment which should be used. Possible values are: \u003cspan pulumi-lang-nodejs=\"`global`\" pulumi-lang-dotnet=\"`Global`\" pulumi-lang-go=\"`global`\" pulumi-lang-python=\"`global`\" pulumi-lang-yaml=\"`global`\" pulumi-lang-java=\"`global`\"\u003e`global`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`public`\" pulumi-lang-dotnet=\"`Public`\" pulumi-lang-go=\"`public`\" pulumi-lang-python=\"`public`\" pulumi-lang-yaml=\"`public`\" pulumi-lang-java=\"`public`\"\u003e`public`\u003c/span\u003e), \u003cspan pulumi-lang-nodejs=\"`usgovernmentl4`\" pulumi-lang-dotnet=\"`Usgovernmentl4`\" pulumi-lang-go=\"`usgovernmentl4`\" pulumi-lang-python=\"`usgovernmentl4`\" pulumi-lang-yaml=\"`usgovernmentl4`\" pulumi-lang-java=\"`usgovernmentl4`\"\u003e`usgovernmentl4`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`usgovernment`\" pulumi-lang-dotnet=\"`Usgovernment`\" pulumi-lang-go=\"`usgovernment`\" pulumi-lang-python=\"`usgovernment`\" pulumi-lang-yaml=\"`usgovernment`\" pulumi-lang-java=\"`usgovernment`\"\u003e`usgovernment`\u003c/span\u003e), \u003cspan pulumi-lang-nodejs=\"`usgovernmentl5`\" pulumi-lang-dotnet=\"`Usgovernmentl5`\" pulumi-lang-go=\"`usgovernmentl5`\" pulumi-lang-python=\"`usgovernmentl5`\" pulumi-lang-yaml=\"`usgovernmentl5`\" pulumi-lang-java=\"`usgovernmentl5`\"\u003e`usgovernmentl5`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`dod`\" pulumi-lang-dotnet=\"`Dod`\" pulumi-lang-go=\"`dod`\" pulumi-lang-python=\"`dod`\" pulumi-lang-yaml=\"`dod`\" pulumi-lang-java=\"`dod`\"\u003e`dod`\u003c/span\u003e), and \u003cspan pulumi-lang-nodejs=\"`china`\" pulumi-lang-dotnet=\"`China`\" pulumi-lang-go=\"`china`\" pulumi-lang-python=\"`china`\" pulumi-lang-yaml=\"`china`\" pulumi-lang-java=\"`china`\"\u003e`china`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`global`\" pulumi-lang-dotnet=\"`Global`\" pulumi-lang-go=\"`global`\" pulumi-lang-python=\"`global`\" pulumi-lang-yaml=\"`global`\" pulumi-lang-java=\"`global`\"\u003e`global`\u003c/span\u003e. Not used and should not be specified when \u003cspan pulumi-lang-nodejs=\"`metadataHost`\" pulumi-lang-dotnet=\"`MetadataHost`\" pulumi-lang-go=\"`metadataHost`\" pulumi-lang-python=\"`metadata_host`\" pulumi-lang-yaml=\"`metadataHost`\" pulumi-lang-java=\"`metadataHost`\"\u003e`metadataHost`\u003c/span\u003e is specified."},"metadataHost":{"type":"string","description":"The Hostname which should be used for the Azure Metadata Service."},"msiEndpoint":{"type":"string","description":"The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically"},"oidcRequestToken":{"type":"string","description":"The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect."},"oidcRequestUrl":{"type":"string","description":"The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect."},"oidcToken":{"type":"string","description":"The ID token for use when authenticating as a Service Principal using OpenID Connect."},"oidcTokenFilePath":{"type":"string","description":"The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect."},"partnerId":{"type":"string","description":"A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution"},"tenantId":{"type":"string","description":"The Tenant ID which should be used. Works with all authentication methods except Managed Identity"},"useAksWorkloadIdentity":{"type":"boolean","description":"Allow Azure AKS Workload Identity to be used for Authentication."},"useCli":{"type":"boolean","description":"Allow Azure CLI to be used for Authentication"},"useMsi":{"type":"boolean","description":"Allow Managed Identity to be used for Authentication"},"useOidc":{"type":"boolean","description":"Allow OpenID Connect to be used for authentication"}},"inputProperties":{"adoPipelineServiceConnectionId":{"type":"string","description":"The Azure DevOps Pipeline Service Connection ID."},"clientCertificate":{"type":"string","description":"Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate"},"clientCertificatePassword":{"type":"string","description":"The password to decrypt the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate","secret":true},"clientCertificatePath":{"type":"string","description":"The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate"},"clientId":{"type":"string","description":"The Client ID which should be used for service principal authentication","secret":true},"clientIdFilePath":{"type":"string","description":"The path to a file containing the Client ID which should be used for service principal authentication"},"clientSecret":{"type":"string","description":"The application password to use when authenticating as a Service Principal using a Client Secret","secret":true},"clientSecretFilePath":{"type":"string","description":"The path to a file containing the application password to use when authenticating as a Service Principal using a Client Secret"},"disableTerraformPartnerId":{"type":"boolean","description":"Disable the Terraform Partner ID, which is used if a custom \u003cspan pulumi-lang-nodejs=\"`partnerId`\" pulumi-lang-dotnet=\"`PartnerId`\" pulumi-lang-go=\"`partnerId`\" pulumi-lang-python=\"`partner_id`\" pulumi-lang-yaml=\"`partnerId`\" pulumi-lang-java=\"`partnerId`\"\u003e`partnerId`\u003c/span\u003e isn't specified"},"environment":{"type":"string","description":"The cloud environment which should be used. Possible values are: \u003cspan pulumi-lang-nodejs=\"`global`\" pulumi-lang-dotnet=\"`Global`\" pulumi-lang-go=\"`global`\" pulumi-lang-python=\"`global`\" pulumi-lang-yaml=\"`global`\" pulumi-lang-java=\"`global`\"\u003e`global`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`public`\" pulumi-lang-dotnet=\"`Public`\" pulumi-lang-go=\"`public`\" pulumi-lang-python=\"`public`\" pulumi-lang-yaml=\"`public`\" pulumi-lang-java=\"`public`\"\u003e`public`\u003c/span\u003e), \u003cspan pulumi-lang-nodejs=\"`usgovernmentl4`\" pulumi-lang-dotnet=\"`Usgovernmentl4`\" pulumi-lang-go=\"`usgovernmentl4`\" pulumi-lang-python=\"`usgovernmentl4`\" pulumi-lang-yaml=\"`usgovernmentl4`\" pulumi-lang-java=\"`usgovernmentl4`\"\u003e`usgovernmentl4`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`usgovernment`\" pulumi-lang-dotnet=\"`Usgovernment`\" pulumi-lang-go=\"`usgovernment`\" pulumi-lang-python=\"`usgovernment`\" pulumi-lang-yaml=\"`usgovernment`\" pulumi-lang-java=\"`usgovernment`\"\u003e`usgovernment`\u003c/span\u003e), \u003cspan pulumi-lang-nodejs=\"`usgovernmentl5`\" pulumi-lang-dotnet=\"`Usgovernmentl5`\" pulumi-lang-go=\"`usgovernmentl5`\" pulumi-lang-python=\"`usgovernmentl5`\" pulumi-lang-yaml=\"`usgovernmentl5`\" pulumi-lang-java=\"`usgovernmentl5`\"\u003e`usgovernmentl5`\u003c/span\u003e (also \u003cspan pulumi-lang-nodejs=\"`dod`\" pulumi-lang-dotnet=\"`Dod`\" pulumi-lang-go=\"`dod`\" pulumi-lang-python=\"`dod`\" pulumi-lang-yaml=\"`dod`\" pulumi-lang-java=\"`dod`\"\u003e`dod`\u003c/span\u003e), and \u003cspan pulumi-lang-nodejs=\"`china`\" pulumi-lang-dotnet=\"`China`\" pulumi-lang-go=\"`china`\" pulumi-lang-python=\"`china`\" pulumi-lang-yaml=\"`china`\" pulumi-lang-java=\"`china`\"\u003e`china`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`global`\" pulumi-lang-dotnet=\"`Global`\" pulumi-lang-go=\"`global`\" pulumi-lang-python=\"`global`\" pulumi-lang-yaml=\"`global`\" pulumi-lang-java=\"`global`\"\u003e`global`\u003c/span\u003e. Not used and should not be specified when \u003cspan pulumi-lang-nodejs=\"`metadataHost`\" pulumi-lang-dotnet=\"`MetadataHost`\" pulumi-lang-go=\"`metadataHost`\" pulumi-lang-python=\"`metadata_host`\" pulumi-lang-yaml=\"`metadataHost`\" pulumi-lang-java=\"`metadataHost`\"\u003e`metadataHost`\u003c/span\u003e is specified.","default":"public","defaultInfo":{"environment":["ARM_ENVIRONMENT"]}},"metadataHost":{"type":"string","description":"The Hostname which should be used for the Azure Metadata Service."},"msiEndpoint":{"type":"string","description":"The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically","defaultInfo":{"environment":["ARM_MSI_ENDPOINT"]}},"oidcRequestToken":{"type":"string","description":"The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect."},"oidcRequestUrl":{"type":"string","description":"The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect."},"oidcToken":{"type":"string","description":"The ID token for use when authenticating as a Service Principal using OpenID Connect."},"oidcTokenFilePath":{"type":"string","description":"The path to a file containing an ID token for use when authenticating as a Service Principal using OpenID Connect."},"partnerId":{"type":"string","description":"A GUID/UUID that is registered with Microsoft to facilitate partner resource usage attribution"},"tenantId":{"type":"string","description":"The Tenant ID which should be used. Works with all authentication methods except Managed Identity"},"useAksWorkloadIdentity":{"type":"boolean","description":"Allow Azure AKS Workload Identity to be used for Authentication."},"useCli":{"type":"boolean","description":"Allow Azure CLI to be used for Authentication"},"useMsi":{"type":"boolean","description":"Allow Managed Identity to be used for Authentication","default":false,"defaultInfo":{"environment":["ARM_USE_MSI"]}},"useOidc":{"type":"boolean","description":"Allow OpenID Connect to be used for authentication"}},"methods":{"terraformConfig":"pulumi:providers:azuread/terraformConfig"}},"resources":{"azuread:index/accessPackage:AccessPackage":{"description":"Manages an Access Package within Identity Governance in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application role: `EntitlementManagement.ReadWrite.All`.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Catalog owner`, `Access package manager` or `Global Administrator`\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AccessPackageCatalog(\"example\", {\n    displayName: \"example-catalog\",\n    description: \"Example catalog\",\n});\nconst exampleAccessPackage = new azuread.AccessPackage(\"example\", {\n    catalogId: example.id,\n    displayName: \"access-package\",\n    description: \"Access Package\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AccessPackageCatalog(\"example\",\n    display_name=\"example-catalog\",\n    description=\"Example catalog\")\nexample_access_package = azuread.AccessPackage(\"example\",\n    catalog_id=example.id,\n    display_name=\"access-package\",\n    description=\"Access Package\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.AccessPackageCatalog(\"example\", new()\n    {\n        DisplayName = \"example-catalog\",\n        Description = \"Example catalog\",\n    });\n\n    var exampleAccessPackage = new AzureAD.Index.AccessPackage(\"example\", new()\n    {\n        CatalogId = example.Id,\n        DisplayName = \"access-package\",\n        Description = \"Access Package\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewAccessPackageCatalog(ctx, \"example\", \u0026azuread.AccessPackageCatalogArgs{\n\t\t\tDisplayName: pulumi.String(\"example-catalog\"),\n\t\t\tDescription: pulumi.String(\"Example catalog\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAccessPackage(ctx, \"example\", \u0026azuread.AccessPackageArgs{\n\t\t\tCatalogId:   example.ID(),\n\t\t\tDisplayName: pulumi.String(\"access-package\"),\n\t\t\tDescription: pulumi.String(\"Access Package\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AccessPackageCatalog;\nimport com.pulumi.azuread.AccessPackageCatalogArgs;\nimport com.pulumi.azuread.AccessPackage;\nimport com.pulumi.azuread.AccessPackageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new AccessPackageCatalog(\"example\", AccessPackageCatalogArgs.builder()\n            .displayName(\"example-catalog\")\n            .description(\"Example catalog\")\n            .build());\n\n        var exampleAccessPackage = new AccessPackage(\"exampleAccessPackage\", AccessPackageArgs.builder()\n            .catalogId(example.id())\n            .displayName(\"access-package\")\n            .description(\"Access Package\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:AccessPackageCatalog\n    properties:\n      displayName: example-catalog\n      description: Example catalog\n  exampleAccessPackage:\n    type: azuread:AccessPackage\n    name: example\n    properties:\n      catalogId: ${example.id}\n      displayName: access-package\n      description: Access Package\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAccess Packages can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/accessPackage:AccessPackage example_package 00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"catalogId":{"type":"string","description":"The ID of the Catalog this access package will be created in.\n"},"description":{"type":"string","description":"The description of the access package.\n"},"displayName":{"type":"string","description":"The display name of the access package.\n"},"hidden":{"type":"boolean","description":"Whether the access package is hidden from the requestor.\n"}},"required":["catalogId","description","displayName"],"inputProperties":{"catalogId":{"type":"string","description":"The ID of the Catalog this access package will be created in.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description of the access package.\n"},"displayName":{"type":"string","description":"The display name of the access package.\n"},"hidden":{"type":"boolean","description":"Whether the access package is hidden from the requestor.\n"}},"requiredInputs":["catalogId","description","displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering AccessPackage resources.\n","properties":{"catalogId":{"type":"string","description":"The ID of the Catalog this access package will be created in.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description of the access package.\n"},"displayName":{"type":"string","description":"The display name of the access package.\n"},"hidden":{"type":"boolean","description":"Whether the access package is hidden from the requestor.\n"}},"type":"object"}},"azuread:index/accessPackageAssignmentPolicy:AccessPackageAssignmentPolicy":{"description":"Manages an assignment policy for an access package within Identity Governance in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application role: `EntitlementManagement.ReadWrite.All`.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or one of the `Catalog Owner` and `Access Package Manager` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n    displayName: \"group-name\",\n    securityEnabled: true,\n});\nconst exampleAccessPackageCatalog = new azuread.AccessPackageCatalog(\"example\", {\n    displayName: \"example-catalog\",\n    description: \"Example catalog\",\n});\nconst exampleAccessPackage = new azuread.AccessPackage(\"example\", {\n    catalogId: exampleAccessPackageCatalog.id,\n    displayName: \"access-package\",\n    description: \"Access Package\",\n});\nconst exampleAccessPackageAssignmentPolicy = new azuread.AccessPackageAssignmentPolicy(\"example\", {\n    accessPackageId: exampleAccessPackage.id,\n    displayName: \"assignment-policy\",\n    description: \"My assignment policy\",\n    durationInDays: 90,\n    requestorSettings: {\n        scopeType: \"AllExistingDirectoryMemberUsers\",\n    },\n    approvalSettings: {\n        approvalRequired: true,\n        approvalStages: [{\n            approvalTimeoutInDays: 14,\n            primaryApprovers: [{\n                objectId: example.objectId,\n                subjectType: \"groupMembers\",\n            }],\n        }],\n    },\n    assignmentReviewSettings: {\n        enabled: true,\n        reviewFrequency: \"weekly\",\n        durationInDays: 3,\n        reviewType: \"Self\",\n        accessReviewTimeoutBehavior: \"keepAccess\",\n    },\n    questions: [{\n        text: {\n            defaultText: \"hello, how are you?\",\n        },\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n    display_name=\"group-name\",\n    security_enabled=True)\nexample_access_package_catalog = azuread.AccessPackageCatalog(\"example\",\n    display_name=\"example-catalog\",\n    description=\"Example catalog\")\nexample_access_package = azuread.AccessPackage(\"example\",\n    catalog_id=example_access_package_catalog.id,\n    display_name=\"access-package\",\n    description=\"Access Package\")\nexample_access_package_assignment_policy = azuread.AccessPackageAssignmentPolicy(\"example\",\n    access_package_id=example_access_package.id,\n    display_name=\"assignment-policy\",\n    description=\"My assignment policy\",\n    duration_in_days=90,\n    requestor_settings={\n        \"scope_type\": \"AllExistingDirectoryMemberUsers\",\n    },\n    approval_settings={\n        \"approval_required\": True,\n        \"approval_stages\": [{\n            \"approval_timeout_in_days\": 14,\n            \"primary_approvers\": [{\n                \"object_id\": example.object_id,\n                \"subject_type\": \"groupMembers\",\n            }],\n        }],\n    },\n    assignment_review_settings={\n        \"enabled\": True,\n        \"review_frequency\": \"weekly\",\n        \"duration_in_days\": 3,\n        \"review_type\": \"Self\",\n        \"access_review_timeout_behavior\": \"keepAccess\",\n    },\n    questions=[{\n        \"text\": {\n            \"default_text\": \"hello, how are you?\",\n        },\n    }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"group-name\",\n        SecurityEnabled = true,\n    });\n\n    var exampleAccessPackageCatalog = new AzureAD.Index.AccessPackageCatalog(\"example\", new()\n    {\n        DisplayName = \"example-catalog\",\n        Description = \"Example catalog\",\n    });\n\n    var exampleAccessPackage = new AzureAD.Index.AccessPackage(\"example\", new()\n    {\n        CatalogId = exampleAccessPackageCatalog.Id,\n        DisplayName = \"access-package\",\n        Description = \"Access Package\",\n    });\n\n    var exampleAccessPackageAssignmentPolicy = new AzureAD.Index.AccessPackageAssignmentPolicy(\"example\", new()\n    {\n        AccessPackageId = exampleAccessPackage.Id,\n        DisplayName = \"assignment-policy\",\n        Description = \"My assignment policy\",\n        DurationInDays = 90,\n        RequestorSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs\n        {\n            ScopeType = \"AllExistingDirectoryMemberUsers\",\n        },\n        ApprovalSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs\n        {\n            ApprovalRequired = true,\n            ApprovalStages = new[]\n            {\n                new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs\n                {\n                    ApprovalTimeoutInDays = 14,\n                    PrimaryApprovers = new[]\n                    {\n                        new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs\n                        {\n                            ObjectId = example.ObjectId,\n                            SubjectType = \"groupMembers\",\n                        },\n                    },\n                },\n            },\n        },\n        AssignmentReviewSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs\n        {\n            Enabled = true,\n            ReviewFrequency = \"weekly\",\n            DurationInDays = 3,\n            ReviewType = \"Self\",\n            AccessReviewTimeoutBehavior = \"keepAccess\",\n        },\n        Questions = new[]\n        {\n            new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionArgs\n            {\n                Text = new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextArgs\n                {\n                    DefaultText = \"hello, how are you?\",\n                },\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAccessPackageCatalog, err := azuread.NewAccessPackageCatalog(ctx, \"example\", \u0026azuread.AccessPackageCatalogArgs{\n\t\t\tDisplayName: pulumi.String(\"example-catalog\"),\n\t\t\tDescription: pulumi.String(\"Example catalog\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAccessPackage, err := azuread.NewAccessPackage(ctx, \"example\", \u0026azuread.AccessPackageArgs{\n\t\t\tCatalogId:   exampleAccessPackageCatalog.ID(),\n\t\t\tDisplayName: pulumi.String(\"access-package\"),\n\t\t\tDescription: pulumi.String(\"Access Package\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAccessPackageAssignmentPolicy(ctx, \"example\", \u0026azuread.AccessPackageAssignmentPolicyArgs{\n\t\t\tAccessPackageId: exampleAccessPackage.ID(),\n\t\t\tDisplayName:     pulumi.String(\"assignment-policy\"),\n\t\t\tDescription:     pulumi.String(\"My assignment policy\"),\n\t\t\tDurationInDays:  pulumi.Int(90),\n\t\t\tRequestorSettings: \u0026azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs{\n\t\t\t\tScopeType: pulumi.String(\"AllExistingDirectoryMemberUsers\"),\n\t\t\t},\n\t\t\tApprovalSettings: \u0026azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs{\n\t\t\t\tApprovalRequired: pulumi.Bool(true),\n\t\t\t\tApprovalStages: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArray{\n\t\t\t\t\t\u0026azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs{\n\t\t\t\t\t\tApprovalTimeoutInDays: pulumi.Int(14),\n\t\t\t\t\t\tPrimaryApprovers: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArray{\n\t\t\t\t\t\t\t\u0026azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs{\n\t\t\t\t\t\t\t\tObjectId:    example.ObjectId,\n\t\t\t\t\t\t\t\tSubjectType: pulumi.String(\"groupMembers\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAssignmentReviewSettings: \u0026azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs{\n\t\t\t\tEnabled:                     pulumi.Bool(true),\n\t\t\t\tReviewFrequency:             pulumi.String(\"weekly\"),\n\t\t\t\tDurationInDays:              pulumi.Int(3),\n\t\t\t\tReviewType:                  pulumi.String(\"Self\"),\n\t\t\t\tAccessReviewTimeoutBehavior: pulumi.String(\"keepAccess\"),\n\t\t\t},\n\t\t\tQuestions: azuread.AccessPackageAssignmentPolicyQuestionArray{\n\t\t\t\t\u0026azuread.AccessPackageAssignmentPolicyQuestionArgs{\n\t\t\t\t\tText: \u0026azuread.AccessPackageAssignmentPolicyQuestionTextArgs{\n\t\t\t\t\t\tDefaultText: pulumi.String(\"hello, how are you?\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AccessPackageCatalog;\nimport com.pulumi.azuread.AccessPackageCatalogArgs;\nimport com.pulumi.azuread.AccessPackage;\nimport com.pulumi.azuread.AccessPackageArgs;\nimport com.pulumi.azuread.AccessPackageAssignmentPolicy;\nimport com.pulumi.azuread.AccessPackageAssignmentPolicyArgs;\nimport com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs;\nimport com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs;\nimport com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs;\nimport com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionArgs;\nimport com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionTextArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"group-name\")\n            .securityEnabled(true)\n            .build());\n\n        var exampleAccessPackageCatalog = new AccessPackageCatalog(\"exampleAccessPackageCatalog\", AccessPackageCatalogArgs.builder()\n            .displayName(\"example-catalog\")\n            .description(\"Example catalog\")\n            .build());\n\n        var exampleAccessPackage = new AccessPackage(\"exampleAccessPackage\", AccessPackageArgs.builder()\n            .catalogId(exampleAccessPackageCatalog.id())\n            .displayName(\"access-package\")\n            .description(\"Access Package\")\n            .build());\n\n        var exampleAccessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy(\"exampleAccessPackageAssignmentPolicy\", AccessPackageAssignmentPolicyArgs.builder()\n            .accessPackageId(exampleAccessPackage.id())\n            .displayName(\"assignment-policy\")\n            .description(\"My assignment policy\")\n            .durationInDays(90)\n            .requestorSettings(AccessPackageAssignmentPolicyRequestorSettingsArgs.builder()\n                .scopeType(\"AllExistingDirectoryMemberUsers\")\n                .build())\n            .approvalSettings(AccessPackageAssignmentPolicyApprovalSettingsArgs.builder()\n                .approvalRequired(true)\n                .approvalStages(AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs.builder()\n                    .approvalTimeoutInDays(14)\n                    .primaryApprovers(AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs.builder()\n                        .objectId(example.objectId())\n                        .subjectType(\"groupMembers\")\n                        .build())\n                    .build())\n                .build())\n            .assignmentReviewSettings(AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs.builder()\n                .enabled(true)\n                .reviewFrequency(\"weekly\")\n                .durationInDays(3)\n                .reviewType(\"Self\")\n                .accessReviewTimeoutBehavior(\"keepAccess\")\n                .build())\n            .questions(AccessPackageAssignmentPolicyQuestionArgs.builder()\n                .text(AccessPackageAssignmentPolicyQuestionTextArgs.builder()\n                    .defaultText(\"hello, how are you?\")\n                    .build())\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: group-name\n      securityEnabled: true\n  exampleAccessPackageCatalog:\n    type: azuread:AccessPackageCatalog\n    name: example\n    properties:\n      displayName: example-catalog\n      description: Example catalog\n  exampleAccessPackage:\n    type: azuread:AccessPackage\n    name: example\n    properties:\n      catalogId: ${exampleAccessPackageCatalog.id}\n      displayName: access-package\n      description: Access Package\n  exampleAccessPackageAssignmentPolicy:\n    type: azuread:AccessPackageAssignmentPolicy\n    name: example\n    properties:\n      accessPackageId: ${exampleAccessPackage.id}\n      displayName: assignment-policy\n      description: My assignment policy\n      durationInDays: 90\n      requestorSettings:\n        scopeType: AllExistingDirectoryMemberUsers\n      approvalSettings:\n        approvalRequired: true\n        approvalStages:\n          - approvalTimeoutInDays: 14\n            primaryApprovers:\n              - objectId: ${example.objectId}\n                subjectType: groupMembers\n      assignmentReviewSettings:\n        enabled: true\n        reviewFrequency: weekly\n        durationInDays: 3\n        reviewType: Self\n        accessReviewTimeoutBehavior: keepAccess\n      questions:\n        - text:\n            defaultText: hello, how are you?\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAn access package assignment policy can be imported using the ID, e.g.\n\n```sh\n$ pulumi import azuread:index/accessPackageAssignmentPolicy:AccessPackageAssignmentPolicy example 00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"accessPackageId":{"type":"string","description":"The ID of the access package that will contain the policy.\n"},"approvalSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyApprovalSettings:AccessPackageAssignmentPolicyApprovalSettings","description":"An \u003cspan pulumi-lang-nodejs=\"`approvalSettings`\" pulumi-lang-dotnet=\"`ApprovalSettings`\" pulumi-lang-go=\"`approvalSettings`\" pulumi-lang-python=\"`approval_settings`\" pulumi-lang-yaml=\"`approvalSettings`\" pulumi-lang-java=\"`approvalSettings`\"\u003e`approvalSettings`\u003c/span\u003e block to specify whether approvals are required and how they are obtained, as documented below.\n"},"assignmentReviewSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyAssignmentReviewSettings:AccessPackageAssignmentPolicyAssignmentReviewSettings","description":"An \u003cspan pulumi-lang-nodejs=\"`assignmentReviewSettings`\" pulumi-lang-dotnet=\"`AssignmentReviewSettings`\" pulumi-lang-go=\"`assignmentReviewSettings`\" pulumi-lang-python=\"`assignment_review_settings`\" pulumi-lang-yaml=\"`assignmentReviewSettings`\" pulumi-lang-java=\"`assignmentReviewSettings`\"\u003e`assignmentReviewSettings`\u003c/span\u003e block, to specify whether assignment review is needed and how it is conducted, as documented below.\n"},"description":{"type":"string","description":"The description of the policy.\n"},"displayName":{"type":"string","description":"The display name of the policy.\n"},"durationInDays":{"type":"integer","description":"How many days this assignment is valid for.\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).\n"},"extensionEnabled":{"type":"boolean","description":"Whether users will be able to request extension of their access to this package before their access expires.\n"},"questions":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestion:AccessPackageAssignmentPolicyQuestion"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`question`\" pulumi-lang-dotnet=\"`Question`\" pulumi-lang-go=\"`question`\" pulumi-lang-python=\"`question`\" pulumi-lang-yaml=\"`question`\" pulumi-lang-java=\"`question`\"\u003e`question`\u003c/span\u003e blocks for the requestor, as documented below.\n"},"requestorSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyRequestorSettings:AccessPackageAssignmentPolicyRequestorSettings","description":"A \u003cspan pulumi-lang-nodejs=\"`requestorSettings`\" pulumi-lang-dotnet=\"`RequestorSettings`\" pulumi-lang-go=\"`requestorSettings`\" pulumi-lang-python=\"`requestor_settings`\" pulumi-lang-yaml=\"`requestorSettings`\" pulumi-lang-java=\"`requestorSettings`\"\u003e`requestorSettings`\u003c/span\u003e block to configure the users who can request access, as documented below.\n"}},"required":["accessPackageId","description","displayName"],"inputProperties":{"accessPackageId":{"type":"string","description":"The ID of the access package that will contain the policy.\n"},"approvalSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyApprovalSettings:AccessPackageAssignmentPolicyApprovalSettings","description":"An \u003cspan pulumi-lang-nodejs=\"`approvalSettings`\" pulumi-lang-dotnet=\"`ApprovalSettings`\" pulumi-lang-go=\"`approvalSettings`\" pulumi-lang-python=\"`approval_settings`\" pulumi-lang-yaml=\"`approvalSettings`\" pulumi-lang-java=\"`approvalSettings`\"\u003e`approvalSettings`\u003c/span\u003e block to specify whether approvals are required and how they are obtained, as documented below.\n"},"assignmentReviewSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyAssignmentReviewSettings:AccessPackageAssignmentPolicyAssignmentReviewSettings","description":"An \u003cspan pulumi-lang-nodejs=\"`assignmentReviewSettings`\" pulumi-lang-dotnet=\"`AssignmentReviewSettings`\" pulumi-lang-go=\"`assignmentReviewSettings`\" pulumi-lang-python=\"`assignment_review_settings`\" pulumi-lang-yaml=\"`assignmentReviewSettings`\" pulumi-lang-java=\"`assignmentReviewSettings`\"\u003e`assignmentReviewSettings`\u003c/span\u003e block, to specify whether assignment review is needed and how it is conducted, as documented below.\n"},"description":{"type":"string","description":"The description of the policy.\n"},"displayName":{"type":"string","description":"The display name of the policy.\n"},"durationInDays":{"type":"integer","description":"How many days this assignment is valid for.\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).\n"},"extensionEnabled":{"type":"boolean","description":"Whether users will be able to request extension of their access to this package before their access expires.\n"},"questions":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestion:AccessPackageAssignmentPolicyQuestion"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`question`\" pulumi-lang-dotnet=\"`Question`\" pulumi-lang-go=\"`question`\" pulumi-lang-python=\"`question`\" pulumi-lang-yaml=\"`question`\" pulumi-lang-java=\"`question`\"\u003e`question`\u003c/span\u003e blocks for the requestor, as documented below.\n"},"requestorSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyRequestorSettings:AccessPackageAssignmentPolicyRequestorSettings","description":"A \u003cspan pulumi-lang-nodejs=\"`requestorSettings`\" pulumi-lang-dotnet=\"`RequestorSettings`\" pulumi-lang-go=\"`requestorSettings`\" pulumi-lang-python=\"`requestor_settings`\" pulumi-lang-yaml=\"`requestorSettings`\" pulumi-lang-java=\"`requestorSettings`\"\u003e`requestorSettings`\u003c/span\u003e block to configure the users who can request access, as documented below.\n"}},"requiredInputs":["accessPackageId","description","displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering AccessPackageAssignmentPolicy resources.\n","properties":{"accessPackageId":{"type":"string","description":"The ID of the access package that will contain the policy.\n"},"approvalSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyApprovalSettings:AccessPackageAssignmentPolicyApprovalSettings","description":"An \u003cspan pulumi-lang-nodejs=\"`approvalSettings`\" pulumi-lang-dotnet=\"`ApprovalSettings`\" pulumi-lang-go=\"`approvalSettings`\" pulumi-lang-python=\"`approval_settings`\" pulumi-lang-yaml=\"`approvalSettings`\" pulumi-lang-java=\"`approvalSettings`\"\u003e`approvalSettings`\u003c/span\u003e block to specify whether approvals are required and how they are obtained, as documented below.\n"},"assignmentReviewSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyAssignmentReviewSettings:AccessPackageAssignmentPolicyAssignmentReviewSettings","description":"An \u003cspan pulumi-lang-nodejs=\"`assignmentReviewSettings`\" pulumi-lang-dotnet=\"`AssignmentReviewSettings`\" pulumi-lang-go=\"`assignmentReviewSettings`\" pulumi-lang-python=\"`assignment_review_settings`\" pulumi-lang-yaml=\"`assignmentReviewSettings`\" pulumi-lang-java=\"`assignmentReviewSettings`\"\u003e`assignmentReviewSettings`\u003c/span\u003e block, to specify whether assignment review is needed and how it is conducted, as documented below.\n"},"description":{"type":"string","description":"The description of the policy.\n"},"displayName":{"type":"string","description":"The display name of the policy.\n"},"durationInDays":{"type":"integer","description":"How many days this assignment is valid for.\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).\n"},"extensionEnabled":{"type":"boolean","description":"Whether users will be able to request extension of their access to this package before their access expires.\n"},"questions":{"type":"array","items":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyQuestion:AccessPackageAssignmentPolicyQuestion"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`question`\" pulumi-lang-dotnet=\"`Question`\" pulumi-lang-go=\"`question`\" pulumi-lang-python=\"`question`\" pulumi-lang-yaml=\"`question`\" pulumi-lang-java=\"`question`\"\u003e`question`\u003c/span\u003e blocks for the requestor, as documented below.\n"},"requestorSettings":{"$ref":"#/types/azuread:index/AccessPackageAssignmentPolicyRequestorSettings:AccessPackageAssignmentPolicyRequestorSettings","description":"A \u003cspan pulumi-lang-nodejs=\"`requestorSettings`\" pulumi-lang-dotnet=\"`RequestorSettings`\" pulumi-lang-go=\"`requestorSettings`\" pulumi-lang-python=\"`requestor_settings`\" pulumi-lang-yaml=\"`requestorSettings`\" pulumi-lang-java=\"`requestorSettings`\"\u003e`requestorSettings`\u003c/span\u003e block to configure the users who can request access, as documented below.\n"}},"type":"object"}},"azuread:index/accessPackageCatalog:AccessPackageCatalog":{"description":"Manages an access package catalog within Identity Governance in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application role: `EntitlementManagement.ReadWrite.All`.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Catalog owner`, `Catalog creator` or `Global Administrator`\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AccessPackageCatalog(\"example\", {\n    displayName: \"example-access-package-catalog\",\n    description: \"Example access package catalog\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AccessPackageCatalog(\"example\",\n    display_name=\"example-access-package-catalog\",\n    description=\"Example access package catalog\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.AccessPackageCatalog(\"example\", new()\n    {\n        DisplayName = \"example-access-package-catalog\",\n        Description = \"Example access package catalog\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewAccessPackageCatalog(ctx, \"example\", \u0026azuread.AccessPackageCatalogArgs{\n\t\t\tDisplayName: pulumi.String(\"example-access-package-catalog\"),\n\t\t\tDescription: pulumi.String(\"Example access package catalog\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AccessPackageCatalog;\nimport com.pulumi.azuread.AccessPackageCatalogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new AccessPackageCatalog(\"example\", AccessPackageCatalogArgs.builder()\n            .displayName(\"example-access-package-catalog\")\n            .description(\"Example access package catalog\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:AccessPackageCatalog\n    properties:\n      displayName: example-access-package-catalog\n      description: Example access package catalog\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAn Access Package Catalog can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/accessPackageCatalog:AccessPackageCatalog example 00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"description":{"type":"string","description":"The description of the access package catalog.\n"},"displayName":{"type":"string","description":"The display name of the access package catalog.\n"},"externallyVisible":{"type":"boolean","description":"Whether the access packages in this catalog can be requested by users outside the tenant.\n"},"published":{"type":"boolean","description":"Whether the access packages in this catalog are available for management.\n"}},"required":["description","displayName"],"inputProperties":{"description":{"type":"string","description":"The description of the access package catalog.\n"},"displayName":{"type":"string","description":"The display name of the access package catalog.\n"},"externallyVisible":{"type":"boolean","description":"Whether the access packages in this catalog can be requested by users outside the tenant.\n"},"published":{"type":"boolean","description":"Whether the access packages in this catalog are available for management.\n"}},"requiredInputs":["description","displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering AccessPackageCatalog resources.\n","properties":{"description":{"type":"string","description":"The description of the access package catalog.\n"},"displayName":{"type":"string","description":"The display name of the access package catalog.\n"},"externallyVisible":{"type":"boolean","description":"Whether the access packages in this catalog can be requested by users outside the tenant.\n"},"published":{"type":"boolean","description":"Whether the access packages in this catalog are available for management.\n"}},"type":"object"}},"azuread:index/accessPackageCatalogRoleAssignment:AccessPackageCatalogRoleAssignment":{"description":"Manages a single catalog role assignment within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `EntitlementManagement.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Identity Governance administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleGetAccessPackageCatalogRole = azuread.getAccessPackageCatalogRole({\n    displayName: \"Catalog owner\",\n});\nconst exampleAccessPackageCatalog = new azuread.AccessPackageCatalog(\"example\", {\n    displayName: \"example-access-package-catalog\",\n    description: \"Example access package catalog\",\n});\nconst exampleAccessPackageCatalogRoleAssignment = new azuread.AccessPackageCatalogRoleAssignment(\"example\", {\n    roleId: exampleGetAccessPackageCatalogRole.then(exampleGetAccessPackageCatalogRole =\u003e exampleGetAccessPackageCatalogRole.objectId),\n    principalObjectId: example.then(example =\u003e example.objectId),\n    catalogId: exampleAccessPackageCatalog.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_get_access_package_catalog_role = azuread.get_access_package_catalog_role(display_name=\"Catalog owner\")\nexample_access_package_catalog = azuread.AccessPackageCatalog(\"example\",\n    display_name=\"example-access-package-catalog\",\n    description=\"Example access package catalog\")\nexample_access_package_catalog_role_assignment = azuread.AccessPackageCatalogRoleAssignment(\"example\",\n    role_id=example_get_access_package_catalog_role.object_id,\n    principal_object_id=example.object_id,\n    catalog_id=example_access_package_catalog.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleGetAccessPackageCatalogRole = AzureAD.Index.GetAccessPackageCatalogRole.Invoke(new()\n    {\n        DisplayName = \"Catalog owner\",\n    });\n\n    var exampleAccessPackageCatalog = new AzureAD.Index.AccessPackageCatalog(\"example\", new()\n    {\n        DisplayName = \"example-access-package-catalog\",\n        Description = \"Example access package catalog\",\n    });\n\n    var exampleAccessPackageCatalogRoleAssignment = new AzureAD.Index.AccessPackageCatalogRoleAssignment(\"example\", new()\n    {\n        RoleId = exampleGetAccessPackageCatalogRole.Apply(getAccessPackageCatalogRoleResult =\u003e getAccessPackageCatalogRoleResult.ObjectId),\n        PrincipalObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n        CatalogId = exampleAccessPackageCatalog.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGetAccessPackageCatalogRole, err := azuread.GetAccessPackageCatalogRole(ctx, \u0026azuread.GetAccessPackageCatalogRoleArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Catalog owner\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAccessPackageCatalog, err := azuread.NewAccessPackageCatalog(ctx, \"example\", \u0026azuread.AccessPackageCatalogArgs{\n\t\t\tDisplayName: pulumi.String(\"example-access-package-catalog\"),\n\t\t\tDescription: pulumi.String(\"Example access package catalog\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAccessPackageCatalogRoleAssignment(ctx, \"example\", \u0026azuread.AccessPackageCatalogRoleAssignmentArgs{\n\t\t\tRoleId:            pulumi.String(pulumi.String(exampleGetAccessPackageCatalogRole.ObjectId)),\n\t\t\tPrincipalObjectId: pulumi.String(pulumi.String(example.ObjectId)),\n\t\t\tCatalogId:         exampleAccessPackageCatalog.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.inputs.GetAccessPackageCatalogRoleArgs;\nimport com.pulumi.azuread.AccessPackageCatalog;\nimport com.pulumi.azuread.AccessPackageCatalogArgs;\nimport com.pulumi.azuread.AccessPackageCatalogRoleAssignment;\nimport com.pulumi.azuread.AccessPackageCatalogRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        final var exampleGetAccessPackageCatalogRole = AzureadFunctions.getAccessPackageCatalogRole(GetAccessPackageCatalogRoleArgs.builder()\n            .displayName(\"Catalog owner\")\n            .build());\n\n        var exampleAccessPackageCatalog = new AccessPackageCatalog(\"exampleAccessPackageCatalog\", AccessPackageCatalogArgs.builder()\n            .displayName(\"example-access-package-catalog\")\n            .description(\"Example access package catalog\")\n            .build());\n\n        var exampleAccessPackageCatalogRoleAssignment = new AccessPackageCatalogRoleAssignment(\"exampleAccessPackageCatalogRoleAssignment\", AccessPackageCatalogRoleAssignmentArgs.builder()\n            .roleId(exampleGetAccessPackageCatalogRole.objectId())\n            .principalObjectId(example.objectId())\n            .catalogId(exampleAccessPackageCatalog.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleAccessPackageCatalog:\n    type: azuread:AccessPackageCatalog\n    name: example\n    properties:\n      displayName: example-access-package-catalog\n      description: Example access package catalog\n  exampleAccessPackageCatalogRoleAssignment:\n    type: azuread:AccessPackageCatalogRoleAssignment\n    name: example\n    properties:\n      roleId: ${exampleGetAccessPackageCatalogRole.objectId}\n      principalObjectId: ${example.objectId}\n      catalogId: ${exampleAccessPackageCatalog.id}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n  exampleGetAccessPackageCatalogRole:\n    fn::invoke:\n      function: azuread:getAccessPackageCatalogRole\n      arguments:\n        displayName: Catalog owner\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCatalog role assignments can be imported using the ID of the assignment, e.g.\n\n```sh\n$ pulumi import azuread:index/accessPackageCatalogRoleAssignment:AccessPackageCatalogRoleAssignment example 00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"catalogId":{"type":"string","description":"The ID of the Catalog this role assignment will be scoped to. Changing this forces a new resource to be created.\n"},"principalObjectId":{"type":"string","description":"The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n"},"roleId":{"type":"string","description":"The object ID of the catalog role you want to assign. Changing this forces a new resource to be created.\n"}},"required":["catalogId","principalObjectId","roleId"],"inputProperties":{"catalogId":{"type":"string","description":"The ID of the Catalog this role assignment will be scoped to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalObjectId":{"type":"string","description":"The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The object ID of the catalog role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["catalogId","principalObjectId","roleId"],"stateInputs":{"description":"Input properties used for looking up and filtering AccessPackageCatalogRoleAssignment resources.\n","properties":{"catalogId":{"type":"string","description":"The ID of the Catalog this role assignment will be scoped to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalObjectId":{"type":"string","description":"The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The object ID of the catalog role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/accessPackageResourceCatalogAssociation:AccessPackageResourceCatalogAssociation":{"description":"Manages the resources added to access package catalogs within Identity Governance in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application role: `EntitlementManagement.ReadWrite.All`.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Catalog owner` or `Global Administrator`\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n    displayName: \"example-group\",\n    securityEnabled: true,\n});\nconst exampleAccessPackageCatalog = new azuread.AccessPackageCatalog(\"example\", {\n    displayName: \"example-catalog\",\n    description: \"Example catalog\",\n});\nconst exampleAccessPackageResourceCatalogAssociation = new azuread.AccessPackageResourceCatalogAssociation(\"example\", {\n    catalogId: exampleCatalog.id,\n    resourceOriginId: exampleGroup.objectId,\n    resourceOriginSystem: \"AadGroup\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n    display_name=\"example-group\",\n    security_enabled=True)\nexample_access_package_catalog = azuread.AccessPackageCatalog(\"example\",\n    display_name=\"example-catalog\",\n    description=\"Example catalog\")\nexample_access_package_resource_catalog_association = azuread.AccessPackageResourceCatalogAssociation(\"example\",\n    catalog_id=example_catalog[\"id\"],\n    resource_origin_id=example_group[\"objectId\"],\n    resource_origin_system=\"AadGroup\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"example-group\",\n        SecurityEnabled = true,\n    });\n\n    var exampleAccessPackageCatalog = new AzureAD.Index.AccessPackageCatalog(\"example\", new()\n    {\n        DisplayName = \"example-catalog\",\n        Description = \"Example catalog\",\n    });\n\n    var exampleAccessPackageResourceCatalogAssociation = new AzureAD.Index.AccessPackageResourceCatalogAssociation(\"example\", new()\n    {\n        CatalogId = exampleCatalog.Id,\n        ResourceOriginId = exampleGroup.ObjectId,\n        ResourceOriginSystem = \"AadGroup\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"example-group\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAccessPackageCatalog(ctx, \"example\", \u0026azuread.AccessPackageCatalogArgs{\n\t\t\tDisplayName: pulumi.String(\"example-catalog\"),\n\t\t\tDescription: pulumi.String(\"Example catalog\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAccessPackageResourceCatalogAssociation(ctx, \"example\", \u0026azuread.AccessPackageResourceCatalogAssociationArgs{\n\t\t\tCatalogId:            pulumi.Any(exampleCatalog.Id),\n\t\t\tResourceOriginId:     pulumi.Any(exampleGroup.ObjectId),\n\t\t\tResourceOriginSystem: pulumi.String(\"AadGroup\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AccessPackageCatalog;\nimport com.pulumi.azuread.AccessPackageCatalogArgs;\nimport com.pulumi.azuread.AccessPackageResourceCatalogAssociation;\nimport com.pulumi.azuread.AccessPackageResourceCatalogAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"example-group\")\n            .securityEnabled(true)\n            .build());\n\n        var exampleAccessPackageCatalog = new AccessPackageCatalog(\"exampleAccessPackageCatalog\", AccessPackageCatalogArgs.builder()\n            .displayName(\"example-catalog\")\n            .description(\"Example catalog\")\n            .build());\n\n        var exampleAccessPackageResourceCatalogAssociation = new AccessPackageResourceCatalogAssociation(\"exampleAccessPackageResourceCatalogAssociation\", AccessPackageResourceCatalogAssociationArgs.builder()\n            .catalogId(exampleCatalog.id())\n            .resourceOriginId(exampleGroup.objectId())\n            .resourceOriginSystem(\"AadGroup\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: example-group\n      securityEnabled: true\n  exampleAccessPackageCatalog:\n    type: azuread:AccessPackageCatalog\n    name: example\n    properties:\n      displayName: example-catalog\n      description: Example catalog\n  exampleAccessPackageResourceCatalogAssociation:\n    type: azuread:AccessPackageResourceCatalogAssociation\n    name: example\n    properties:\n      catalogId: ${exampleCatalog.id}\n      resourceOriginId: ${exampleGroup.objectId}\n      resourceOriginSystem: AadGroup\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThe resource and catalog association can be imported using the catalog ID and the resource origin ID, e.g.\n\n```sh\n$ pulumi import azuread:index/accessPackageResourceCatalogAssociation:AccessPackageResourceCatalogAssociation example 00000000-0000-0000-0000-000000000000/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the Catalog ID and the Resource Origin ID in the format `{CatalogID}/{ResourceOriginID}`.\n\n","properties":{"catalogId":{"type":"string","description":"The unique ID of the access package catalog. Changing this forces a new resource to be created.\n"},"resourceOriginId":{"type":"string","description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group. Changing this forces a new resource to be created.\n"},"resourceOriginSystem":{"type":"string","description":"The type of the resource in the origin system, such as `SharePointOnline`, `AadApplication` or `AadGroup`. Changing this forces a new resource to be created.\n"}},"required":["catalogId","resourceOriginId","resourceOriginSystem"],"inputProperties":{"catalogId":{"type":"string","description":"The unique ID of the access package catalog. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"resourceOriginId":{"type":"string","description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"resourceOriginSystem":{"type":"string","description":"The type of the resource in the origin system, such as `SharePointOnline`, `AadApplication` or `AadGroup`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["catalogId","resourceOriginId","resourceOriginSystem"],"stateInputs":{"description":"Input properties used for looking up and filtering AccessPackageResourceCatalogAssociation resources.\n","properties":{"catalogId":{"type":"string","description":"The unique ID of the access package catalog. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"resourceOriginId":{"type":"string","description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"resourceOriginSystem":{"type":"string","description":"The type of the resource in the origin system, such as `SharePointOnline`, `AadApplication` or `AadGroup`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/accessPackageResourcePackageAssociation:AccessPackageResourcePackageAssociation":{"description":"Manages the resources added to access packages within Identity Governance in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application role: `EntitlementManagement.ReadWrite.All`.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Catalog owner`, `Access package manager` or `Global Administrator`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n    displayName: \"example-group\",\n    securityEnabled: true,\n});\nconst exampleAccessPackageCatalog = new azuread.AccessPackageCatalog(\"example\", {\n    displayName: \"example-catalog\",\n    description: \"Example catalog\",\n});\nconst exampleAccessPackageResourceCatalogAssociation = new azuread.AccessPackageResourceCatalogAssociation(\"example\", {\n    catalogId: exampleCatalog.id,\n    resourceOriginId: exampleGroup.objectId,\n    resourceOriginSystem: \"AadGroup\",\n});\nconst exampleAccessPackage = new azuread.AccessPackage(\"example\", {\n    displayName: \"example-package\",\n    description: \"Example Package\",\n    catalogId: exampleCatalog.id,\n});\nconst exampleAccessPackageResourcePackageAssociation = new azuread.AccessPackageResourcePackageAssociation(\"example\", {\n    accessPackageId: exampleAccessPackage.id,\n    catalogResourceAssociationId: exampleAccessPackageResourceCatalogAssociation.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n    display_name=\"example-group\",\n    security_enabled=True)\nexample_access_package_catalog = azuread.AccessPackageCatalog(\"example\",\n    display_name=\"example-catalog\",\n    description=\"Example catalog\")\nexample_access_package_resource_catalog_association = azuread.AccessPackageResourceCatalogAssociation(\"example\",\n    catalog_id=example_catalog[\"id\"],\n    resource_origin_id=example_group[\"objectId\"],\n    resource_origin_system=\"AadGroup\")\nexample_access_package = azuread.AccessPackage(\"example\",\n    display_name=\"example-package\",\n    description=\"Example Package\",\n    catalog_id=example_catalog[\"id\"])\nexample_access_package_resource_package_association = azuread.AccessPackageResourcePackageAssociation(\"example\",\n    access_package_id=example_access_package.id,\n    catalog_resource_association_id=example_access_package_resource_catalog_association.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"example-group\",\n        SecurityEnabled = true,\n    });\n\n    var exampleAccessPackageCatalog = new AzureAD.Index.AccessPackageCatalog(\"example\", new()\n    {\n        DisplayName = \"example-catalog\",\n        Description = \"Example catalog\",\n    });\n\n    var exampleAccessPackageResourceCatalogAssociation = new AzureAD.Index.AccessPackageResourceCatalogAssociation(\"example\", new()\n    {\n        CatalogId = exampleCatalog.Id,\n        ResourceOriginId = exampleGroup.ObjectId,\n        ResourceOriginSystem = \"AadGroup\",\n    });\n\n    var exampleAccessPackage = new AzureAD.Index.AccessPackage(\"example\", new()\n    {\n        DisplayName = \"example-package\",\n        Description = \"Example Package\",\n        CatalogId = exampleCatalog.Id,\n    });\n\n    var exampleAccessPackageResourcePackageAssociation = new AzureAD.Index.AccessPackageResourcePackageAssociation(\"example\", new()\n    {\n        AccessPackageId = exampleAccessPackage.Id,\n        CatalogResourceAssociationId = exampleAccessPackageResourceCatalogAssociation.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"example-group\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAccessPackageCatalog(ctx, \"example\", \u0026azuread.AccessPackageCatalogArgs{\n\t\t\tDisplayName: pulumi.String(\"example-catalog\"),\n\t\t\tDescription: pulumi.String(\"Example catalog\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAccessPackageResourceCatalogAssociation, err := azuread.NewAccessPackageResourceCatalogAssociation(ctx, \"example\", \u0026azuread.AccessPackageResourceCatalogAssociationArgs{\n\t\t\tCatalogId:            pulumi.Any(exampleCatalog.Id),\n\t\t\tResourceOriginId:     pulumi.Any(exampleGroup.ObjectId),\n\t\t\tResourceOriginSystem: pulumi.String(\"AadGroup\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAccessPackage, err := azuread.NewAccessPackage(ctx, \"example\", \u0026azuread.AccessPackageArgs{\n\t\t\tDisplayName: pulumi.String(\"example-package\"),\n\t\t\tDescription: pulumi.String(\"Example Package\"),\n\t\t\tCatalogId:   pulumi.Any(exampleCatalog.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAccessPackageResourcePackageAssociation(ctx, \"example\", \u0026azuread.AccessPackageResourcePackageAssociationArgs{\n\t\t\tAccessPackageId:              exampleAccessPackage.ID(),\n\t\t\tCatalogResourceAssociationId: exampleAccessPackageResourceCatalogAssociation.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AccessPackageCatalog;\nimport com.pulumi.azuread.AccessPackageCatalogArgs;\nimport com.pulumi.azuread.AccessPackageResourceCatalogAssociation;\nimport com.pulumi.azuread.AccessPackageResourceCatalogAssociationArgs;\nimport com.pulumi.azuread.AccessPackage;\nimport com.pulumi.azuread.AccessPackageArgs;\nimport com.pulumi.azuread.AccessPackageResourcePackageAssociation;\nimport com.pulumi.azuread.AccessPackageResourcePackageAssociationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"example-group\")\n            .securityEnabled(true)\n            .build());\n\n        var exampleAccessPackageCatalog = new AccessPackageCatalog(\"exampleAccessPackageCatalog\", AccessPackageCatalogArgs.builder()\n            .displayName(\"example-catalog\")\n            .description(\"Example catalog\")\n            .build());\n\n        var exampleAccessPackageResourceCatalogAssociation = new AccessPackageResourceCatalogAssociation(\"exampleAccessPackageResourceCatalogAssociation\", AccessPackageResourceCatalogAssociationArgs.builder()\n            .catalogId(exampleCatalog.id())\n            .resourceOriginId(exampleGroup.objectId())\n            .resourceOriginSystem(\"AadGroup\")\n            .build());\n\n        var exampleAccessPackage = new AccessPackage(\"exampleAccessPackage\", AccessPackageArgs.builder()\n            .displayName(\"example-package\")\n            .description(\"Example Package\")\n            .catalogId(exampleCatalog.id())\n            .build());\n\n        var exampleAccessPackageResourcePackageAssociation = new AccessPackageResourcePackageAssociation(\"exampleAccessPackageResourcePackageAssociation\", AccessPackageResourcePackageAssociationArgs.builder()\n            .accessPackageId(exampleAccessPackage.id())\n            .catalogResourceAssociationId(exampleAccessPackageResourceCatalogAssociation.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: example-group\n      securityEnabled: true\n  exampleAccessPackageCatalog:\n    type: azuread:AccessPackageCatalog\n    name: example\n    properties:\n      displayName: example-catalog\n      description: Example catalog\n  exampleAccessPackageResourceCatalogAssociation:\n    type: azuread:AccessPackageResourceCatalogAssociation\n    name: example\n    properties:\n      catalogId: ${exampleCatalog.id}\n      resourceOriginId: ${exampleGroup.objectId}\n      resourceOriginSystem: AadGroup\n  exampleAccessPackage:\n    type: azuread:AccessPackage\n    name: example\n    properties:\n      displayName: example-package\n      description: Example Package\n      catalogId: ${exampleCatalog.id}\n  exampleAccessPackageResourcePackageAssociation:\n    type: azuread:AccessPackageResourcePackageAssociation\n    name: example\n    properties:\n      accessPackageId: ${exampleAccessPackage.id}\n      catalogResourceAssociationId: ${exampleAccessPackageResourceCatalogAssociation.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThe resource and catalog association can be imported using the access package ID, the access package ResourceRoleScope, the resource origin ID, and the access type, e.g.\n\n```sh\n$ pulumi import azuread:index/accessPackageResourcePackageAssociation:AccessPackageResourcePackageAssociation example 00000000-0000-0000-0000-000000000000/11111111-1111-1111-1111-111111111111_22222222-2222-2222-2222-22222222/33333333-3333-3333-3333-33333333/Member\n```\n\n\u003e This ID format is unique to Terraform and is composed of the Access Package ID, the access package ResourceRoleScope (in the format Role_Scope), the Resource Origin ID, and the Access Type, in the format `{AccessPackageID}/{ResourceRoleScope}/{ResourceOriginID}/{AccessType}`.\n\n","properties":{"accessPackageId":{"type":"string","description":"The ID of access package this resource association is configured to. Changing this forces a new resource to be created.\n"},"accessType":{"type":"string","description":"The role of access type to the specified resource. Valid values are `Member`, or `Owner` The default is `Member`. Changing this forces a new resource to be created.\n"},"catalogResourceAssociationId":{"type":"string","description":"The ID of the catalog association from the \u003cspan pulumi-lang-nodejs=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-dotnet=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-go=\"`AccessPackageResourceCatalogAssociation`\" pulumi-lang-python=\"`AccessPackageResourceCatalogAssociation`\" pulumi-lang-yaml=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-java=\"`azuread.AccessPackageResourceCatalogAssociation`\"\u003e`azuread.AccessPackageResourceCatalogAssociation`\u003c/span\u003e resource. Changing this forces a new resource to be created.\n"}},"required":["accessPackageId","catalogResourceAssociationId"],"inputProperties":{"accessPackageId":{"type":"string","description":"The ID of access package this resource association is configured to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"accessType":{"type":"string","description":"The role of access type to the specified resource. Valid values are `Member`, or `Owner` The default is `Member`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"catalogResourceAssociationId":{"type":"string","description":"The ID of the catalog association from the \u003cspan pulumi-lang-nodejs=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-dotnet=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-go=\"`AccessPackageResourceCatalogAssociation`\" pulumi-lang-python=\"`AccessPackageResourceCatalogAssociation`\" pulumi-lang-yaml=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-java=\"`azuread.AccessPackageResourceCatalogAssociation`\"\u003e`azuread.AccessPackageResourceCatalogAssociation`\u003c/span\u003e resource. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["accessPackageId","catalogResourceAssociationId"],"stateInputs":{"description":"Input properties used for looking up and filtering AccessPackageResourcePackageAssociation resources.\n","properties":{"accessPackageId":{"type":"string","description":"The ID of access package this resource association is configured to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"accessType":{"type":"string","description":"The role of access type to the specified resource. Valid values are `Member`, or `Owner` The default is `Member`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"catalogResourceAssociationId":{"type":"string","description":"The ID of the catalog association from the \u003cspan pulumi-lang-nodejs=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-dotnet=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-go=\"`AccessPackageResourceCatalogAssociation`\" pulumi-lang-python=\"`AccessPackageResourceCatalogAssociation`\" pulumi-lang-yaml=\"`azuread.AccessPackageResourceCatalogAssociation`\" pulumi-lang-java=\"`azuread.AccessPackageResourceCatalogAssociation`\"\u003e`azuread.AccessPackageResourceCatalogAssociation`\u003c/span\u003e resource. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/administrativeUnit:AdministrativeUnit":{"description":"Manages an Administrative Unit within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AdministrativeUnit(\"example\", {\n    displayName: \"Example-AU\",\n    description: \"Just an example\",\n    hiddenMembershipEnabled: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AdministrativeUnit(\"example\",\n    display_name=\"Example-AU\",\n    description=\"Just an example\",\n    hidden_membership_enabled=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.AdministrativeUnit(\"example\", new()\n    {\n        DisplayName = \"Example-AU\",\n        Description = \"Just an example\",\n        HiddenMembershipEnabled = false,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName:             pulumi.String(\"Example-AU\"),\n\t\t\tDescription:             pulumi.String(\"Just an example\"),\n\t\t\tHiddenMembershipEnabled: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new AdministrativeUnit(\"example\", AdministrativeUnitArgs.builder()\n            .displayName(\"Example-AU\")\n            .description(\"Just an example\")\n            .hiddenMembershipEnabled(false)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:AdministrativeUnit\n    properties:\n      displayName: Example-AU\n      description: Just an example\n      hiddenMembershipEnabled: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative units can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"description":{"type":"string","description":"The description of the administrative unit.\n"},"displayName":{"type":"string","description":"The display name of the administrative unit.\n"},"hiddenMembershipEnabled":{"type":"boolean","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory.\n"},"members":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups.\n\n\u003e **Caution** When using the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n\n!\u003e **Warning** Do not use the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property at the same time as the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed.\n"},"objectId":{"type":"string","description":"The object ID of the administrative unit.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing administrative unit is found with the same name"}},"required":["displayName","members","objectId"],"inputProperties":{"description":{"type":"string","description":"The description of the administrative unit.\n"},"displayName":{"type":"string","description":"The display name of the administrative unit.\n"},"hiddenMembershipEnabled":{"type":"boolean","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory.\n"},"members":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups.\n\n\u003e **Caution** When using the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n\n!\u003e **Warning** Do not use the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property at the same time as the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing administrative unit is found with the same name"}},"requiredInputs":["displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering AdministrativeUnit resources.\n","properties":{"description":{"type":"string","description":"The description of the administrative unit.\n"},"displayName":{"type":"string","description":"The display name of the administrative unit.\n"},"hiddenMembershipEnabled":{"type":"boolean","description":"Whether the administrative unit and its members are hidden or publicly viewable in the directory.\n"},"members":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups.\n\n\u003e **Caution** When using the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n\n!\u003e **Warning** Do not use the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property at the same time as the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed.\n"},"objectId":{"type":"string","description":"The object ID of the administrative unit.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing administrative unit is found with the same name"}},"type":"object"}},"azuread:index/administrativeUnitMember:AdministrativeUnitMember":{"description":"Manages a single administrative unit membership within Azure Active Directory.\n\n\u003e **Warning** Do not use this resource at the same time as the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the \u003cspan pulumi-lang-nodejs=\"`azuread.AdministrativeUnit`\" pulumi-lang-dotnet=\"`azuread.AdministrativeUnit`\" pulumi-lang-go=\"`AdministrativeUnit`\" pulumi-lang-python=\"`AdministrativeUnit`\" pulumi-lang-yaml=\"`azuread.AdministrativeUnit`\" pulumi-lang-java=\"`azuread.AdministrativeUnit`\"\u003e`azuread.AdministrativeUnit`\u003c/span\u003e resource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleAdministrativeUnit = new azuread.AdministrativeUnit(\"example\", {displayName: \"Example-AU\"});\nconst exampleAdministrativeUnitMember = new azuread.AdministrativeUnitMember(\"example\", {\n    administrativeUnitObjectId: exampleAdministrativeUnit.id,\n    memberObjectId: example.then(example =\u003e example.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_administrative_unit = azuread.AdministrativeUnit(\"example\", display_name=\"Example-AU\")\nexample_administrative_unit_member = azuread.AdministrativeUnitMember(\"example\",\n    administrative_unit_object_id=example_administrative_unit.id,\n    member_object_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleAdministrativeUnit = new AzureAD.Index.AdministrativeUnit(\"example\", new()\n    {\n        DisplayName = \"Example-AU\",\n    });\n\n    var exampleAdministrativeUnitMember = new AzureAD.Index.AdministrativeUnitMember(\"example\", new()\n    {\n        AdministrativeUnitObjectId = exampleAdministrativeUnit.Id,\n        MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.Id),\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdministrativeUnit, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAdministrativeUnitMember(ctx, \"example\", \u0026azuread.AdministrativeUnitMemberArgs{\n\t\t\tAdministrativeUnitObjectId: exampleAdministrativeUnit.ID(),\n\t\t\tMemberObjectId:             pulumi.String(pulumi.String(example.Id)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport com.pulumi.azuread.AdministrativeUnitMember;\nimport com.pulumi.azuread.AdministrativeUnitMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleAdministrativeUnit = new AdministrativeUnit(\"exampleAdministrativeUnit\", AdministrativeUnitArgs.builder()\n            .displayName(\"Example-AU\")\n            .build());\n\n        var exampleAdministrativeUnitMember = new AdministrativeUnitMember(\"exampleAdministrativeUnitMember\", AdministrativeUnitMemberArgs.builder()\n            .administrativeUnitObjectId(exampleAdministrativeUnit.id())\n            .memberObjectId(example.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleAdministrativeUnit:\n    type: azuread:AdministrativeUnit\n    name: example\n    properties:\n      displayName: Example-AU\n  exampleAdministrativeUnitMember:\n    type: azuread:AdministrativeUnitMember\n    name: example\n    properties:\n      administrativeUnitObjectId: ${exampleAdministrativeUnit.id}\n      memberObjectId: ${example.id}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative unit members can be imported using the object ID of the administrative unit and the object ID of the member, e.g.\n\n```sh\n$ pulumi import azuread:index/administrativeUnitMember:AdministrativeUnitMember example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/members/11111111-1111-1111-1111-111111111111\n```\n\n","properties":{"administrativeUnitObjectId":{"type":"string","description":"The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created.\n"},"memberObjectId":{"type":"string","description":"The object ID of the user or group you want to add as a member of the administrative unit. Changing this forces a new resource to be created.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n"}},"inputProperties":{"administrativeUnitObjectId":{"type":"string","description":"The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"memberObjectId":{"type":"string","description":"The object ID of the user or group you want to add as a member of the administrative unit. Changing this forces a new resource to be created.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n","willReplaceOnChanges":true}},"stateInputs":{"description":"Input properties used for looking up and filtering AdministrativeUnitMember resources.\n","properties":{"administrativeUnitObjectId":{"type":"string","description":"The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"memberObjectId":{"type":"string","description":"The object ID of the user or group you want to add as a member of the administrative unit. Changing this forces a new resource to be created.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember":{"description":"Manages a single directory role assignment scoped to an administrative unit within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` and `RoleManagement.ReadWrite.Directory`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleAdministrativeUnit = new azuread.AdministrativeUnit(\"example\", {displayName: \"Example-AU\"});\nconst exampleDirectoryRole = new azuread.DirectoryRole(\"example\", {displayName: \"Security administrator\"});\nconst exampleAdministrativeUnitRoleMember = new azuread.AdministrativeUnitRoleMember(\"example\", {\n    roleObjectId: exampleDirectoryRole.objectId,\n    administrativeUnitObjectId: exampleAdministrativeUnit.objectId,\n    memberObjectId: example.then(example =\u003e example.objectId),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_administrative_unit = azuread.AdministrativeUnit(\"example\", display_name=\"Example-AU\")\nexample_directory_role = azuread.DirectoryRole(\"example\", display_name=\"Security administrator\")\nexample_administrative_unit_role_member = azuread.AdministrativeUnitRoleMember(\"example\",\n    role_object_id=example_directory_role.object_id,\n    administrative_unit_object_id=example_administrative_unit.object_id,\n    member_object_id=example.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleAdministrativeUnit = new AzureAD.Index.AdministrativeUnit(\"example\", new()\n    {\n        DisplayName = \"Example-AU\",\n    });\n\n    var exampleDirectoryRole = new AzureAD.Index.DirectoryRole(\"example\", new()\n    {\n        DisplayName = \"Security administrator\",\n    });\n\n    var exampleAdministrativeUnitRoleMember = new AzureAD.Index.AdministrativeUnitRoleMember(\"example\", new()\n    {\n        RoleObjectId = exampleDirectoryRole.ObjectId,\n        AdministrativeUnitObjectId = exampleAdministrativeUnit.ObjectId,\n        MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdministrativeUnit, err := azuread.NewAdministrativeUnit(ctx, \"example\", \u0026azuread.AdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.String(\"Example-AU\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectoryRole, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Security administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAdministrativeUnitRoleMember(ctx, \"example\", \u0026azuread.AdministrativeUnitRoleMemberArgs{\n\t\t\tRoleObjectId:               exampleDirectoryRole.ObjectId,\n\t\t\tAdministrativeUnitObjectId: exampleAdministrativeUnit.ObjectId,\n\t\t\tMemberObjectId:             pulumi.String(pulumi.String(example.ObjectId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.AdministrativeUnit;\nimport com.pulumi.azuread.AdministrativeUnitArgs;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport com.pulumi.azuread.AdministrativeUnitRoleMember;\nimport com.pulumi.azuread.AdministrativeUnitRoleMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleAdministrativeUnit = new AdministrativeUnit(\"exampleAdministrativeUnit\", AdministrativeUnitArgs.builder()\n            .displayName(\"Example-AU\")\n            .build());\n\n        var exampleDirectoryRole = new DirectoryRole(\"exampleDirectoryRole\", DirectoryRoleArgs.builder()\n            .displayName(\"Security administrator\")\n            .build());\n\n        var exampleAdministrativeUnitRoleMember = new AdministrativeUnitRoleMember(\"exampleAdministrativeUnitRoleMember\", AdministrativeUnitRoleMemberArgs.builder()\n            .roleObjectId(exampleDirectoryRole.objectId())\n            .administrativeUnitObjectId(exampleAdministrativeUnit.objectId())\n            .memberObjectId(example.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleAdministrativeUnit:\n    type: azuread:AdministrativeUnit\n    name: example\n    properties:\n      displayName: Example-AU\n  exampleDirectoryRole:\n    type: azuread:DirectoryRole\n    name: example\n    properties:\n      displayName: Security administrator\n  exampleAdministrativeUnitRoleMember:\n    type: azuread:AdministrativeUnitRoleMember\n    name: example\n    properties:\n      roleObjectId: ${exampleDirectoryRole.objectId}\n      administrativeUnitObjectId: ${exampleAdministrativeUnit.objectId}\n      memberObjectId: ${example.objectId}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAdministrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g.\n\n```sh\nterraform import azuread_administrative_unit_role_member.example \n/directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS\n```\n\n","properties":{"administrativeUnitObjectId":{"type":"string","description":"The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created.\n"},"memberObjectId":{"type":"string","description":"The object ID of the user, group or service principal you want to add as a member of the administrative unit. Changing this forces a new resource to be created.\n"},"roleObjectId":{"type":"string","description":"The object ID of the directory role you want to assign. Changing this forces a new resource to be created.\n"}},"required":["administrativeUnitObjectId","memberObjectId","roleObjectId"],"inputProperties":{"administrativeUnitObjectId":{"type":"string","description":"The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"memberObjectId":{"type":"string","description":"The object ID of the user, group or service principal you want to add as a member of the administrative unit. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleObjectId":{"type":"string","description":"The object ID of the directory role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["administrativeUnitObjectId","memberObjectId","roleObjectId"],"stateInputs":{"description":"Input properties used for looking up and filtering AdministrativeUnitRoleMember resources.\n","properties":{"administrativeUnitObjectId":{"type":"string","description":"The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"memberObjectId":{"type":"string","description":"The object ID of the user, group or service principal you want to add as a member of the administrative unit. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleObjectId":{"type":"string","description":"The object ID of the directory role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/appRoleAssignment:AppRoleAssignment":{"description":"Manages an app role assignment for a group, user or service principal. Can be used to grant admin consent for application permissions.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AppRoleAssignment.ReadWrite.All` and `Application.Read.All`, or `AppRoleAssignment.ReadWrite.All` and `Directory.Read.All`, or `Application.ReadWrite.All`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*App role assignment for accessing Microsoft Graph*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n    clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n    useExisting: true,\n});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    requiredResourceAccesses: [{\n        resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n        resourceAccesses: [\n            {\n                id: msgraph.appRoleIds[\"User.Read.All\"],\n                type: \"Role\",\n            },\n            {\n                id: msgraph.oauth2PermissionScopeIds[\"User.ReadWrite\"],\n                type: \"Scope\",\n            },\n        ],\n    }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"example\", {\n    appRoleId: msgraph.appRoleIds[\"User.Read.All\"],\n    principalObjectId: exampleServicePrincipal.objectId,\n    resourceObjectId: msgraph.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n    client_id=well_known.result[\"microsoftGraph\"],\n    use_existing=True)\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    required_resource_accesses=[{\n        \"resource_app_id\": well_known.result[\"microsoftGraph\"],\n        \"resource_accesses\": [\n            {\n                \"id\": msgraph.app_role_ids[\"User.Read.All\"],\n                \"type\": \"Role\",\n            },\n            {\n                \"id\": msgraph.oauth2_permission_scope_ids[\"User.ReadWrite\"],\n                \"type\": \"Scope\",\n            },\n        ],\n    }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_app_role_assignment = azuread.AppRoleAssignment(\"example\",\n    app_role_id=msgraph.app_role_ids[\"User.Read.All\"],\n    principal_object_id=example_service_principal.object_id,\n    resource_object_id=msgraph.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var wellKnown = AzureAD.Index.GetApplicationPublishedAppIds.Invoke();\n\n    var msgraph = new AzureAD.Index.ServicePrincipal(\"msgraph\", new()\n    {\n        ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n        UseExisting = true,\n    });\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        RequiredResourceAccesses = new[]\n        {\n            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n            {\n                ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n                ResourceAccesses = new[]\n                {\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n                        Type = \"Role\",\n                    },\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_ReadWrite),\n                        Type = \"Scope\",\n                    },\n                },\n            },\n        },\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleAppRoleAssignment = new AzureAD.Index.AppRoleAssignment(\"example\", new()\n    {\n        AppRoleId = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n        PrincipalObjectId = exampleServicePrincipal.ObjectId,\n        ResourceObjectId = msgraph.ObjectId,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:    pulumi.String(pulumi.String(wellKnown.Result.MicrosoftGraph)),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.ReadWrite, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"example\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId:  msgraph.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n            .clientId(wellKnown.result().microsoftGraph())\n            .useExisting(true)\n            .build());\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n                .resourceAppId(wellKnown.result().microsoftGraph())\n                .resourceAccesses(                \n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.appRoleIds().applyValue(_appRoleIds -\u003e _appRoleIds.User.Read.All()))\n                        .type(\"Role\")\n                        .build(),\n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.oauth2PermissionScopeIds().applyValue(_oauth2PermissionScopeIds -\u003e _oauth2PermissionScopeIds.User.ReadWrite()))\n                        .type(\"Scope\")\n                        .build())\n                .build())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder()\n            .appRoleId(msgraph.appRoleIds().applyValue(_appRoleIds -\u003e _appRoleIds.User.Read.All()))\n            .principalObjectId(exampleServicePrincipal.objectId())\n            .resourceObjectId(msgraph.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  msgraph:\n    type: azuread:ServicePrincipal\n    properties:\n      clientId: ${wellKnown.result.microsoftGraph}\n      useExisting: true\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      requiredResourceAccesses:\n        - resourceAppId: ${wellKnown.result.microsoftGraph}\n          resourceAccesses:\n            - id: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n              type: Role\n            - id: ${msgraph.oauth2PermissionScopeIds\"User.ReadWrite\"[%!s(MISSING)]}\n              type: Scope\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleAppRoleAssignment:\n    type: azuread:AppRoleAssignment\n    name: example\n    properties:\n      appRoleId: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n      principalObjectId: ${exampleServicePrincipal.objectId}\n      resourceObjectId: ${msgraph.objectId}\nvariables:\n  wellKnown:\n    fn::invoke:\n      function: azuread:getApplicationPublishedAppIds\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*App role assignment for internal application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst internal = new azuread.Application(\"internal\", {\n    displayName: \"internal\",\n    appRoles: [{\n        allowedMemberTypes: [\"Application\"],\n        description: \"Apps can query the database\",\n        displayName: \"Query\",\n        enabled: true,\n        id: \"00000000-0000-0000-0000-111111111111\",\n        value: \"Query.All\",\n    }],\n});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internal\", {clientId: internal.clientId});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    requiredResourceAccesses: [{\n        resourceAppId: internal.clientId,\n        resourceAccesses: [{\n            id: internalServicePrincipal.appRoleIds[\"Query.All\"],\n            type: \"Role\",\n        }],\n    }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"example\", {\n    appRoleId: internalServicePrincipal.appRoleIds[\"Query.All\"],\n    principalObjectId: exampleServicePrincipal.objectId,\n    resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ninternal = azuread.Application(\"internal\",\n    display_name=\"internal\",\n    app_roles=[{\n        \"allowed_member_types\": [\"Application\"],\n        \"description\": \"Apps can query the database\",\n        \"display_name\": \"Query\",\n        \"enabled\": True,\n        \"id\": \"00000000-0000-0000-0000-111111111111\",\n        \"value\": \"Query.All\",\n    }])\ninternal_service_principal = azuread.ServicePrincipal(\"internal\", client_id=internal.client_id)\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    required_resource_accesses=[{\n        \"resource_app_id\": internal.client_id,\n        \"resource_accesses\": [{\n            \"id\": internal_service_principal.app_role_ids[\"Query.All\"],\n            \"type\": \"Role\",\n        }],\n    }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_app_role_assignment = azuread.AppRoleAssignment(\"example\",\n    app_role_id=internal_service_principal.app_role_ids[\"Query.All\"],\n    principal_object_id=example_service_principal.object_id,\n    resource_object_id=internal_service_principal.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var @internal = new AzureAD.Index.Application(\"internal\", new()\n    {\n        DisplayName = \"internal\",\n        AppRoles = new[]\n        {\n            new AzureAD.Inputs.ApplicationAppRoleArgs\n            {\n                AllowedMemberTypes = new[]\n                {\n                    \"Application\",\n                },\n                Description = \"Apps can query the database\",\n                DisplayName = \"Query\",\n                Enabled = true,\n                Id = \"00000000-0000-0000-0000-111111111111\",\n                Value = \"Query.All\",\n            },\n        },\n    });\n\n    var internalServicePrincipal = new AzureAD.Index.ServicePrincipal(\"internal\", new()\n    {\n        ClientId = @internal.ClientId,\n    });\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        RequiredResourceAccesses = new[]\n        {\n            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n            {\n                ResourceAppId = @internal.ClientId,\n                ResourceAccesses = new[]\n                {\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n                        Type = \"Role\",\n                    },\n                },\n            },\n        },\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleAppRoleAssignment = new AzureAD.Index.AppRoleAssignment(\"example\", new()\n    {\n        AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n        PrincipalObjectId = exampleServicePrincipal.ObjectId,\n        ResourceObjectId = internalServicePrincipal.ObjectId,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinternal, err := azuread.NewApplication(ctx, \"internal\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t\tAppRoles: azuread.ApplicationAppRoleTypeArray{\n\t\t\t\t\u0026azuread.ApplicationAppRoleTypeArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Apps can query the database\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Query\"),\n\t\t\t\t\tEnabled:     pulumi.Bool(true),\n\t\t\t\t\tId:          pulumi.String(\"00000000-0000-0000-0000-111111111111\"),\n\t\t\t\t\tValue:       pulumi.String(\"Query.All\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: internal.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: internal.ClientId,\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"example\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId:  internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var internal = new Application(\"internal\", ApplicationArgs.builder()\n            .displayName(\"internal\")\n            .appRoles(ApplicationAppRoleArgs.builder()\n                .allowedMemberTypes(\"Application\")\n                .description(\"Apps can query the database\")\n                .displayName(\"Query\")\n                .enabled(true)\n                .id(\"00000000-0000-0000-0000-111111111111\")\n                .value(\"Query.All\")\n                .build())\n            .build());\n\n        var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(internal.clientId())\n            .build());\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n                .resourceAppId(internal.clientId())\n                .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                    .id(internalServicePrincipal.appRoleIds().applyValue(_appRoleIds -\u003e _appRoleIds.Query.All()))\n                    .type(\"Role\")\n                    .build())\n                .build())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder()\n            .appRoleId(internalServicePrincipal.appRoleIds().applyValue(_appRoleIds -\u003e _appRoleIds.Query.All()))\n            .principalObjectId(exampleServicePrincipal.objectId())\n            .resourceObjectId(internalServicePrincipal.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  internal:\n    type: azuread:Application\n    properties:\n      displayName: internal\n      appRoles:\n        - allowedMemberTypes:\n            - Application\n          description: Apps can query the database\n          displayName: Query\n          enabled: true\n          id: 00000000-0000-0000-0000-111111111111\n          value: Query.All\n  internalServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: internal\n    properties:\n      clientId: ${internal.clientId}\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      requiredResourceAccesses:\n        - resourceAppId: ${internal.clientId}\n          resourceAccesses:\n            - id: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n              type: Role\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleAppRoleAssignment:\n    type: azuread:AppRoleAssignment\n    name: example\n    properties:\n      appRoleId: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n      principalObjectId: ${exampleServicePrincipal.objectId}\n      resourceObjectId: ${internalServicePrincipal.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Assign a user and group to an internal application*\n\n## Import\n\nApp role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note: _not_ the ID of the app role), e.g.\n\n```sh\n$ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example /servicePrincipals/00000000-0000-0000-0000-000000000000/appRoleAssignedTo/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz\n```\n\n\u003e This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `/servicePrincipals/{ResourcePrincipalID}/appRoleAssignedTo/{AppRoleAssignmentID}`.\n\n","properties":{"appRoleId":{"type":"string","description":"The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created.\n"},"principalDisplayName":{"type":"string","description":"The display name of the principal to which the app role is assigned.\n"},"principalObjectId":{"type":"string","description":"The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n"},"principalType":{"type":"string","description":"The object type of the principal to which the app role is assigned.\n"},"resourceDisplayName":{"type":"string","description":"The display name of the application representing the resource.\n"},"resourceObjectId":{"type":"string","description":"The object ID of the service principal representing the resource. Changing this forces a new resource to be created.\n"}},"required":["appRoleId","principalDisplayName","principalObjectId","principalType","resourceDisplayName","resourceObjectId"],"inputProperties":{"appRoleId":{"type":"string","description":"The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalObjectId":{"type":"string","description":"The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"resourceObjectId":{"type":"string","description":"The object ID of the service principal representing the resource. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["appRoleId","principalObjectId","resourceObjectId"],"stateInputs":{"description":"Input properties used for looking up and filtering AppRoleAssignment resources.\n","properties":{"appRoleId":{"type":"string","description":"The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalDisplayName":{"type":"string","description":"The display name of the principal to which the app role is assigned.\n"},"principalObjectId":{"type":"string","description":"The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalType":{"type":"string","description":"The object type of the principal to which the app role is assigned.\n"},"resourceDisplayName":{"type":"string","description":"The display name of the application representing the resource.\n"},"resourceObjectId":{"type":"string","description":"The object ID of the service principal representing the resource. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/application:Application":{"description":"Manages an application registration within Azure Active Directory.\n\nFor a more lightweight alternative, please see the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationRegistration \" pulumi-lang-dotnet=\" azuread.ApplicationRegistration \" pulumi-lang-go=\" ApplicationRegistration \" pulumi-lang-python=\" ApplicationRegistration \" pulumi-lang-yaml=\" azuread.ApplicationRegistration \" pulumi-lang-java=\" azuread.ApplicationRegistration \"\u003e azuread.ApplicationRegistration \u003c/span\u003eresource. Please note that this resource should not be used together with the \u003cspan pulumi-lang-nodejs=\"`azuread.ApplicationRegistration`\" pulumi-lang-dotnet=\"`azuread.ApplicationRegistration`\" pulumi-lang-go=\"`ApplicationRegistration`\" pulumi-lang-python=\"`ApplicationRegistration`\" pulumi-lang-yaml=\"`azuread.ApplicationRegistration`\" pulumi-lang-java=\"`azuread.ApplicationRegistration`\"\u003e`azuread.ApplicationRegistration`\u003c/span\u003e resource when managing the same application.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, you should ensure that the principal being used to run Terraform is included in the \u003cspan pulumi-lang-nodejs=\"`owners`\" pulumi-lang-dotnet=\"`Owners`\" pulumi-lang-go=\"`owners`\" pulumi-lang-python=\"`owners`\" pulumi-lang-yaml=\"`owners`\" pulumi-lang-java=\"`owners`\"\u003e`owners`\u003c/span\u003e property.\n\nAdditionally, you may need the `User.Read.All` application role when including user principals in the \u003cspan pulumi-lang-nodejs=\"`owners`\" pulumi-lang-dotnet=\"`Owners`\" pulumi-lang-go=\"`owners`\" pulumi-lang-python=\"`owners`\" pulumi-lang-yaml=\"`owners`\" pulumi-lang-java=\"`owners`\"\u003e`owners`\u003c/span\u003e property.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Create an application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as std from \"@pulumi/std\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    identifierUris: [\"api://example-app\"],\n    logoImage: std.filebase64({\n        input: \"/path/to/logo.png\",\n    }).then(invoke =\u003e invoke.result),\n    owners: [current.then(current =\u003e current.objectId)],\n    signInAudience: \"AzureADMultipleOrgs\",\n    api: {\n        mappedClaimsEnabled: true,\n        requestedAccessTokenVersion: 2,\n        knownClientApplications: [\n            known1.clientId,\n            known2.clientId,\n        ],\n        oauth2PermissionScopes: [\n            {\n                adminConsentDescription: \"Allow the application to access example on behalf of the signed-in user.\",\n                adminConsentDisplayName: \"Access example\",\n                enabled: true,\n                id: \"96183846-204b-4b43-82e1-5d2222eb4b9b\",\n                type: \"User\",\n                userConsentDescription: \"Allow the application to access example on your behalf.\",\n                userConsentDisplayName: \"Access example\",\n                value: \"user_impersonation\",\n            },\n            {\n                adminConsentDescription: \"Administer the example application\",\n                adminConsentDisplayName: \"Administer\",\n                enabled: true,\n                id: \"be98fa3e-ab5b-4b11-83d9-04ba2b7946bc\",\n                type: \"Admin\",\n                value: \"administer\",\n            },\n        ],\n    },\n    appRoles: [\n        {\n            allowedMemberTypes: [\n                \"User\",\n                \"Application\",\n            ],\n            description: \"Admins can manage roles and perform all task actions\",\n            displayName: \"Admin\",\n            enabled: true,\n            id: \"1b19509b-32b1-4e9f-b71d-4992aa991967\",\n            value: \"admin\",\n        },\n        {\n            allowedMemberTypes: [\"User\"],\n            description: \"ReadOnly roles have limited query access\",\n            displayName: \"ReadOnly\",\n            enabled: true,\n            id: \"497406e4-012a-4267-bf18-45a1cb148a01\",\n            value: \"User\",\n        },\n    ],\n    featureTags: [{\n        enterprise: true,\n        gallery: true,\n    }],\n    optionalClaims: {\n        accessTokens: [\n            {\n                name: \"myclaim\",\n            },\n            {\n                name: \"otherclaim\",\n            },\n        ],\n        idTokens: [{\n            name: \"userclaim\",\n            source: \"user\",\n            essential: true,\n            additionalProperties: [\"emit_as_roles\"],\n        }],\n        saml2Tokens: [{\n            name: \"samlexample\",\n        }],\n    },\n    requiredResourceAccesses: [\n        {\n            resourceAppId: \"00000003-0000-0000-c000-000000000000\",\n            resourceAccesses: [\n                {\n                    id: \"df021288-bdef-4463-88db-98f22de89214\",\n                    type: \"Role\",\n                },\n                {\n                    id: \"b4e74841-8e56-480b-be8b-910348b18b4c\",\n                    type: \"Scope\",\n                },\n            ],\n        },\n        {\n            resourceAppId: \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\n            resourceAccesses: [{\n                id: \"594c1fb6-4f81-4475-ae41-0c394909246c\",\n                type: \"Role\",\n            }],\n        },\n    ],\n    web: {\n        homepageUrl: \"https://app.example.net\",\n        logoutUrl: \"https://app.example.net/logout\",\n        redirectUris: [\"https://app.example.net/account\"],\n        implicitGrant: {\n            accessTokenIssuanceEnabled: true,\n            idTokenIssuanceEnabled: true,\n        },\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_std as std\n\ncurrent = azuread.get_client_config()\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    identifier_uris=[\"api://example-app\"],\n    logo_image=std.filebase64(input=\"/path/to/logo.png\").result,\n    owners=[current.object_id],\n    sign_in_audience=\"AzureADMultipleOrgs\",\n    api={\n        \"mapped_claims_enabled\": True,\n        \"requested_access_token_version\": 2,\n        \"known_client_applications\": [\n            known1[\"clientId\"],\n            known2[\"clientId\"],\n        ],\n        \"oauth2_permission_scopes\": [\n            {\n                \"admin_consent_description\": \"Allow the application to access example on behalf of the signed-in user.\",\n                \"admin_consent_display_name\": \"Access example\",\n                \"enabled\": True,\n                \"id\": \"96183846-204b-4b43-82e1-5d2222eb4b9b\",\n                \"type\": \"User\",\n                \"user_consent_description\": \"Allow the application to access example on your behalf.\",\n                \"user_consent_display_name\": \"Access example\",\n                \"value\": \"user_impersonation\",\n            },\n            {\n                \"admin_consent_description\": \"Administer the example application\",\n                \"admin_consent_display_name\": \"Administer\",\n                \"enabled\": True,\n                \"id\": \"be98fa3e-ab5b-4b11-83d9-04ba2b7946bc\",\n                \"type\": \"Admin\",\n                \"value\": \"administer\",\n            },\n        ],\n    },\n    app_roles=[\n        {\n            \"allowed_member_types\": [\n                \"User\",\n                \"Application\",\n            ],\n            \"description\": \"Admins can manage roles and perform all task actions\",\n            \"display_name\": \"Admin\",\n            \"enabled\": True,\n            \"id\": \"1b19509b-32b1-4e9f-b71d-4992aa991967\",\n            \"value\": \"admin\",\n        },\n        {\n            \"allowed_member_types\": [\"User\"],\n            \"description\": \"ReadOnly roles have limited query access\",\n            \"display_name\": \"ReadOnly\",\n            \"enabled\": True,\n            \"id\": \"497406e4-012a-4267-bf18-45a1cb148a01\",\n            \"value\": \"User\",\n        },\n    ],\n    feature_tags=[{\n        \"enterprise\": True,\n        \"gallery\": True,\n    }],\n    optional_claims={\n        \"access_tokens\": [\n            {\n                \"name\": \"myclaim\",\n            },\n            {\n                \"name\": \"otherclaim\",\n            },\n        ],\n        \"id_tokens\": [{\n            \"name\": \"userclaim\",\n            \"source\": \"user\",\n            \"essential\": True,\n            \"additional_properties\": [\"emit_as_roles\"],\n        }],\n        \"saml2_tokens\": [{\n            \"name\": \"samlexample\",\n        }],\n    },\n    required_resource_accesses=[\n        {\n            \"resource_app_id\": \"00000003-0000-0000-c000-000000000000\",\n            \"resource_accesses\": [\n                {\n                    \"id\": \"df021288-bdef-4463-88db-98f22de89214\",\n                    \"type\": \"Role\",\n                },\n                {\n                    \"id\": \"b4e74841-8e56-480b-be8b-910348b18b4c\",\n                    \"type\": \"Scope\",\n                },\n            ],\n        },\n        {\n            \"resource_app_id\": \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\n            \"resource_accesses\": [{\n                \"id\": \"594c1fb6-4f81-4475-ae41-0c394909246c\",\n                \"type\": \"Role\",\n            }],\n        },\n    ],\n    web={\n        \"homepage_url\": \"https://app.example.net\",\n        \"logout_url\": \"https://app.example.net/logout\",\n        \"redirect_uris\": [\"https://app.example.net/account\"],\n        \"implicit_grant\": {\n            \"access_token_issuance_enabled\": True,\n            \"id_token_issuance_enabled\": True,\n        },\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        IdentifierUris = new[]\n        {\n            \"api://example-app\",\n        },\n        LogoImage = Std.Index.Filebase64.Invoke(new()\n        {\n            Input = \"/path/to/logo.png\",\n        }).Apply(invoke =\u003e invoke.Result),\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        SignInAudience = \"AzureADMultipleOrgs\",\n        Api = new AzureAD.Inputs.ApplicationApiArgs\n        {\n            MappedClaimsEnabled = true,\n            RequestedAccessTokenVersion = 2,\n            KnownClientApplications = new[]\n            {\n                known1.ClientId,\n                known2.ClientId,\n            },\n            Oauth2PermissionScopes = new[]\n            {\n                new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs\n                {\n                    AdminConsentDescription = \"Allow the application to access example on behalf of the signed-in user.\",\n                    AdminConsentDisplayName = \"Access example\",\n                    Enabled = true,\n                    Id = \"96183846-204b-4b43-82e1-5d2222eb4b9b\",\n                    Type = \"User\",\n                    UserConsentDescription = \"Allow the application to access example on your behalf.\",\n                    UserConsentDisplayName = \"Access example\",\n                    Value = \"user_impersonation\",\n                },\n                new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs\n                {\n                    AdminConsentDescription = \"Administer the example application\",\n                    AdminConsentDisplayName = \"Administer\",\n                    Enabled = true,\n                    Id = \"be98fa3e-ab5b-4b11-83d9-04ba2b7946bc\",\n                    Type = \"Admin\",\n                    Value = \"administer\",\n                },\n            },\n        },\n        AppRoles = new[]\n        {\n            new AzureAD.Inputs.ApplicationAppRoleArgs\n            {\n                AllowedMemberTypes = new[]\n                {\n                    \"User\",\n                    \"Application\",\n                },\n                Description = \"Admins can manage roles and perform all task actions\",\n                DisplayName = \"Admin\",\n                Enabled = true,\n                Id = \"1b19509b-32b1-4e9f-b71d-4992aa991967\",\n                Value = \"admin\",\n            },\n            new AzureAD.Inputs.ApplicationAppRoleArgs\n            {\n                AllowedMemberTypes = new[]\n                {\n                    \"User\",\n                },\n                Description = \"ReadOnly roles have limited query access\",\n                DisplayName = \"ReadOnly\",\n                Enabled = true,\n                Id = \"497406e4-012a-4267-bf18-45a1cb148a01\",\n                Value = \"User\",\n            },\n        },\n        FeatureTags = new[]\n        {\n            new AzureAD.Inputs.ApplicationFeatureTagArgs\n            {\n                Enterprise = true,\n                Gallery = true,\n            },\n        },\n        OptionalClaims = new AzureAD.Inputs.ApplicationOptionalClaimsArgs\n        {\n            AccessTokens = new[]\n            {\n                new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs\n                {\n                    Name = \"myclaim\",\n                },\n                new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs\n                {\n                    Name = \"otherclaim\",\n                },\n            },\n            IdTokens = new[]\n            {\n                new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs\n                {\n                    Name = \"userclaim\",\n                    Source = \"user\",\n                    Essential = true,\n                    AdditionalProperties = new[]\n                    {\n                        \"emit_as_roles\",\n                    },\n                },\n            },\n            Saml2Tokens = new[]\n            {\n                new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs\n                {\n                    Name = \"samlexample\",\n                },\n            },\n        },\n        RequiredResourceAccesses = new[]\n        {\n            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n            {\n                ResourceAppId = \"00000003-0000-0000-c000-000000000000\",\n                ResourceAccesses = new[]\n                {\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = \"df021288-bdef-4463-88db-98f22de89214\",\n                        Type = \"Role\",\n                    },\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = \"b4e74841-8e56-480b-be8b-910348b18b4c\",\n                        Type = \"Scope\",\n                    },\n                },\n            },\n            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n            {\n                ResourceAppId = \"c5393580-f805-4401-95e8-94b7a6ef2fc2\",\n                ResourceAccesses = new[]\n                {\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = \"594c1fb6-4f81-4475-ae41-0c394909246c\",\n                        Type = \"Role\",\n                    },\n                },\n            },\n        },\n        Web = new AzureAD.Inputs.ApplicationWebArgs\n        {\n            HomepageUrl = \"https://app.example.net\",\n            LogoutUrl = \"https://app.example.net/logout\",\n            RedirectUris = new[]\n            {\n                \"https://app.example.net/account\",\n            },\n            ImplicitGrant = new AzureAD.Inputs.ApplicationWebImplicitGrantArgs\n            {\n                AccessTokenIssuanceEnabled = true,\n                IdTokenIssuanceEnabled = true,\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFilebase64, err := std.Filebase64(ctx, \u0026std.Filebase64Args{\n\t\t\tInput: \"/path/to/logo.png\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tIdentifierUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"api://example-app\"),\n\t\t\t},\n\t\t\tLogoImage: pulumi.String(invokeFilebase64.Result),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tSignInAudience: pulumi.String(\"AzureADMultipleOrgs\"),\n\t\t\tApi: \u0026azuread.ApplicationApiArgs{\n\t\t\t\tMappedClaimsEnabled:         pulumi.Bool(true),\n\t\t\t\tRequestedAccessTokenVersion: pulumi.Int(2),\n\t\t\t\tKnownClientApplications: pulumi.StringArray{\n\t\t\t\t\tknown1.ClientId,\n\t\t\t\t\tknown2.ClientId,\n\t\t\t\t},\n\t\t\t\tOauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{\n\t\t\t\t\t\u0026azuread.ApplicationApiOauth2PermissionScopeArgs{\n\t\t\t\t\t\tAdminConsentDescription: pulumi.String(\"Allow the application to access example on behalf of the signed-in user.\"),\n\t\t\t\t\t\tAdminConsentDisplayName: pulumi.String(\"Access example\"),\n\t\t\t\t\t\tEnabled:                 pulumi.Bool(true),\n\t\t\t\t\t\tId:                      pulumi.String(\"96183846-204b-4b43-82e1-5d2222eb4b9b\"),\n\t\t\t\t\t\tType:                    pulumi.String(\"User\"),\n\t\t\t\t\t\tUserConsentDescription:  pulumi.String(\"Allow the application to access example on your behalf.\"),\n\t\t\t\t\t\tUserConsentDisplayName:  pulumi.String(\"Access example\"),\n\t\t\t\t\t\tValue:                   pulumi.String(\"user_impersonation\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026azuread.ApplicationApiOauth2PermissionScopeArgs{\n\t\t\t\t\t\tAdminConsentDescription: pulumi.String(\"Administer the example application\"),\n\t\t\t\t\t\tAdminConsentDisplayName: pulumi.String(\"Administer\"),\n\t\t\t\t\t\tEnabled:                 pulumi.Bool(true),\n\t\t\t\t\t\tId:                      pulumi.String(\"be98fa3e-ab5b-4b11-83d9-04ba2b7946bc\"),\n\t\t\t\t\t\tType:                    pulumi.String(\"Admin\"),\n\t\t\t\t\t\tValue:                   pulumi.String(\"administer\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAppRoles: azuread.ApplicationAppRoleTypeArray{\n\t\t\t\t\u0026azuread.ApplicationAppRoleTypeArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"User\"),\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Admins can manage roles and perform all task actions\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Admin\"),\n\t\t\t\t\tEnabled:     pulumi.Bool(true),\n\t\t\t\t\tId:          pulumi.String(\"1b19509b-32b1-4e9f-b71d-4992aa991967\"),\n\t\t\t\t\tValue:       pulumi.String(\"admin\"),\n\t\t\t\t},\n\t\t\t\t\u0026azuread.ApplicationAppRoleTypeArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"User\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"ReadOnly roles have limited query access\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"ReadOnly\"),\n\t\t\t\t\tEnabled:     pulumi.Bool(true),\n\t\t\t\t\tId:          pulumi.String(\"497406e4-012a-4267-bf18-45a1cb148a01\"),\n\t\t\t\t\tValue:       pulumi.String(\"User\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tFeatureTags: azuread.ApplicationFeatureTagArray{\n\t\t\t\t\u0026azuread.ApplicationFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery:    pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOptionalClaims: \u0026azuread.ApplicationOptionalClaimsTypeArgs{\n\t\t\t\tAccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{\n\t\t\t\t\t\u0026azuread.ApplicationOptionalClaimsAccessTokenArgs{\n\t\t\t\t\t\tName: pulumi.String(\"myclaim\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026azuread.ApplicationOptionalClaimsAccessTokenArgs{\n\t\t\t\t\t\tName: pulumi.String(\"otherclaim\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tIdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{\n\t\t\t\t\t\u0026azuread.ApplicationOptionalClaimsIdTokenArgs{\n\t\t\t\t\t\tName:      pulumi.String(\"userclaim\"),\n\t\t\t\t\t\tSource:    pulumi.String(\"user\"),\n\t\t\t\t\t\tEssential: pulumi.Bool(true),\n\t\t\t\t\t\tAdditionalProperties: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"emit_as_roles\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSaml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{\n\t\t\t\t\t\u0026azuread.ApplicationOptionalClaimsSaml2TokenArgs{\n\t\t\t\t\t\tName: pulumi.String(\"samlexample\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(\"00000003-0000-0000-c000-000000000000\"),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId:   pulumi.String(\"df021288-bdef-4463-88db-98f22de89214\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId:   pulumi.String(\"b4e74841-8e56-480b-be8b-910348b18b4c\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(\"c5393580-f805-4401-95e8-94b7a6ef2fc2\"),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId:   pulumi.String(\"594c1fb6-4f81-4475-ae41-0c394909246c\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tWeb: \u0026azuread.ApplicationWebArgs{\n\t\t\t\tHomepageUrl: pulumi.String(\"https://app.example.net\"),\n\t\t\t\tLogoutUrl:   pulumi.String(\"https://app.example.net/logout\"),\n\t\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://app.example.net/account\"),\n\t\t\t\t},\n\t\t\t\tImplicitGrant: \u0026azuread.ApplicationWebImplicitGrantArgs{\n\t\t\t\t\tAccessTokenIssuanceEnabled: pulumi.Bool(true),\n\t\t\t\t\tIdTokenIssuanceEnabled:     pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationApiArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;\nimport com.pulumi.azuread.inputs.ApplicationOptionalClaimsArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.inputs.ApplicationWebArgs;\nimport com.pulumi.azuread.inputs.ApplicationWebImplicitGrantArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.Filebase64Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .identifierUris(\"api://example-app\")\n            .logoImage(StdFunctions.filebase64(Filebase64Args.builder()\n                .input(\"/path/to/logo.png\")\n                .build()).result())\n            .owners(current.objectId())\n            .signInAudience(\"AzureADMultipleOrgs\")\n            .api(ApplicationApiArgs.builder()\n                .mappedClaimsEnabled(true)\n                .requestedAccessTokenVersion(2)\n                .knownClientApplications(                \n                    known1.clientId(),\n                    known2.clientId())\n                .oauth2PermissionScopes(                \n                    ApplicationApiOauth2PermissionScopeArgs.builder()\n                        .adminConsentDescription(\"Allow the application to access example on behalf of the signed-in user.\")\n                        .adminConsentDisplayName(\"Access example\")\n                        .enabled(true)\n                        .id(\"96183846-204b-4b43-82e1-5d2222eb4b9b\")\n                        .type(\"User\")\n                        .userConsentDescription(\"Allow the application to access example on your behalf.\")\n                        .userConsentDisplayName(\"Access example\")\n                        .value(\"user_impersonation\")\n                        .build(),\n                    ApplicationApiOauth2PermissionScopeArgs.builder()\n                        .adminConsentDescription(\"Administer the example application\")\n                        .adminConsentDisplayName(\"Administer\")\n                        .enabled(true)\n                        .id(\"be98fa3e-ab5b-4b11-83d9-04ba2b7946bc\")\n                        .type(\"Admin\")\n                        .value(\"administer\")\n                        .build())\n                .build())\n            .appRoles(            \n                ApplicationAppRoleArgs.builder()\n                    .allowedMemberTypes(                    \n                        \"User\",\n                        \"Application\")\n                    .description(\"Admins can manage roles and perform all task actions\")\n                    .displayName(\"Admin\")\n                    .enabled(true)\n                    .id(\"1b19509b-32b1-4e9f-b71d-4992aa991967\")\n                    .value(\"admin\")\n                    .build(),\n                ApplicationAppRoleArgs.builder()\n                    .allowedMemberTypes(\"User\")\n                    .description(\"ReadOnly roles have limited query access\")\n                    .displayName(\"ReadOnly\")\n                    .enabled(true)\n                    .id(\"497406e4-012a-4267-bf18-45a1cb148a01\")\n                    .value(\"User\")\n                    .build())\n            .featureTags(ApplicationFeatureTagArgs.builder()\n                .enterprise(true)\n                .gallery(true)\n                .build())\n            .optionalClaims(ApplicationOptionalClaimsArgs.builder()\n                .accessTokens(                \n                    ApplicationOptionalClaimsAccessTokenArgs.builder()\n                        .name(\"myclaim\")\n                        .build(),\n                    ApplicationOptionalClaimsAccessTokenArgs.builder()\n                        .name(\"otherclaim\")\n                        .build())\n                .idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()\n                    .name(\"userclaim\")\n                    .source(\"user\")\n                    .essential(true)\n                    .additionalProperties(\"emit_as_roles\")\n                    .build())\n                .saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()\n                    .name(\"samlexample\")\n                    .build())\n                .build())\n            .requiredResourceAccesses(            \n                ApplicationRequiredResourceAccessArgs.builder()\n                    .resourceAppId(\"00000003-0000-0000-c000-000000000000\")\n                    .resourceAccesses(                    \n                        ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                            .id(\"df021288-bdef-4463-88db-98f22de89214\")\n                            .type(\"Role\")\n                            .build(),\n                        ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                            .id(\"b4e74841-8e56-480b-be8b-910348b18b4c\")\n                            .type(\"Scope\")\n                            .build())\n                    .build(),\n                ApplicationRequiredResourceAccessArgs.builder()\n                    .resourceAppId(\"c5393580-f805-4401-95e8-94b7a6ef2fc2\")\n                    .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(\"594c1fb6-4f81-4475-ae41-0c394909246c\")\n                        .type(\"Role\")\n                        .build())\n                    .build())\n            .web(ApplicationWebArgs.builder()\n                .homepageUrl(\"https://app.example.net\")\n                .logoutUrl(\"https://app.example.net/logout\")\n                .redirectUris(\"https://app.example.net/account\")\n                .implicitGrant(ApplicationWebImplicitGrantArgs.builder()\n                    .accessTokenIssuanceEnabled(true)\n                    .idTokenIssuanceEnabled(true)\n                    .build())\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      identifierUris:\n        - api://example-app\n      logoImage:\n        fn::invoke:\n          function: std:filebase64\n          arguments:\n            input: /path/to/logo.png\n          return: result\n      owners:\n        - ${current.objectId}\n      signInAudience: AzureADMultipleOrgs\n      api:\n        mappedClaimsEnabled: true\n        requestedAccessTokenVersion: 2\n        knownClientApplications:\n          - ${known1.clientId}\n          - ${known2.clientId}\n        oauth2PermissionScopes:\n          - adminConsentDescription: Allow the application to access example on behalf of the signed-in user.\n            adminConsentDisplayName: Access example\n            enabled: true\n            id: 96183846-204b-4b43-82e1-5d2222eb4b9b\n            type: User\n            userConsentDescription: Allow the application to access example on your behalf.\n            userConsentDisplayName: Access example\n            value: user_impersonation\n          - adminConsentDescription: Administer the example application\n            adminConsentDisplayName: Administer\n            enabled: true\n            id: be98fa3e-ab5b-4b11-83d9-04ba2b7946bc\n            type: Admin\n            value: administer\n      appRoles:\n        - allowedMemberTypes:\n            - User\n            - Application\n          description: Admins can manage roles and perform all task actions\n          displayName: Admin\n          enabled: true\n          id: 1b19509b-32b1-4e9f-b71d-4992aa991967\n          value: admin\n        - allowedMemberTypes:\n            - User\n          description: ReadOnly roles have limited query access\n          displayName: ReadOnly\n          enabled: true\n          id: 497406e4-012a-4267-bf18-45a1cb148a01\n          value: User\n      featureTags:\n        - enterprise: true\n          gallery: true\n      optionalClaims:\n        accessTokens:\n          - name: myclaim\n          - name: otherclaim\n        idTokens:\n          - name: userclaim\n            source: user\n            essential: true\n            additionalProperties:\n              - emit_as_roles\n        saml2Tokens:\n          - name: samlexample\n      requiredResourceAccesses:\n        - resourceAppId: 00000003-0000-0000-c000-000000000000\n          resourceAccesses:\n            - id: df021288-bdef-4463-88db-98f22de89214\n              type: Role\n            - id: b4e74841-8e56-480b-be8b-910348b18b4c\n              type: Scope\n        - resourceAppId: c5393580-f805-4401-95e8-94b7a6ef2fc2\n          resourceAccesses:\n            - id: 594c1fb6-4f81-4475-ae41-0c394909246c\n              type: Role\n      web:\n        homepageUrl: https://app.example.net\n        logoutUrl: https://app.example.net/logout\n        redirectUris:\n          - https://app.example.net/account\n        implicitGrant:\n          accessTokenIssuanceEnabled: true\n          idTokenIssuanceEnabled: true\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create application and generate a password*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as std from \"@pulumi/std\";\nimport * as time from \"@pulumiverse/time\";\n\nconst current = azuread.getClientConfig({});\nconst example = new time.Rotating(\"example\", {rotationDays: 180});\nconst exampleApplication = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    owners: [current.then(current =\u003e current.objectId)],\n    password: {\n        displayName: \"MySecret-1\",\n        startDate: example.id,\n        endDate: std.timeaddOutput({\n            duration: example.id,\n            timestamp: \"4320h\",\n        }).apply(invoke =\u003e invoke.result),\n    },\n});\nexport const examplePassword = exampleApplication.password.apply(password =\u003e password?.[0]?.value);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_std as std\nimport pulumiverse_time as time\n\ncurrent = azuread.get_client_config()\nexample = time.Rotating(\"example\", rotation_days=180)\nexample_application = azuread.Application(\"example\",\n    display_name=\"example\",\n    owners=[current.object_id],\n    password={\n        \"display_name\": \"MySecret-1\",\n        \"start_date\": example.id,\n        \"end_date\": std.timeadd_output(duration=example.id,\n            timestamp=\"4320h\").apply(lambda invoke: invoke.result),\n    })\npulumi.export(\"examplePassword\", example_application.password[0][\"value\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Std = Pulumi.Std;\nusing Time = Pulumiverse.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new Time.Index.Rotating(\"example\", new()\n    {\n        RotationDays = 180,\n    });\n\n    var exampleApplication = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        Password = new AzureAD.Inputs.ApplicationPasswordArgs\n        {\n            DisplayName = \"MySecret-1\",\n            StartDate = example.Id,\n            EndDate = Std.Index.Timeadd.Invoke(new()\n            {\n                Duration = example.Id,\n                Timestamp = \"4320h\",\n            }).Apply(invoke =\u003e invoke.Result),\n        },\n    });\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"examplePassword\"] = exampleApplication.Password.Apply(password =\u003e password[0]?.Value),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-time/sdk/go/time\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{\n}, nil);\nif err != nil {\nreturn err\n}\nexample, err := time.NewRotating(ctx, \"example\", \u0026time.RotatingArgs{\nRotationDays: pulumi.Int(180),\n})\nif err != nil {\nreturn err\n}\nexampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\nDisplayName: pulumi.String(\"example\"),\nOwners: pulumi.StringArray{\npulumi.String(pulumi.String(current.ObjectId)),\n},\nPassword: \u0026azuread.ApplicationPasswordTypeArgs{\nDisplayName: pulumi.String(\"MySecret-1\"),\nStartDate: example.ID(),\nEndDate: std.TimeaddOutput(ctx, std.TimeaddOutputArgs{\nDuration: example.ID(),\nTimestamp: pulumi.String(\"4320h\"),\n}, nil).ApplyT(func(invoke std.TimeaddResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput),\n},\n})\nif err != nil {\nreturn err\n}\nctx.Export(\"examplePassword\", exampleApplication.Password.ApplyT(func(password azuread.ApplicationPasswordType) (*interface{}, error) {\nreturn \u0026password[0].Value, nil\n}).(pulumi.Interface{}PtrOutput))\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumiverse.time.Rotating;\nimport com.pulumiverse.time.RotatingArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationPasswordArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.TimeaddArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new Rotating(\"example\", RotatingArgs.builder()\n            .rotationDays(180)\n            .build());\n\n        var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .owners(current.objectId())\n            .password(ApplicationPasswordArgs.builder()\n                .displayName(\"MySecret-1\")\n                .startDate(example.id())\n                .endDate(StdFunctions.timeadd(TimeaddArgs.builder()\n                    .duration(example.id())\n                    .timestamp(\"4320h\")\n                    .build()).applyValue(_invoke -\u003e _invoke.result()))\n                .build())\n            .build());\n\n        ctx.export(\"examplePassword\", exampleApplication.password().applyValue(_password -\u003e _password[0].value()));\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: time:Rotating\n    properties:\n      rotationDays: 180\n  exampleApplication:\n    type: azuread:Application\n    name: example\n    properties:\n      displayName: example\n      owners:\n        - ${current.objectId}\n      password:\n        displayName: MySecret-1\n        startDate: ${example.id}\n        endDate:\n          fn::invoke:\n            function: std:timeadd\n            arguments:\n              duration: ${example.id}\n              timestamp: 4320h\n            return: result\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\noutputs:\n  examplePassword: ${exampleApplication.password[0].value}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create application from a gallery template*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n    displayName: \"Marketo\",\n});\nconst exampleApplication = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n    clientId: exampleApplication.clientId,\n    useExisting: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Marketo\")\nexample_application = azuread.Application(\"example\",\n    display_name=\"example\",\n    template_id=example.template_id)\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n    client_id=example_application.client_id,\n    use_existing=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetApplicationTemplate.Invoke(new()\n    {\n        DisplayName = \"Marketo\",\n    });\n\n    var exampleApplication = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = exampleApplication.ClientId,\n        UseExisting = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Marketo\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId:  pulumi.String(pulumi.String(example.TemplateId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:    exampleApplication.ClientId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n            .displayName(\"Marketo\")\n            .build());\n\n        var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .templateId(example.templateId())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(exampleApplication.clientId())\n            .useExisting(true)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleApplication:\n    type: azuread:Application\n    name: example\n    properties:\n      displayName: example\n      templateId: ${example.templateId}\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${exampleApplication.clientId}\n      useExisting: true\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getApplicationTemplate\n      arguments:\n        displayName: Marketo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplications can be imported using the object ID of the application, in the following format.\n\n```sh\n$ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"api":{"$ref":"#/types/azuread:index/ApplicationApi:ApplicationApi","description":"An \u003cspan pulumi-lang-nodejs=\"`api`\" pulumi-lang-dotnet=\"`Api`\" pulumi-lang-go=\"`api`\" pulumi-lang-python=\"`api`\" pulumi-lang-yaml=\"`api`\" pulumi-lang-java=\"`api`\"\u003e`api`\u003c/span\u003e block as documented below, which configures API related settings for this application.\n"},"appRoleIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.\n"},"appRoles":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationAppRole:ApplicationAppRole"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`appRole`\" pulumi-lang-dotnet=\"`AppRole`\" pulumi-lang-go=\"`appRole`\" pulumi-lang-python=\"`app_role`\" pulumi-lang-yaml=\"`appRole`\" pulumi-lang-java=\"`appRole`\"\u003e`appRole`\u003c/span\u003e blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).\n"},"clientId":{"type":"string","description":"The Client ID for the application.\n"},"description":{"type":"string","description":"A description of the application, as shown to end users.\n"},"deviceOnlyAuthEnabled":{"type":"boolean","description":"Specifies whether this application supports device authentication without a user. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disabledByMicrosoft":{"type":"string","description":"Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"fallbackPublicClientEnabled":{"type":"boolean","description":"Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"featureTags":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationFeatureTag:ApplicationFeatureTag"},"description":"A \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block as described below. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property.\n\n\u003e **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e for an application at the same time, so if you need to assign additional custom tags it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property instead. Tag values also propagate to any linked service principals.\n"},"groupMembershipClaims":{"type":"array","items":{"type":"string"},"description":"A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n"},"identifierUris":{"type":"array","items":{"type":"string"},"description":"A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.\n"},"logoImage":{"type":"string","description":"A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.\n"},"logoUrl":{"type":"string","description":"CDN URL to the application's logo, as uploaded with the \u003cspan pulumi-lang-nodejs=\"`logoImage`\" pulumi-lang-dotnet=\"`LogoImage`\" pulumi-lang-go=\"`logoImage`\" pulumi-lang-python=\"`logo_image`\" pulumi-lang-yaml=\"`logoImage`\" pulumi-lang-java=\"`logoImage`\"\u003e`logoImage`\u003c/span\u003e property.\n"},"marketingUrl":{"type":"string","description":"URL of the application's marketing page.\n"},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application.\n"},"oauth2PermissionScopeIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.\n"},"oauth2PostResponseRequired":{"type":"boolean","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, which specifies that only GET requests are allowed.\n"},"objectId":{"type":"string","description":"The application's object ID.\n"},"optionalClaims":{"$ref":"#/types/azuread:index/ApplicationOptionalClaims:ApplicationOptionalClaims","description":"An \u003cspan pulumi-lang-nodejs=\"`optionalClaims`\" pulumi-lang-dotnet=\"`OptionalClaims`\" pulumi-lang-go=\"`optionalClaims`\" pulumi-lang-python=\"`optional_claims`\" pulumi-lang-yaml=\"`optionalClaims`\" pulumi-lang-java=\"`optionalClaims`\"\u003e`optionalClaims`\u003c/span\u003e block as documented below.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned.\n\n\u003e **Ownership of Applications** It's recommended to always specify one or more application owners, including the principal being used to execute Terraform, such as in the example above.\n"},"password":{"$ref":"#/types/azuread:index/ApplicationPassword:ApplicationPassword","description":"A single \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e block as documented below. The password is generated during creation. By default, no password is generated.\n\n\u003e **Creating a Password** The \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationPassword \" pulumi-lang-dotnet=\" azuread.ApplicationPassword \" pulumi-lang-go=\" ApplicationPassword \" pulumi-lang-python=\" ApplicationPassword \" pulumi-lang-yaml=\" azuread.ApplicationPassword \" pulumi-lang-java=\" azuread.ApplicationPassword \"\u003e azuread.ApplicationPassword \u003c/span\u003eresource.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing application is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"privacyStatementUrl":{"type":"string","description":"URL of the application's privacy statement.\n"},"publicClient":{"$ref":"#/types/azuread:index/ApplicationPublicClient:ApplicationPublicClient","description":"A \u003cspan pulumi-lang-nodejs=\"`publicClient`\" pulumi-lang-dotnet=\"`PublicClient`\" pulumi-lang-go=\"`publicClient`\" pulumi-lang-python=\"`public_client`\" pulumi-lang-yaml=\"`publicClient`\" pulumi-lang-java=\"`publicClient`\"\u003e`publicClient`\u003c/span\u003e block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.\n"},"publisherDomain":{"type":"string","description":"The verified publisher domain for the application.\n"},"requiredResourceAccesses":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationRequiredResourceAccess:ApplicationRequiredResourceAccess"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`requiredResourceAccess`\" pulumi-lang-dotnet=\"`RequiredResourceAccess`\" pulumi-lang-go=\"`requiredResourceAccess`\" pulumi-lang-python=\"`required_resource_access`\" pulumi-lang-yaml=\"`requiredResourceAccess`\" pulumi-lang-java=\"`requiredResourceAccess`\"\u003e`requiredResourceAccess`\u003c/span\u003e blocks as documented below.\n"},"serviceManagementReference":{"type":"string","description":"References application context information from a Service or Asset Management database.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.\n\n\u003e **Changing \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e for existing applications** When updating an existing application to use a \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e value of `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`, your configuration may no longer be valid. Refer to [official documentation](https://docs.microsoft.com/en-gb/azure/active-directory/develop/supported-accounts-validation) to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.\n"},"singlePageApplication":{"$ref":"#/types/azuread:index/ApplicationSinglePageApplication:ApplicationSinglePageApplication","description":"A \u003cspan pulumi-lang-nodejs=\"`singlePageApplication`\" pulumi-lang-dotnet=\"`SinglePageApplication`\" pulumi-lang-go=\"`singlePageApplication`\" pulumi-lang-python=\"`single_page_application`\" pulumi-lang-yaml=\"`singlePageApplication`\" pulumi-lang-java=\"`singlePageApplication`\"\u003e`singlePageApplication`\u003c/span\u003e block as documented below, which configures single-page application (SPA) related settings for this application.\n"},"supportUrl":{"type":"string","description":"URL of the application's support page.\n"},"tags":{"type":"array","items":{"type":"string"},"description":"A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block.\n\n\u003e **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property or with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block. If you need to set any custom tag values not supported by the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block, it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property. Tag values also propagate to any linked service principals.\n"},"templateId":{"type":"string","description":"Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.\n\n\u003e **Tip for Gallery Applications** This resource can  be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationRegistration \" pulumi-lang-dotnet=\" azuread.ApplicationRegistration \" pulumi-lang-go=\" ApplicationRegistration \" pulumi-lang-python=\" ApplicationRegistration \" pulumi-lang-yaml=\" azuread.ApplicationRegistration \" pulumi-lang-java=\" azuread.ApplicationRegistration \"\u003e azuread.ApplicationRegistration \u003c/span\u003eresource instead.\n"},"termsOfServiceUrl":{"type":"string","description":"URL of the application's terms of service statement.\n"},"web":{"$ref":"#/types/azuread:index/ApplicationWeb:ApplicationWeb","description":"A \u003cspan pulumi-lang-nodejs=\"`web`\" pulumi-lang-dotnet=\"`Web`\" pulumi-lang-go=\"`web`\" pulumi-lang-python=\"`web`\" pulumi-lang-yaml=\"`web`\" pulumi-lang-java=\"`web`\"\u003e`web`\u003c/span\u003e block as documented below, which configures web related settings for this application.\n\n\u003e **Application Name Uniqueness** Application names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing applications if you want to avoid name collisions.\n"}},"required":["appRoleIds","clientId","disabledByMicrosoft","displayName","featureTags","logoUrl","oauth2PermissionScopeIds","objectId","publisherDomain","tags","templateId"],"inputProperties":{"api":{"$ref":"#/types/azuread:index/ApplicationApi:ApplicationApi","description":"An \u003cspan pulumi-lang-nodejs=\"`api`\" pulumi-lang-dotnet=\"`Api`\" pulumi-lang-go=\"`api`\" pulumi-lang-python=\"`api`\" pulumi-lang-yaml=\"`api`\" pulumi-lang-java=\"`api`\"\u003e`api`\u003c/span\u003e block as documented below, which configures API related settings for this application.\n"},"appRoles":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationAppRole:ApplicationAppRole"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`appRole`\" pulumi-lang-dotnet=\"`AppRole`\" pulumi-lang-go=\"`appRole`\" pulumi-lang-python=\"`app_role`\" pulumi-lang-yaml=\"`appRole`\" pulumi-lang-java=\"`appRole`\"\u003e`appRole`\u003c/span\u003e blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).\n"},"description":{"type":"string","description":"A description of the application, as shown to end users.\n"},"deviceOnlyAuthEnabled":{"type":"boolean","description":"Specifies whether this application supports device authentication without a user. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"fallbackPublicClientEnabled":{"type":"boolean","description":"Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"featureTags":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationFeatureTag:ApplicationFeatureTag"},"description":"A \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block as described below. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property.\n\n\u003e **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e for an application at the same time, so if you need to assign additional custom tags it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property instead. Tag values also propagate to any linked service principals.\n"},"groupMembershipClaims":{"type":"array","items":{"type":"string"},"description":"A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n"},"identifierUris":{"type":"array","items":{"type":"string"},"description":"A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.\n"},"logoImage":{"type":"string","description":"A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.\n"},"marketingUrl":{"type":"string","description":"URL of the application's marketing page.\n"},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application.\n"},"oauth2PostResponseRequired":{"type":"boolean","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, which specifies that only GET requests are allowed.\n"},"optionalClaims":{"$ref":"#/types/azuread:index/ApplicationOptionalClaims:ApplicationOptionalClaims","description":"An \u003cspan pulumi-lang-nodejs=\"`optionalClaims`\" pulumi-lang-dotnet=\"`OptionalClaims`\" pulumi-lang-go=\"`optionalClaims`\" pulumi-lang-python=\"`optional_claims`\" pulumi-lang-yaml=\"`optionalClaims`\" pulumi-lang-java=\"`optionalClaims`\"\u003e`optionalClaims`\u003c/span\u003e block as documented below.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned.\n\n\u003e **Ownership of Applications** It's recommended to always specify one or more application owners, including the principal being used to execute Terraform, such as in the example above.\n"},"password":{"$ref":"#/types/azuread:index/ApplicationPassword:ApplicationPassword","description":"A single \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e block as documented below. The password is generated during creation. By default, no password is generated.\n\n\u003e **Creating a Password** The \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationPassword \" pulumi-lang-dotnet=\" azuread.ApplicationPassword \" pulumi-lang-go=\" ApplicationPassword \" pulumi-lang-python=\" ApplicationPassword \" pulumi-lang-yaml=\" azuread.ApplicationPassword \" pulumi-lang-java=\" azuread.ApplicationPassword \"\u003e azuread.ApplicationPassword \u003c/span\u003eresource.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing application is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"privacyStatementUrl":{"type":"string","description":"URL of the application's privacy statement.\n"},"publicClient":{"$ref":"#/types/azuread:index/ApplicationPublicClient:ApplicationPublicClient","description":"A \u003cspan pulumi-lang-nodejs=\"`publicClient`\" pulumi-lang-dotnet=\"`PublicClient`\" pulumi-lang-go=\"`publicClient`\" pulumi-lang-python=\"`public_client`\" pulumi-lang-yaml=\"`publicClient`\" pulumi-lang-java=\"`publicClient`\"\u003e`publicClient`\u003c/span\u003e block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.\n"},"requiredResourceAccesses":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationRequiredResourceAccess:ApplicationRequiredResourceAccess"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`requiredResourceAccess`\" pulumi-lang-dotnet=\"`RequiredResourceAccess`\" pulumi-lang-go=\"`requiredResourceAccess`\" pulumi-lang-python=\"`required_resource_access`\" pulumi-lang-yaml=\"`requiredResourceAccess`\" pulumi-lang-java=\"`requiredResourceAccess`\"\u003e`requiredResourceAccess`\u003c/span\u003e blocks as documented below.\n"},"serviceManagementReference":{"type":"string","description":"References application context information from a Service or Asset Management database.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.\n\n\u003e **Changing \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e for existing applications** When updating an existing application to use a \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e value of `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`, your configuration may no longer be valid. Refer to [official documentation](https://docs.microsoft.com/en-gb/azure/active-directory/develop/supported-accounts-validation) to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.\n"},"singlePageApplication":{"$ref":"#/types/azuread:index/ApplicationSinglePageApplication:ApplicationSinglePageApplication","description":"A \u003cspan pulumi-lang-nodejs=\"`singlePageApplication`\" pulumi-lang-dotnet=\"`SinglePageApplication`\" pulumi-lang-go=\"`singlePageApplication`\" pulumi-lang-python=\"`single_page_application`\" pulumi-lang-yaml=\"`singlePageApplication`\" pulumi-lang-java=\"`singlePageApplication`\"\u003e`singlePageApplication`\u003c/span\u003e block as documented below, which configures single-page application (SPA) related settings for this application.\n"},"supportUrl":{"type":"string","description":"URL of the application's support page.\n"},"tags":{"type":"array","items":{"type":"string"},"description":"A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block.\n\n\u003e **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property or with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block. If you need to set any custom tag values not supported by the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block, it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property. Tag values also propagate to any linked service principals.\n"},"templateId":{"type":"string","description":"Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.\n\n\u003e **Tip for Gallery Applications** This resource can  be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationRegistration \" pulumi-lang-dotnet=\" azuread.ApplicationRegistration \" pulumi-lang-go=\" ApplicationRegistration \" pulumi-lang-python=\" ApplicationRegistration \" pulumi-lang-yaml=\" azuread.ApplicationRegistration \" pulumi-lang-java=\" azuread.ApplicationRegistration \"\u003e azuread.ApplicationRegistration \u003c/span\u003eresource instead.\n","willReplaceOnChanges":true},"termsOfServiceUrl":{"type":"string","description":"URL of the application's terms of service statement.\n"},"web":{"$ref":"#/types/azuread:index/ApplicationWeb:ApplicationWeb","description":"A \u003cspan pulumi-lang-nodejs=\"`web`\" pulumi-lang-dotnet=\"`Web`\" pulumi-lang-go=\"`web`\" pulumi-lang-python=\"`web`\" pulumi-lang-yaml=\"`web`\" pulumi-lang-java=\"`web`\"\u003e`web`\u003c/span\u003e block as documented below, which configures web related settings for this application.\n\n\u003e **Application Name Uniqueness** Application names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing applications if you want to avoid name collisions.\n"}},"requiredInputs":["displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering Application resources.\n","properties":{"api":{"$ref":"#/types/azuread:index/ApplicationApi:ApplicationApi","description":"An \u003cspan pulumi-lang-nodejs=\"`api`\" pulumi-lang-dotnet=\"`Api`\" pulumi-lang-go=\"`api`\" pulumi-lang-python=\"`api`\" pulumi-lang-yaml=\"`api`\" pulumi-lang-java=\"`api`\"\u003e`api`\u003c/span\u003e block as documented below, which configures API related settings for this application.\n"},"appRoleIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.\n"},"appRoles":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationAppRole:ApplicationAppRole"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`appRole`\" pulumi-lang-dotnet=\"`AppRole`\" pulumi-lang-go=\"`appRole`\" pulumi-lang-python=\"`app_role`\" pulumi-lang-yaml=\"`appRole`\" pulumi-lang-java=\"`appRole`\"\u003e`appRole`\u003c/span\u003e blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).\n"},"clientId":{"type":"string","description":"The Client ID for the application.\n"},"description":{"type":"string","description":"A description of the application, as shown to end users.\n"},"deviceOnlyAuthEnabled":{"type":"boolean","description":"Specifies whether this application supports device authentication without a user. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disabledByMicrosoft":{"type":"string","description":"Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"fallbackPublicClientEnabled":{"type":"boolean","description":"Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"featureTags":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationFeatureTag:ApplicationFeatureTag"},"description":"A \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block as described below. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property.\n\n\u003e **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e for an application at the same time, so if you need to assign additional custom tags it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property instead. Tag values also propagate to any linked service principals.\n"},"groupMembershipClaims":{"type":"array","items":{"type":"string"},"description":"A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n"},"identifierUris":{"type":"array","items":{"type":"string"},"description":"A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.\n"},"logoImage":{"type":"string","description":"A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.\n"},"logoUrl":{"type":"string","description":"CDN URL to the application's logo, as uploaded with the \u003cspan pulumi-lang-nodejs=\"`logoImage`\" pulumi-lang-dotnet=\"`LogoImage`\" pulumi-lang-go=\"`logoImage`\" pulumi-lang-python=\"`logo_image`\" pulumi-lang-yaml=\"`logoImage`\" pulumi-lang-java=\"`logoImage`\"\u003e`logoImage`\u003c/span\u003e property.\n"},"marketingUrl":{"type":"string","description":"URL of the application's marketing page.\n"},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application.\n"},"oauth2PermissionScopeIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.\n"},"oauth2PostResponseRequired":{"type":"boolean","description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, which specifies that only GET requests are allowed.\n"},"objectId":{"type":"string","description":"The application's object ID.\n"},"optionalClaims":{"$ref":"#/types/azuread:index/ApplicationOptionalClaims:ApplicationOptionalClaims","description":"An \u003cspan pulumi-lang-nodejs=\"`optionalClaims`\" pulumi-lang-dotnet=\"`OptionalClaims`\" pulumi-lang-go=\"`optionalClaims`\" pulumi-lang-python=\"`optional_claims`\" pulumi-lang-yaml=\"`optionalClaims`\" pulumi-lang-java=\"`optionalClaims`\"\u003e`optionalClaims`\u003c/span\u003e block as documented below.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the application. Supported object types are users or service principals. By default, no owners are assigned.\n\n\u003e **Ownership of Applications** It's recommended to always specify one or more application owners, including the principal being used to execute Terraform, such as in the example above.\n"},"password":{"$ref":"#/types/azuread:index/ApplicationPassword:ApplicationPassword","description":"A single \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e block as documented below. The password is generated during creation. By default, no password is generated.\n\n\u003e **Creating a Password** The \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationPassword \" pulumi-lang-dotnet=\" azuread.ApplicationPassword \" pulumi-lang-go=\" ApplicationPassword \" pulumi-lang-python=\" ApplicationPassword \" pulumi-lang-yaml=\" azuread.ApplicationPassword \" pulumi-lang-java=\" azuread.ApplicationPassword \"\u003e azuread.ApplicationPassword \u003c/span\u003eresource.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing application is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"privacyStatementUrl":{"type":"string","description":"URL of the application's privacy statement.\n"},"publicClient":{"$ref":"#/types/azuread:index/ApplicationPublicClient:ApplicationPublicClient","description":"A \u003cspan pulumi-lang-nodejs=\"`publicClient`\" pulumi-lang-dotnet=\"`PublicClient`\" pulumi-lang-go=\"`publicClient`\" pulumi-lang-python=\"`public_client`\" pulumi-lang-yaml=\"`publicClient`\" pulumi-lang-java=\"`publicClient`\"\u003e`publicClient`\u003c/span\u003e block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.\n"},"publisherDomain":{"type":"string","description":"The verified publisher domain for the application.\n"},"requiredResourceAccesses":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationRequiredResourceAccess:ApplicationRequiredResourceAccess"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`requiredResourceAccess`\" pulumi-lang-dotnet=\"`RequiredResourceAccess`\" pulumi-lang-go=\"`requiredResourceAccess`\" pulumi-lang-python=\"`required_resource_access`\" pulumi-lang-yaml=\"`requiredResourceAccess`\" pulumi-lang-java=\"`requiredResourceAccess`\"\u003e`requiredResourceAccess`\u003c/span\u003e blocks as documented below.\n"},"serviceManagementReference":{"type":"string","description":"References application context information from a Service or Asset Management database.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.\n\n\u003e **Changing \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e for existing applications** When updating an existing application to use a \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e value of `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`, your configuration may no longer be valid. Refer to [official documentation](https://docs.microsoft.com/en-gb/azure/active-directory/develop/supported-accounts-validation) to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.\n"},"singlePageApplication":{"$ref":"#/types/azuread:index/ApplicationSinglePageApplication:ApplicationSinglePageApplication","description":"A \u003cspan pulumi-lang-nodejs=\"`singlePageApplication`\" pulumi-lang-dotnet=\"`SinglePageApplication`\" pulumi-lang-go=\"`singlePageApplication`\" pulumi-lang-python=\"`single_page_application`\" pulumi-lang-yaml=\"`singlePageApplication`\" pulumi-lang-java=\"`singlePageApplication`\"\u003e`singlePageApplication`\u003c/span\u003e block as documented below, which configures single-page application (SPA) related settings for this application.\n"},"supportUrl":{"type":"string","description":"URL of the application's support page.\n"},"tags":{"type":"array","items":{"type":"string"},"description":"A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block.\n\n\u003e **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property or with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block. If you need to set any custom tag values not supported by the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block, it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property. Tag values also propagate to any linked service principals.\n"},"templateId":{"type":"string","description":"Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.\n\n\u003e **Tip for Gallery Applications** This resource can  be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationRegistration \" pulumi-lang-dotnet=\" azuread.ApplicationRegistration \" pulumi-lang-go=\" ApplicationRegistration \" pulumi-lang-python=\" ApplicationRegistration \" pulumi-lang-yaml=\" azuread.ApplicationRegistration \" pulumi-lang-java=\" azuread.ApplicationRegistration \"\u003e azuread.ApplicationRegistration \u003c/span\u003eresource instead.\n","willReplaceOnChanges":true},"termsOfServiceUrl":{"type":"string","description":"URL of the application's terms of service statement.\n"},"web":{"$ref":"#/types/azuread:index/ApplicationWeb:ApplicationWeb","description":"A \u003cspan pulumi-lang-nodejs=\"`web`\" pulumi-lang-dotnet=\"`Web`\" pulumi-lang-go=\"`web`\" pulumi-lang-python=\"`web`\" pulumi-lang-yaml=\"`web`\" pulumi-lang-java=\"`web`\"\u003e`web`\u003c/span\u003e block as documented below, which configures web related settings for this application.\n\n\u003e **Application Name Uniqueness** Application names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing applications if you want to avoid name collisions.\n"}},"type":"object"}},"azuread:index/applicationApiAccess:ApplicationApiAccess":{"description":"Manages the API permissions for an application registration.\n\nThis resource is analogous to the \u003cspan pulumi-lang-nodejs=\"`requiredResourceAccess`\" pulumi-lang-dotnet=\"`RequiredResourceAccess`\" pulumi-lang-go=\"`requiredResourceAccess`\" pulumi-lang-python=\"`required_resource_access`\" pulumi-lang-yaml=\"`requiredResourceAccess`\" pulumi-lang-java=\"`requiredResourceAccess`\"\u003e`requiredResourceAccess`\u003c/span\u003e block in the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource. When using these resources together, you should use the \u003cspan pulumi-lang-nodejs=\"`ignoreChanges`\" pulumi-lang-dotnet=\"`IgnoreChanges`\" pulumi-lang-go=\"`ignoreChanges`\" pulumi-lang-python=\"`ignore_changes`\" pulumi-lang-yaml=\"`ignoreChanges`\" pulumi-lang-java=\"`ignoreChanges`\"\u003e`ignoreChanges`\u003c/span\u003e lifecycle meta-argument (see example below).\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = wellKnown.then(wellKnown =\u003e azuread.getServicePrincipal({\n    clientId: wellKnown.result?.MicrosoftGraph,\n}));\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleMsgraph = new azuread.ApplicationApiAccess(\"example_msgraph\", {\n    applicationId: example.id,\n    apiClientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.MicrosoftGraph),\n    roleIds: [\n        msgraph.then(msgraph =\u003e msgraph.appRoleIds?.[\"Group.Read.All\"]),\n        msgraph.then(msgraph =\u003e msgraph.appRoleIds?.[\"User.Read.All\"]),\n    ],\n    scopeIds: [msgraph.then(msgraph =\u003e msgraph.oauth2PermissionScopeIds?.[\"User.ReadWrite\"])],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.get_service_principal(client_id=well_known.result[\"MicrosoftGraph\"])\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_msgraph = azuread.ApplicationApiAccess(\"example_msgraph\",\n    application_id=example.id,\n    api_client_id=well_known.result[\"MicrosoftGraph\"],\n    role_ids=[\n        msgraph.app_role_ids[\"Group.Read.All\"],\n        msgraph.app_role_ids[\"User.Read.All\"],\n    ],\n    scope_ids=[msgraph.oauth2_permission_scope_ids[\"User.ReadWrite\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var wellKnown = AzureAD.Index.GetApplicationPublishedAppIds.Invoke();\n\n    var msgraph = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n    });\n\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleMsgraph = new AzureAD.Index.ApplicationApiAccess(\"example_msgraph\", new()\n    {\n        ApplicationId = example.Id,\n        ApiClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n        RoleIds = new[]\n        {\n            msgraph.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.AppRoleIds?.Group_Read_All),\n            msgraph.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.AppRoleIds?.User_Read_All),\n        },\n        ScopeIds = new[]\n        {\n            msgraph.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.Oauth2PermissionScopeIds?.User_ReadWrite),\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.GetServicePrincipal(ctx, \u0026azuread.LookupServicePrincipalArgs{\n\t\t\tClientId: pulumi.StringRef(wellKnown.Result.MicrosoftGraph),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationApiAccess(ctx, \"example_msgraph\", \u0026azuread.ApplicationApiAccessArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tApiClientId:   pulumi.String(pulumi.String(wellKnown.Result.MicrosoftGraph)),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(msgraph.AppRoleIds.Group.Read.All)),\n\t\t\t\tpulumi.String(pulumi.String(msgraph.AppRoleIds.User.Read.All)),\n\t\t\t},\n\t\t\tScopeIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(msgraph.Oauth2PermissionScopeIds.User.ReadWrite)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationApiAccess;\nimport com.pulumi.azuread.ApplicationApiAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        final var msgraph = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .clientId(wellKnown.result().MicrosoftGraph())\n            .build());\n\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleMsgraph = new ApplicationApiAccess(\"exampleMsgraph\", ApplicationApiAccessArgs.builder()\n            .applicationId(example.id())\n            .apiClientId(wellKnown.result().MicrosoftGraph())\n            .roleIds(            \n                msgraph.appRoleIds().Group.Read.All(),\n                msgraph.appRoleIds().User.Read.All())\n            .scopeIds(msgraph.oauth2PermissionScopeIds().User.ReadWrite())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleMsgraph:\n    type: azuread:ApplicationApiAccess\n    name: example_msgraph\n    properties:\n      applicationId: ${example.id}\n      apiClientId: ${wellKnown.result.MicrosoftGraph}\n      roleIds:\n        - ${msgraph.appRoleIds\"Group.Read.All\"[%!s(MISSING)]}\n        - ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n      scopeIds:\n        - ${msgraph.oauth2PermissionScopeIds\"User.ReadWrite\"[%!s(MISSING)]}\nvariables:\n  wellKnown:\n    fn::invoke:\n      function: azuread:getApplicationPublishedAppIds\n      arguments: {}\n  msgraph:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        clientId: ${wellKnown.result.MicrosoftGraph}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing permissions for an additional API, create another instance of this resource\n\n*Usage with\u003cspan pulumi-lang-nodejs=\" azuread.Application \" pulumi-lang-dotnet=\" azuread.Application \" pulumi-lang-go=\" Application \" pulumi-lang-python=\" Application \" pulumi-lang-yaml=\" azuread.Application \" pulumi-lang-java=\" azuread.Application \"\u003e azuread.Application \u003c/span\u003eresource*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleApplicationApiAccess = new azuread.ApplicationApiAccess(\"example\", {applicationId: example.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_application_api_access = azuread.ApplicationApiAccess(\"example\", application_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationApiAccess = new AzureAD.Index.ApplicationApiAccess(\"example\", new()\n    {\n        ApplicationId = example.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationApiAccess(ctx, \"example\", \u0026azuread.ApplicationApiAccessArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ApplicationApiAccess;\nimport com.pulumi.azuread.ApplicationApiAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationApiAccess = new ApplicationApiAccess(\"exampleApplicationApiAccess\", ApplicationApiAccessArgs.builder()\n            .applicationId(example.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleApplicationApiAccess:\n    type: azuread:ApplicationApiAccess\n    name: example\n    properties:\n      applicationId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication API Access can be imported using the object ID of the application and the client ID of the API, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationApiAccess:ApplicationApiAccess example /applications/00000000-0000-0000-0000-000000000000/apiAccess/11111111-1111-1111-1111-111111111111\n```\n\n","properties":{"apiClientId":{"type":"string","description":"The client ID of the API to which access is being granted. Changing this forces a new resource to be created.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"roleIds":{"type":"array","items":{"type":"string"},"description":"A set of role IDs to be granted to the application, as published by the API.\n"},"scopeIds":{"type":"array","items":{"type":"string"},"description":"A set of scope IDs to be granted to the application, as published by the API.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`roleIds`\" pulumi-lang-dotnet=\"`RoleIds`\" pulumi-lang-go=\"`roleIds`\" pulumi-lang-python=\"`role_ids`\" pulumi-lang-yaml=\"`roleIds`\" pulumi-lang-java=\"`roleIds`\"\u003e`roleIds`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`scopeIds`\" pulumi-lang-dotnet=\"`ScopeIds`\" pulumi-lang-go=\"`scopeIds`\" pulumi-lang-python=\"`scope_ids`\" pulumi-lang-yaml=\"`scopeIds`\" pulumi-lang-java=\"`scopeIds`\"\u003e`scopeIds`\u003c/span\u003e must be specified.\n"}},"required":["apiClientId","applicationId"],"inputProperties":{"apiClientId":{"type":"string","description":"The client ID of the API to which access is being granted. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleIds":{"type":"array","items":{"type":"string"},"description":"A set of role IDs to be granted to the application, as published by the API.\n"},"scopeIds":{"type":"array","items":{"type":"string"},"description":"A set of scope IDs to be granted to the application, as published by the API.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`roleIds`\" pulumi-lang-dotnet=\"`RoleIds`\" pulumi-lang-go=\"`roleIds`\" pulumi-lang-python=\"`role_ids`\" pulumi-lang-yaml=\"`roleIds`\" pulumi-lang-java=\"`roleIds`\"\u003e`roleIds`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`scopeIds`\" pulumi-lang-dotnet=\"`ScopeIds`\" pulumi-lang-go=\"`scopeIds`\" pulumi-lang-python=\"`scope_ids`\" pulumi-lang-yaml=\"`scopeIds`\" pulumi-lang-java=\"`scopeIds`\"\u003e`scopeIds`\u003c/span\u003e must be specified.\n"}},"requiredInputs":["apiClientId","applicationId"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationApiAccess resources.\n","properties":{"apiClientId":{"type":"string","description":"The client ID of the API to which access is being granted. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleIds":{"type":"array","items":{"type":"string"},"description":"A set of role IDs to be granted to the application, as published by the API.\n"},"scopeIds":{"type":"array","items":{"type":"string"},"description":"A set of scope IDs to be granted to the application, as published by the API.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`roleIds`\" pulumi-lang-dotnet=\"`RoleIds`\" pulumi-lang-go=\"`roleIds`\" pulumi-lang-python=\"`role_ids`\" pulumi-lang-yaml=\"`roleIds`\" pulumi-lang-java=\"`roleIds`\"\u003e`roleIds`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`scopeIds`\" pulumi-lang-dotnet=\"`ScopeIds`\" pulumi-lang-go=\"`scopeIds`\" pulumi-lang-python=\"`scope_ids`\" pulumi-lang-yaml=\"`scopeIds`\" pulumi-lang-java=\"`scopeIds`\"\u003e`scopeIds`\u003c/span\u003e must be specified.\n"}},"type":"object"}},"azuread:index/applicationAppRole:ApplicationAppRole":{"description":"Manages an app role for an application registration.\n\nThis resource is analogous to the \u003cspan pulumi-lang-nodejs=\"`appRole`\" pulumi-lang-dotnet=\"`AppRole`\" pulumi-lang-go=\"`appRole`\" pulumi-lang-python=\"`app_role`\" pulumi-lang-yaml=\"`appRole`\" pulumi-lang-java=\"`appRole`\"\u003e`appRole`\u003c/span\u003e block in the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource. When using these resources together, you should use the \u003cspan pulumi-lang-nodejs=\"`ignoreChanges`\" pulumi-lang-dotnet=\"`IgnoreChanges`\" pulumi-lang-go=\"`ignoreChanges`\" pulumi-lang-python=\"`ignore_changes`\" pulumi-lang-yaml=\"`ignoreChanges`\" pulumi-lang-java=\"`ignoreChanges`\"\u003e`ignoreChanges`\u003c/span\u003e lifecycle meta-argument (see example below).\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as random from \"@pulumi/random\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleAdministrator = new random.index.Uuid(\"example_administrator\", {});\nconst exampleAdminister = new azuread.ApplicationAppRole(\"example_administer\", {\n    applicationId: example.id,\n    roleId: exampleAdministrator.id,\n    allowedMemberTypes: [\"User\"],\n    description: \"My role description\",\n    displayName: \"Administer\",\n    value: \"admin\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_random as random\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_administrator = random.Uuid(\"example_administrator\")\nexample_administer = azuread.ApplicationAppRole(\"example_administer\",\n    application_id=example.id,\n    role_id=example_administrator[\"id\"],\n    allowed_member_types=[\"User\"],\n    description=\"My role description\",\n    display_name=\"Administer\",\n    value=\"admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleAdministrator = new Random.Index.Uuid(\"example_administrator\");\n\n    var exampleAdminister = new AzureAD.Index.ApplicationAppRole(\"example_administer\", new()\n    {\n        ApplicationId = example.Id,\n        RoleId = exampleAdministrator.Id,\n        AllowedMemberTypes = new[]\n        {\n            \"User\",\n        },\n        Description = \"My role description\",\n        DisplayName = \"Administer\",\n        Value = \"admin\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdministrator, err := random.NewUuid(ctx, \"example_administrator\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationAppRole(ctx, \"example_administer\", \u0026azuread.ApplicationAppRoleArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tRoleId:        exampleAdministrator.Id,\n\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"User\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"My role description\"),\n\t\t\tDisplayName: pulumi.String(\"Administer\"),\n\t\t\tValue:       pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.random.Uuid;\nimport com.pulumi.azuread.ApplicationAppRole;\nimport com.pulumi.azuread.ApplicationAppRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleAdministrator = new Uuid(\"exampleAdministrator\");\n\n        var exampleAdminister = new ApplicationAppRole(\"exampleAdminister\", ApplicationAppRoleArgs.builder()\n            .applicationId(example.id())\n            .roleId(exampleAdministrator.id())\n            .allowedMemberTypes(\"User\")\n            .description(\"My role description\")\n            .displayName(\"Administer\")\n            .value(\"admin\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleAdministrator:\n    type: random:Uuid\n    name: example_administrator\n  exampleAdminister:\n    type: azuread:ApplicationAppRole\n    name: example_administer\n    properties:\n      applicationId: ${example.id}\n      roleId: ${exampleAdministrator.id}\n      allowedMemberTypes:\n        - User\n      description: My role description\n      displayName: Administer\n      value: admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing more app roles, create additional instances of this resource\n\n*Usage with\u003cspan pulumi-lang-nodejs=\" azuread.Application \" pulumi-lang-dotnet=\" azuread.Application \" pulumi-lang-go=\" Application \" pulumi-lang-python=\" Application \" pulumi-lang-yaml=\" azuread.Application \" pulumi-lang-java=\" azuread.Application \"\u003e azuread.Application \u003c/span\u003eresource*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleAdminister = new azuread.ApplicationAppRole(\"example_administer\", {applicationId: example.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_administer = azuread.ApplicationAppRole(\"example_administer\", application_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleAdminister = new AzureAD.Index.ApplicationAppRole(\"example_administer\", new()\n    {\n        ApplicationId = example.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationAppRole(ctx, \"example_administer\", \u0026azuread.ApplicationAppRoleArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ApplicationAppRole;\nimport com.pulumi.azuread.ApplicationAppRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleAdminister = new ApplicationAppRole(\"exampleAdminister\", ApplicationAppRoleArgs.builder()\n            .applicationId(example.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleAdminister:\n    type: azuread:ApplicationAppRole\n    name: example_administer\n    properties:\n      applicationId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication App Roles can be imported using the object ID of the application and the ID of the app role, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationAppRole:ApplicationAppRole example /applications/00000000-0000-0000-0000-000000000000/appRoles/11111111-1111-1111-1111-111111111111\n```\n\n","properties":{"allowedMemberTypes":{"type":"array","items":{"type":"string"},"description":"A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.\n"},"displayName":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences.\n"},"roleId":{"type":"string","description":"The unique identifier of the app role. Must be a valid UUID. Changing this forces a new resource to be created.\n\n\u003e **Tip** Use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource to generate UUIDs and save them to state for app roles within your Terraform configuration\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`roles`\" pulumi-lang-dotnet=\"`Roles`\" pulumi-lang-go=\"`roles`\" pulumi-lang-python=\"`roles`\" pulumi-lang-yaml=\"`roles`\" pulumi-lang-java=\"`roles`\"\u003e`roles`\u003c/span\u003e claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.\n"}},"required":["allowedMemberTypes","applicationId","description","displayName","roleId"],"inputProperties":{"allowedMemberTypes":{"type":"array","items":{"type":"string"},"description":"A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.\n"},"displayName":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences.\n"},"roleId":{"type":"string","description":"The unique identifier of the app role. Must be a valid UUID. Changing this forces a new resource to be created.\n\n\u003e **Tip** Use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource to generate UUIDs and save them to state for app roles within your Terraform configuration\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`roles`\" pulumi-lang-dotnet=\"`Roles`\" pulumi-lang-go=\"`roles`\" pulumi-lang-python=\"`roles`\" pulumi-lang-yaml=\"`roles`\" pulumi-lang-java=\"`roles`\"\u003e`roles`\u003c/span\u003e claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.\n"}},"requiredInputs":["allowedMemberTypes","applicationId","description","displayName","roleId"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationAppRole resources.\n","properties":{"allowedMemberTypes":{"type":"array","items":{"type":"string"},"description":"A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.\n"},"displayName":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences.\n"},"roleId":{"type":"string","description":"The unique identifier of the app role. Must be a valid UUID. Changing this forces a new resource to be created.\n\n\u003e **Tip** Use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource to generate UUIDs and save them to state for app roles within your Terraform configuration\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`roles`\" pulumi-lang-dotnet=\"`Roles`\" pulumi-lang-go=\"`roles`\" pulumi-lang-python=\"`roles`\" pulumi-lang-yaml=\"`roles`\" pulumi-lang-java=\"`roles`\"\u003e`roles`\u003c/span\u003e claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.\n"}},"type":"object"}},"azuread:index/applicationCertificate:ApplicationCertificate":{"description":"Manages a certificate associated with an application within Azure Active Directory. These are also referred to as client certificates during authentication.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Using a PEM certificate*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationCertificate = new azuread.ApplicationCertificate(\"example\", {\n    applicationId: example.id,\n    type: \"AsymmetricX509Cert\",\n    value: std.file({\n        input: \"cert.pem\",\n    }).then(invoke =\u003e invoke.result),\n    endDate: \"2021-05-01T01:02:03Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_std as std\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_certificate = azuread.ApplicationCertificate(\"example\",\n    application_id=example.id,\n    type=\"AsymmetricX509Cert\",\n    value=std.file(input=\"cert.pem\").result,\n    end_date=\"2021-05-01T01:02:03Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationCertificate = new AzureAD.Index.ApplicationCertificate(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        Type = \"AsymmetricX509Cert\",\n        Value = Std.Index.File.Invoke(new()\n        {\n            Input = \"cert.pem\",\n        }).Apply(invoke =\u003e invoke.Result),\n        EndDate = \"2021-05-01T01:02:03Z\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationCertificate(ctx, \"example\", \u0026azuread.ApplicationCertificateArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType:          pulumi.String(\"AsymmetricX509Cert\"),\n\t\t\tValue:         pulumi.String(invokeFile.Result),\n\t\t\tEndDate:       pulumi.String(\"2021-05-01T01:02:03Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationCertificate;\nimport com.pulumi.azuread.ApplicationCertificateArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationCertificate = new ApplicationCertificate(\"exampleApplicationCertificate\", ApplicationCertificateArgs.builder()\n            .applicationId(example.id())\n            .type(\"AsymmetricX509Cert\")\n            .value(StdFunctions.file(FileArgs.builder()\n                .input(\"cert.pem\")\n                .build()).result())\n            .endDate(\"2021-05-01T01:02:03Z\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationCertificate:\n    type: azuread:ApplicationCertificate\n    name: example\n    properties:\n      applicationId: ${example.id}\n      type: AsymmetricX509Cert\n      value:\n        fn::invoke:\n          function: std:file\n          arguments:\n            input: cert.pem\n          return: result\n      endDate: 2021-05-01T01:02:03Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Using a DER certificate*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationCertificate = new azuread.ApplicationCertificate(\"example\", {\n    applicationId: example.id,\n    type: \"AsymmetricX509Cert\",\n    encoding: \"base64\",\n    value: std.file({\n        input: \"cert.der\",\n    }).then(invoke =\u003e std.base64encode({\n        input: invoke.result,\n    })).then(invoke =\u003e invoke.result),\n    endDate: \"2021-05-01T01:02:03Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_std as std\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_certificate = azuread.ApplicationCertificate(\"example\",\n    application_id=example.id,\n    type=\"AsymmetricX509Cert\",\n    encoding=\"base64\",\n    value=std.base64encode(input=std.file(input=\"cert.der\").result).result,\n    end_date=\"2021-05-01T01:02:03Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationCertificate = new AzureAD.Index.ApplicationCertificate(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        Type = \"AsymmetricX509Cert\",\n        Encoding = \"base64\",\n        Value = Std.Index.File.Invoke(new()\n        {\n            Input = \"cert.der\",\n        }).Apply(invoke =\u003e Std.Index.Base64encode.Invoke(new()\n        {\n            Input = invoke.Result,\n        })).Apply(invoke =\u003e invoke.Result),\n        EndDate = \"2021-05-01T01:02:03Z\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: std.File(ctx, \u0026std.FileArgs{\n\t\t\t\tInput: \"cert.der\",\n\t\t\t}, nil).Result,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationCertificate(ctx, \"example\", \u0026azuread.ApplicationCertificateArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType:          pulumi.String(\"AsymmetricX509Cert\"),\n\t\t\tEncoding:      pulumi.String(\"base64\"),\n\t\t\tValue:         pulumi.String(invokeBase64encode.Result),\n\t\t\tEndDate:       pulumi.String(\"2021-05-01T01:02:03Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationCertificate;\nimport com.pulumi.azuread.ApplicationCertificateArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport com.pulumi.std.inputs.Base64encodeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationCertificate = new ApplicationCertificate(\"exampleApplicationCertificate\", ApplicationCertificateArgs.builder()\n            .applicationId(example.id())\n            .type(\"AsymmetricX509Cert\")\n            .encoding(\"base64\")\n            .value(StdFunctions.base64encode(Base64encodeArgs.builder()\n                .input(StdFunctions.file(FileArgs.builder()\n                    .input(\"cert.der\")\n                    .build()).result())\n                .build()).result())\n            .endDate(\"2021-05-01T01:02:03Z\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationCertificate:\n    type: azuread:ApplicationCertificate\n    name: example\n    properties:\n      applicationId: ${example.id}\n      type: AsymmetricX509Cert\n      encoding: base64\n      value:\n        fn::invoke:\n          function: std:base64encode\n          arguments:\n            input:\n              fn::invoke:\n                function: std:file\n                arguments:\n                  input: cert.der\n                return: result\n          return: result\n      endDate: 2021-05-01T01:02:03Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using a certificate from Azure Key Vault\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as azurerm from \"@pulumi/azurerm\";\n\nconst exampleApplication = new azuread.Application(\"example\", {displayName: \"example\"});\nconst example = new azurerm.index.KeyVaultCertificate(\"example\", {\n    name: \"generated-cert\",\n    keyVaultId: exampleAzurermKeyVault.id,\n    certificatePolicy: [{\n        issuerParameters: [{\n            name: \"Self\",\n        }],\n        keyProperties: [{\n            exportable: true,\n            keySize: 2048,\n            keyType: \"RSA\",\n            reuseKey: true,\n        }],\n        lifetimeAction: [{\n            action: [{\n                actionType: \"AutoRenew\",\n            }],\n            trigger: [{\n                daysBeforeExpiry: 30,\n            }],\n        }],\n        secretProperties: [{\n            contentType: \"application/x-pkcs12\",\n        }],\n        x509CertificateProperties: [{\n            extendedKeyUsage: [\"1.3.6.1.5.5.7.3.2\"],\n            keyUsage: [\n                \"dataEncipherment\",\n                \"digitalSignature\",\n                \"keyCertSign\",\n                \"keyEncipherment\",\n            ],\n            subjectAlternativeNames: [{\n                dnsNames: [\n                    \"internal.contoso.com\",\n                    \"domain.hello.world\",\n                ],\n            }],\n            subject: `CN=${exampleApplication.name}`,\n            validityInMonths: 12,\n        }],\n    }],\n});\nconst exampleApplicationCertificate = new azuread.ApplicationCertificate(\"example\", {\n    applicationId: exampleApplication.id,\n    type: \"AsymmetricX509Cert\",\n    encoding: \"hex\",\n    value: example.certificateData,\n    endDate: example.certificateAttribute[0].expires,\n    startDate: example.certificateAttribute[0].notBefore,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_azurerm as azurerm\n\nexample_application = azuread.Application(\"example\", display_name=\"example\")\nexample = azurerm.KeyVaultCertificate(\"example\",\n    name=generated-cert,\n    key_vault_id=example_azurerm_key_vault.id,\n    certificate_policy=[{\n        issuerParameters: [{\n            name: Self,\n        }],\n        keyProperties: [{\n            exportable: True,\n            keySize: 2048,\n            keyType: RSA,\n            reuseKey: True,\n        }],\n        lifetimeAction: [{\n            action: [{\n                actionType: AutoRenew,\n            }],\n            trigger: [{\n                daysBeforeExpiry: 30,\n            }],\n        }],\n        secretProperties: [{\n            contentType: application/x-pkcs12,\n        }],\n        x509CertificateProperties: [{\n            extendedKeyUsage: [1.3.6.1.5.5.7.3.2],\n            keyUsage: [\n                dataEncipherment,\n                digitalSignature,\n                keyCertSign,\n                keyEncipherment,\n            ],\n            subjectAlternativeNames: [{\n                dnsNames: [\n                    internal.contoso.com,\n                    domain.hello.world,\n                ],\n            }],\n            subject: fCN={example_application.name},\n            validityInMonths: 12,\n        }],\n    }])\nexample_application_certificate = azuread.ApplicationCertificate(\"example\",\n    application_id=example_application.id,\n    type=\"AsymmetricX509Cert\",\n    encoding=\"hex\",\n    value=example[\"certificateData\"],\n    end_date=example[\"certificateAttribute\"][0][\"expires\"],\n    start_date=example[\"certificateAttribute\"][0][\"notBefore\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Azurerm = Pulumi.Azurerm;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var exampleApplication = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var example = new Azurerm.Index.KeyVaultCertificate(\"example\", new()\n    {\n        Name = \"generated-cert\",\n        KeyVaultId = exampleAzurermKeyVault.Id,\n        CertificatePolicy = new[]\n        {\n            \n            {\n                { \"issuerParameters\", new[]\n                {\n                    \n                    {\n                        { \"name\", \"Self\" },\n                    },\n                } },\n                { \"keyProperties\", new[]\n                {\n                    \n                    {\n                        { \"exportable\", true },\n                        { \"keySize\", 2048 },\n                        { \"keyType\", \"RSA\" },\n                        { \"reuseKey\", true },\n                    },\n                } },\n                { \"lifetimeAction\", new[]\n                {\n                    \n                    {\n                        { \"action\", new[]\n                        {\n                            \n                            {\n                                { \"actionType\", \"AutoRenew\" },\n                            },\n                        } },\n                        { \"trigger\", new[]\n                        {\n                            \n                            {\n                                { \"daysBeforeExpiry\", 30 },\n                            },\n                        } },\n                    },\n                } },\n                { \"secretProperties\", new[]\n                {\n                    \n                    {\n                        { \"contentType\", \"application/x-pkcs12\" },\n                    },\n                } },\n                { \"x509CertificateProperties\", new[]\n                {\n                    \n                    {\n                        { \"extendedKeyUsage\", new[]\n                        {\n                            \"1.3.6.1.5.5.7.3.2\",\n                        } },\n                        { \"keyUsage\", new[]\n                        {\n                            \"dataEncipherment\",\n                            \"digitalSignature\",\n                            \"keyCertSign\",\n                            \"keyEncipherment\",\n                        } },\n                        { \"subjectAlternativeNames\", new[]\n                        {\n                            \n                            {\n                                { \"dnsNames\", new[]\n                                {\n                                    \"internal.contoso.com\",\n                                    \"domain.hello.world\",\n                                } },\n                            },\n                        } },\n                        { \"subject\", $\"CN={exampleApplication.Name}\" },\n                        { \"validityInMonths\", 12 },\n                    },\n                } },\n            },\n        },\n    });\n\n    var exampleApplicationCertificate = new AzureAD.Index.ApplicationCertificate(\"example\", new()\n    {\n        ApplicationId = exampleApplication.Id,\n        Type = \"AsymmetricX509Cert\",\n        Encoding = \"hex\",\n        Value = example.CertificateData,\n        EndDate = example.CertificateAttribute[0].Expires,\n        StartDate = example.CertificateAttribute[0].NotBefore,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-azurerm/sdk/go/azurerm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azurerm.NewKeyVaultCertificate(ctx, \"example\", \u0026azurerm.KeyVaultCertificateArgs{\n\t\t\tName:       \"generated-cert\",\n\t\t\tKeyVaultId: exampleAzurermKeyVault.Id,\n\t\t\tCertificatePolicy: []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"issuerParameters\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"name\": \"Self\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"keyProperties\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"exportable\": true,\n\t\t\t\t\t\t\t\"keySize\":    2048,\n\t\t\t\t\t\t\t\"keyType\":    \"RSA\",\n\t\t\t\t\t\t\t\"reuseKey\":   true,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"lifetimeAction\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"action\": []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"actionType\": \"AutoRenew\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"trigger\": []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"daysBeforeExpiry\": 30,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"secretProperties\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"contentType\": \"application/x-pkcs12\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\"x509CertificateProperties\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"extendedKeyUsage\": []string{\n\t\t\t\t\t\t\t\t\"1.3.6.1.5.5.7.3.2\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"keyUsage\": []string{\n\t\t\t\t\t\t\t\t\"dataEncipherment\",\n\t\t\t\t\t\t\t\t\"digitalSignature\",\n\t\t\t\t\t\t\t\t\"keyCertSign\",\n\t\t\t\t\t\t\t\t\"keyEncipherment\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"subjectAlternativeNames\": []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"dnsNames\": []string{\n\t\t\t\t\t\t\t\t\t\t\"internal.contoso.com\",\n\t\t\t\t\t\t\t\t\t\t\"domain.hello.world\",\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"subject\":          fmt.Sprintf(\"CN=%v\", exampleApplication.Name),\n\t\t\t\t\t\t\t\"validityInMonths\": 12,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationCertificate(ctx, \"example\", \u0026azuread.ApplicationCertificateArgs{\n\t\t\tApplicationId: exampleApplication.ID(),\n\t\t\tType:          pulumi.String(\"AsymmetricX509Cert\"),\n\t\t\tEncoding:      pulumi.String(\"hex\"),\n\t\t\tValue:         example.CertificateData,\n\t\t\tEndDate:       example.CertificateAttribute[0].Expires,\n\t\t\tStartDate:     example.CertificateAttribute[0].NotBefore,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azurerm.KeyVaultCertificate;\nimport com.pulumi.azurerm.KeyVaultCertificateArgs;\nimport com.pulumi.azuread.ApplicationCertificate;\nimport com.pulumi.azuread.ApplicationCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var example = new KeyVaultCertificate(\"example\", KeyVaultCertificateArgs.builder()\n            .name(\"generated-cert\")\n            .keyVaultId(exampleAzurermKeyVault.id())\n            .certificatePolicy(List.of(Map.ofEntries(\n                Map.entry(\"issuerParameters\", List.of(Map.of(\"name\", \"Self\"))),\n                Map.entry(\"keyProperties\", List.of(Map.ofEntries(\n                    Map.entry(\"exportable\", true),\n                    Map.entry(\"keySize\", 2048),\n                    Map.entry(\"keyType\", \"RSA\"),\n                    Map.entry(\"reuseKey\", true)\n                ))),\n                Map.entry(\"lifetimeAction\", List.of(Map.ofEntries(\n                    Map.entry(\"action\", List.of(Map.of(\"actionType\", \"AutoRenew\"))),\n                    Map.entry(\"trigger\", List.of(Map.of(\"daysBeforeExpiry\", 30)))\n                ))),\n                Map.entry(\"secretProperties\", List.of(Map.of(\"contentType\", \"application/x-pkcs12\"))),\n                Map.entry(\"x509CertificateProperties\", List.of(Map.ofEntries(\n                    Map.entry(\"extendedKeyUsage\", List.of(\"1.3.6.1.5.5.7.3.2\")),\n                    Map.entry(\"keyUsage\", List.of(                    \n                        \"dataEncipherment\",\n                        \"digitalSignature\",\n                        \"keyCertSign\",\n                        \"keyEncipherment\")),\n                    Map.entry(\"subjectAlternativeNames\", List.of(Map.of(\"dnsNames\", List.of(                    \n                        \"internal.contoso.com\",\n                        \"domain.hello.world\")))),\n                    Map.entry(\"subject\", String.format(\"CN=%s\", exampleApplication.name())),\n                    Map.entry(\"validityInMonths\", 12)\n                )))\n            )))\n            .build());\n\n        var exampleApplicationCertificate = new ApplicationCertificate(\"exampleApplicationCertificate\", ApplicationCertificateArgs.builder()\n            .applicationId(exampleApplication.id())\n            .type(\"AsymmetricX509Cert\")\n            .encoding(\"hex\")\n            .value(example.certificateData())\n            .endDate(example.certificateAttribute()[0].expires())\n            .startDate(example.certificateAttribute()[0].notBefore())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azurerm:KeyVaultCertificate\n    properties:\n      name: generated-cert\n      keyVaultId: ${exampleAzurermKeyVault.id}\n      certificatePolicy:\n        - issuerParameters:\n            - name: Self\n          keyProperties:\n            - exportable: true\n              keySize: 2048\n              keyType: RSA\n              reuseKey: true\n          lifetimeAction:\n            - action:\n                - actionType: AutoRenew\n              trigger:\n                - daysBeforeExpiry: 30\n          secretProperties:\n            - contentType: application/x-pkcs12\n          x509CertificateProperties:\n            - extendedKeyUsage:\n                - 1.3.6.1.5.5.7.3.2\n              keyUsage:\n                - dataEncipherment\n                - digitalSignature\n                - keyCertSign\n                - keyEncipherment\n              subjectAlternativeNames:\n                - dnsNames:\n                    - internal.contoso.com\n                    - domain.hello.world\n              subject: CN=${exampleApplication.name}\n              validityInMonths: 12\n  exampleApplication:\n    type: azuread:Application\n    name: example\n    properties:\n      displayName: example\n  exampleApplicationCertificate:\n    type: azuread:ApplicationCertificate\n    name: example\n    properties:\n      applicationId: ${exampleApplication.id}\n      type: AsymmetricX509Cert\n      encoding: hex\n      value: ${example.certificateData}\n      endDate: ${example.certificateAttribute[0].expires}\n      startDate: ${example.certificateAttribute[0].notBefore}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificates can be imported using the object ID of the associated application and the key ID of the certificate credential, e.g.\n\n```sh\n$ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the application's object ID, the string \"certificate\" and the certificate's key ID in the format `{ObjectId}/certificate/{CertificateKeyId}`.\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.\n"},"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data. Must be one of \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`base64`\" pulumi-lang-dotnet=\"`Base64`\" pulumi-lang-go=\"`base64`\" pulumi-lang-python=\"`base64`\" pulumi-lang-yaml=\"`base64`\" pulumi-lang-java=\"`base64`\"\u003e`base64`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e.\n\n\u003e **Tip for Azure Key Vault** The \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e encoding option is useful for consuming certificate data from the\u003cspan pulumi-lang-nodejs=\" azurermKeyVaultCertificate \" pulumi-lang-dotnet=\" AzurermKeyVaultCertificate \" pulumi-lang-go=\" azurermKeyVaultCertificate \" pulumi-lang-python=\" azurerm_key_vault_certificate \" pulumi-lang-yaml=\" azurermKeyVaultCertificate \" pulumi-lang-java=\" azurermKeyVaultCertificate \"\u003e azurermKeyVaultCertificate \u003c/span\u003eresource.\n"},"endDate":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.\n"},"endDateRelative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property."},"keyId":{"type":"string","description":"A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.\n"},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.\n"},"type":{"type":"string","description":"The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.\n"},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the \u003cspan pulumi-lang-nodejs=\"`encoding`\" pulumi-lang-dotnet=\"`Encoding`\" pulumi-lang-go=\"`encoding`\" pulumi-lang-python=\"`encoding`\" pulumi-lang-yaml=\"`encoding`\" pulumi-lang-java=\"`encoding`\"\u003e`encoding`\u003c/span\u003e argument.\n","secret":true}},"required":["applicationId","endDate","keyId","startDate","value"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data. Must be one of \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`base64`\" pulumi-lang-dotnet=\"`Base64`\" pulumi-lang-go=\"`base64`\" pulumi-lang-python=\"`base64`\" pulumi-lang-yaml=\"`base64`\" pulumi-lang-java=\"`base64`\"\u003e`base64`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e.\n\n\u003e **Tip for Azure Key Vault** The \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e encoding option is useful for consuming certificate data from the\u003cspan pulumi-lang-nodejs=\" azurermKeyVaultCertificate \" pulumi-lang-dotnet=\" AzurermKeyVaultCertificate \" pulumi-lang-go=\" azurermKeyVaultCertificate \" pulumi-lang-python=\" azurerm_key_vault_certificate \" pulumi-lang-yaml=\" azurermKeyVaultCertificate \" pulumi-lang-java=\" azurermKeyVaultCertificate \"\u003e azurermKeyVaultCertificate \u003c/span\u003eresource.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"keyId":{"type":"string","description":"A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"type":{"type":"string","description":"The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the \u003cspan pulumi-lang-nodejs=\"`encoding`\" pulumi-lang-dotnet=\"`Encoding`\" pulumi-lang-go=\"`encoding`\" pulumi-lang-python=\"`encoding`\" pulumi-lang-yaml=\"`encoding`\" pulumi-lang-java=\"`encoding`\"\u003e`encoding`\u003c/span\u003e argument.\n","secret":true,"willReplaceOnChanges":true}},"requiredInputs":["applicationId","value"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationCertificate resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data. Must be one of \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`base64`\" pulumi-lang-dotnet=\"`Base64`\" pulumi-lang-go=\"`base64`\" pulumi-lang-python=\"`base64`\" pulumi-lang-yaml=\"`base64`\" pulumi-lang-java=\"`base64`\"\u003e`base64`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e.\n\n\u003e **Tip for Azure Key Vault** The \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e encoding option is useful for consuming certificate data from the\u003cspan pulumi-lang-nodejs=\" azurermKeyVaultCertificate \" pulumi-lang-dotnet=\" AzurermKeyVaultCertificate \" pulumi-lang-go=\" azurermKeyVaultCertificate \" pulumi-lang-python=\" azurerm_key_vault_certificate \" pulumi-lang-yaml=\" azurermKeyVaultCertificate \" pulumi-lang-java=\" azurermKeyVaultCertificate \"\u003e azurermKeyVaultCertificate \u003c/span\u003eresource.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"keyId":{"type":"string","description":"A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"type":{"type":"string","description":"The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the \u003cspan pulumi-lang-nodejs=\"`encoding`\" pulumi-lang-dotnet=\"`Encoding`\" pulumi-lang-go=\"`encoding`\" pulumi-lang-python=\"`encoding`\" pulumi-lang-yaml=\"`encoding`\" pulumi-lang-java=\"`encoding`\"\u003e`encoding`\u003c/span\u003e argument.\n","secret":true,"willReplaceOnChanges":true}},"type":"object"}},"azuread:index/applicationFallbackPublicClient:ApplicationFallbackPublicClient":{"description":"Manages the Fallback Public Client setting for an application registration.\n\n\u003e This resource is incompatible with the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource, instead use this with the \u003cspan pulumi-lang-nodejs=\"`azuread.ApplicationRegistration`\" pulumi-lang-dotnet=\"`azuread.ApplicationRegistration`\" pulumi-lang-go=\"`ApplicationRegistration`\" pulumi-lang-python=\"`ApplicationRegistration`\" pulumi-lang-yaml=\"`azuread.ApplicationRegistration`\" pulumi-lang-java=\"`azuread.ApplicationRegistration`\"\u003e`azuread.ApplicationRegistration`\u003c/span\u003e resource.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationFallbackPublicClient = new azuread.ApplicationFallbackPublicClient(\"example\", {\n    applicationId: example.id,\n    enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_fallback_public_client = azuread.ApplicationFallbackPublicClient(\"example\",\n    application_id=example.id,\n    enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationFallbackPublicClient = new AzureAD.Index.ApplicationFallbackPublicClient(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        Enabled = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationFallbackPublicClient(ctx, \"example\", \u0026azuread.ApplicationFallbackPublicClientArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tEnabled:       pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationFallbackPublicClient;\nimport com.pulumi.azuread.ApplicationFallbackPublicClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationFallbackPublicClient = new ApplicationFallbackPublicClient(\"exampleApplicationFallbackPublicClient\", ApplicationFallbackPublicClientArgs.builder()\n            .applicationId(example.id())\n            .enabled(true)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationFallbackPublicClient:\n    type: azuread:ApplicationFallbackPublicClient\n    name: example\n    properties:\n      applicationId: ${example.id}\n      enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThe Application Fallback Public Client setting can be imported using the object ID of the application, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationFallbackPublicClient:ApplicationFallbackPublicClient example /applications/00000000-0000-0000-0000-000000000000/fallbackPublicClient\n```\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"enabled":{"type":"boolean","description":"Whether to enable the application as a fallback public client.\n\n\u003e Some configurations may require the Fallback Public Client setting to be \u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e, for this case simply destroy this resource (or don't use it)\n"}},"required":["applicationId"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"enabled":{"type":"boolean","description":"Whether to enable the application as a fallback public client.\n\n\u003e Some configurations may require the Fallback Public Client setting to be \u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e, for this case simply destroy this resource (or don't use it)\n","willReplaceOnChanges":true}},"requiredInputs":["applicationId"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationFallbackPublicClient resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"enabled":{"type":"boolean","description":"Whether to enable the application as a fallback public client.\n\n\u003e Some configurations may require the Fallback Public Client setting to be \u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e, for this case simply destroy this resource (or don't use it)\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/applicationFederatedIdentityCredential:ApplicationFederatedIdentityCredential":{"description":"Manages a federated identity credential associated with an application within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationFederatedIdentityCredential = new azuread.ApplicationFederatedIdentityCredential(\"example\", {\n    applicationId: example.id,\n    displayName: \"my-repo-deploy\",\n    description: \"Deployments for my-repo\",\n    audiences: [\"api://AzureADTokenExchange\"],\n    issuer: \"https://token.actions.githubusercontent.com\",\n    subject: \"repo:my-organization/my-repo:environment:prod\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_federated_identity_credential = azuread.ApplicationFederatedIdentityCredential(\"example\",\n    application_id=example.id,\n    display_name=\"my-repo-deploy\",\n    description=\"Deployments for my-repo\",\n    audiences=[\"api://AzureADTokenExchange\"],\n    issuer=\"https://token.actions.githubusercontent.com\",\n    subject=\"repo:my-organization/my-repo:environment:prod\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationFederatedIdentityCredential = new AzureAD.Index.ApplicationFederatedIdentityCredential(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        DisplayName = \"my-repo-deploy\",\n        Description = \"Deployments for my-repo\",\n        Audiences = new[]\n        {\n            \"api://AzureADTokenExchange\",\n        },\n        Issuer = \"https://token.actions.githubusercontent.com\",\n        Subject = \"repo:my-organization/my-repo:environment:prod\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationFederatedIdentityCredential(ctx, \"example\", \u0026azuread.ApplicationFederatedIdentityCredentialArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tDisplayName:   pulumi.String(\"my-repo-deploy\"),\n\t\t\tDescription:   pulumi.String(\"Deployments for my-repo\"),\n\t\t\tAudiences: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"api://AzureADTokenExchange\"),\n\t\t\t},\n\t\t\tIssuer:  pulumi.String(\"https://token.actions.githubusercontent.com\"),\n\t\t\tSubject: pulumi.String(\"repo:my-organization/my-repo:environment:prod\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationFederatedIdentityCredential;\nimport com.pulumi.azuread.ApplicationFederatedIdentityCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationFederatedIdentityCredential = new ApplicationFederatedIdentityCredential(\"exampleApplicationFederatedIdentityCredential\", ApplicationFederatedIdentityCredentialArgs.builder()\n            .applicationId(example.id())\n            .displayName(\"my-repo-deploy\")\n            .description(\"Deployments for my-repo\")\n            .audiences(\"api://AzureADTokenExchange\")\n            .issuer(\"https://token.actions.githubusercontent.com\")\n            .subject(\"repo:my-organization/my-repo:environment:prod\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationFederatedIdentityCredential:\n    type: azuread:ApplicationFederatedIdentityCredential\n    name: example\n    properties:\n      applicationId: ${example.id}\n      displayName: my-repo-deploy\n      description: Deployments for my-repo\n      audiences:\n        - api://AzureADTokenExchange\n      issuer: https://token.actions.githubusercontent.com\n      subject: repo:my-organization/my-repo:environment:prod\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFederated Identity Credentials can be imported using the object ID of the associated application and the ID of the federated identity credential, e.g.\n\n```sh\n$ pulumi import azuread:index/applicationFederatedIdentityCredential:ApplicationFederatedIdentityCredential example 00000000-0000-0000-0000-000000000000/federatedIdentityCredential/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the application's object ID, the string \"federatedIdentityCredential\" and the credential ID in the format `{ObjectId}/federatedIdentityCredential/{CredentialId}`.\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.\n"},"audiences":{"type":"array","items":{"type":"string"},"description":"List of audiences that can appear in the external token. This specifies what should be accepted in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim of incoming tokens.\n"},"credentialId":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential.\n"},"description":{"type":"string","description":"A description for the federated identity credential.\n"},"displayName":{"type":"string","description":"A unique display name for the federated identity credential. Changing this forces a new resource to be created.\n"},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.\n"},"subject":{"type":"string","description":"The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.\n"}},"required":["applicationId","audiences","credentialId","displayName","issuer","subject"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"audiences":{"type":"array","items":{"type":"string"},"description":"List of audiences that can appear in the external token. This specifies what should be accepted in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim of incoming tokens.\n"},"description":{"type":"string","description":"A description for the federated identity credential.\n"},"displayName":{"type":"string","description":"A unique display name for the federated identity credential. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.\n"},"subject":{"type":"string","description":"The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.\n"}},"requiredInputs":["applicationId","audiences","displayName","issuer","subject"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationFederatedIdentityCredential resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"audiences":{"type":"array","items":{"type":"string"},"description":"List of audiences that can appear in the external token. This specifies what should be accepted in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim of incoming tokens.\n"},"credentialId":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential.\n"},"description":{"type":"string","description":"A description for the federated identity credential.\n"},"displayName":{"type":"string","description":"A unique display name for the federated identity credential. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.\n"},"subject":{"type":"string","description":"The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.\n"}},"type":"object"}},"azuread:index/applicationFlexibleFederatedIdentityCredential:ApplicationFlexibleFederatedIdentityCredential":{"description":"Manages a flexible federated identity credential associated with an application within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationFlexibleFederatedIdentityCredential = new azuread.ApplicationFlexibleFederatedIdentityCredential(\"example\", {\n    applicationId: example.id,\n    claimsMatchingExpression: \"claims['sub'] matches 'repo:contoso/contoso-repo:ref:refs/heads/*' and claims['job_workflow_ref'] matches 'contoso/contoso-prod/.github/workflows/*.yml@refs/heads/main'\",\n    displayName: \"my-repo-deploy\",\n    description: \"Deployments for my-repo\",\n    audience: \"api://AzureADTokenExchange\",\n    issuer: \"https://token.actions.githubusercontent.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_flexible_federated_identity_credential = azuread.ApplicationFlexibleFederatedIdentityCredential(\"example\",\n    application_id=example.id,\n    claims_matching_expression=\"claims['sub'] matches 'repo:contoso/contoso-repo:ref:refs/heads/*' and claims['job_workflow_ref'] matches 'contoso/contoso-prod/.github/workflows/*.yml@refs/heads/main'\",\n    display_name=\"my-repo-deploy\",\n    description=\"Deployments for my-repo\",\n    audience=\"api://AzureADTokenExchange\",\n    issuer=\"https://token.actions.githubusercontent.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationFlexibleFederatedIdentityCredential = new AzureAD.Index.ApplicationFlexibleFederatedIdentityCredential(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        ClaimsMatchingExpression = \"claims['sub'] matches 'repo:contoso/contoso-repo:ref:refs/heads/*' and claims['job_workflow_ref'] matches 'contoso/contoso-prod/.github/workflows/*.yml@refs/heads/main'\",\n        DisplayName = \"my-repo-deploy\",\n        Description = \"Deployments for my-repo\",\n        Audience = \"api://AzureADTokenExchange\",\n        Issuer = \"https://token.actions.githubusercontent.com\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationFlexibleFederatedIdentityCredential(ctx, \"example\", \u0026azuread.ApplicationFlexibleFederatedIdentityCredentialArgs{\n\t\t\tApplicationId:            example.ID(),\n\t\t\tClaimsMatchingExpression: pulumi.String(\"claims['sub'] matches 'repo:contoso/contoso-repo:ref:refs/heads/*' and claims['job_workflow_ref'] matches 'contoso/contoso-prod/.github/workflows/*.yml@refs/heads/main'\"),\n\t\t\tDisplayName:              pulumi.String(\"my-repo-deploy\"),\n\t\t\tDescription:              pulumi.String(\"Deployments for my-repo\"),\n\t\t\tAudience:                 pulumi.String(\"api://AzureADTokenExchange\"),\n\t\t\tIssuer:                   pulumi.String(\"https://token.actions.githubusercontent.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationFlexibleFederatedIdentityCredential;\nimport com.pulumi.azuread.ApplicationFlexibleFederatedIdentityCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationFlexibleFederatedIdentityCredential = new ApplicationFlexibleFederatedIdentityCredential(\"exampleApplicationFlexibleFederatedIdentityCredential\", ApplicationFlexibleFederatedIdentityCredentialArgs.builder()\n            .applicationId(example.id())\n            .claimsMatchingExpression(\"claims['sub'] matches 'repo:contoso/contoso-repo:ref:refs/heads/*' and claims['job_workflow_ref'] matches 'contoso/contoso-prod/.github/workflows/*.yml@refs/heads/main'\")\n            .displayName(\"my-repo-deploy\")\n            .description(\"Deployments for my-repo\")\n            .audience(\"api://AzureADTokenExchange\")\n            .issuer(\"https://token.actions.githubusercontent.com\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationFlexibleFederatedIdentityCredential:\n    type: azuread:ApplicationFlexibleFederatedIdentityCredential\n    name: example\n    properties:\n      applicationId: ${example.id}\n      claimsMatchingExpression: claims['sub'] matches 'repo:contoso/contoso-repo:ref:refs/heads/*' and claims['job_workflow_ref'] matches 'contoso/contoso-prod/.github/workflows/*.yml@refs/heads/main'\n      displayName: my-repo-deploy\n      description: Deployments for my-repo\n      audience: api://AzureADTokenExchange\n      issuer: https://token.actions.githubusercontent.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFlexible Federated Identity Credentials can be imported using the object ID of the associated application and the ID of the flexible federated identity credential, e.g.\n\n```sh\n$ pulumi import azuread:index/applicationFlexibleFederatedIdentityCredential:ApplicationFlexibleFederatedIdentityCredential example 00000000-0000-0000-0000-000000000000/federatedIdentityCredential/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the application's object ID, the string \"federatedIdentityCredential\" and the credential ID in the format `{ObjectId}/federatedIdentityCredential/{CredentialId}`.\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.\n"},"audience":{"type":"string","description":"The audience that can appear in the external token. This specifies what should be accepted in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim of incoming tokens.\n"},"claimsMatchingExpression":{"type":"string","description":"The expression to match for claims. See the Preview Documentation for more information.\n"},"credentialId":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential.\n"},"description":{"type":"string","description":"A description for the federated identity credential.\n"},"displayName":{"type":"string","description":"A unique display name for the federated identity credential. Changing this forces a new resource to be created.\n"},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged.\n"}},"required":["applicationId","audience","claimsMatchingExpression","credentialId","displayName","issuer"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"audience":{"type":"string","description":"The audience that can appear in the external token. This specifies what should be accepted in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim of incoming tokens.\n"},"claimsMatchingExpression":{"type":"string","description":"The expression to match for claims. See the Preview Documentation for more information.\n"},"description":{"type":"string","description":"A description for the federated identity credential.\n"},"displayName":{"type":"string","description":"A unique display name for the federated identity credential. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged.\n"}},"requiredInputs":["applicationId","audience","claimsMatchingExpression","displayName","issuer"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationFlexibleFederatedIdentityCredential resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"audience":{"type":"string","description":"The audience that can appear in the external token. This specifies what should be accepted in the \u003cspan pulumi-lang-nodejs=\"`aud`\" pulumi-lang-dotnet=\"`Aud`\" pulumi-lang-go=\"`aud`\" pulumi-lang-python=\"`aud`\" pulumi-lang-yaml=\"`aud`\" pulumi-lang-java=\"`aud`\"\u003e`aud`\u003c/span\u003e claim of incoming tokens.\n"},"claimsMatchingExpression":{"type":"string","description":"The expression to match for claims. See the Preview Documentation for more information.\n"},"credentialId":{"type":"string","description":"A UUID used to uniquely identify this federated identity credential.\n"},"description":{"type":"string","description":"A description for the federated identity credential.\n"},"displayName":{"type":"string","description":"A unique display name for the federated identity credential. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"issuer":{"type":"string","description":"The URL of the external identity provider, which must match the issuer claim of the external token being exchanged.\n"}},"type":"object"}},"azuread:index/applicationFromTemplate:ApplicationFromTemplate":{"description":"Creates an application registration and associated service principal from a gallery template.\n\n\u003e The\u003cspan pulumi-lang-nodejs=\" azuread.Application \" pulumi-lang-dotnet=\" azuread.Application \" pulumi-lang-go=\" Application \" pulumi-lang-python=\" Application \" pulumi-lang-yaml=\" azuread.Application \" pulumi-lang-java=\" azuread.Application \"\u003e azuread.Application \u003c/span\u003eresource can also be used to instantiate a gallery application, however unlike the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource, this resource does not attempt to manage any properties of the resulting application.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n    displayName: \"Marketo\",\n});\nconst exampleApplicationFromTemplate = new azuread.ApplicationFromTemplate(\"example\", {\n    displayName: \"Example Application\",\n    templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleGetApplication = azuread.getApplicationOutput({\n    objectId: exampleApplicationFromTemplate.applicationObjectId,\n});\nconst exampleGetServicePrincipal = azuread.getServicePrincipalOutput({\n    objectId: exampleApplicationFromTemplate.servicePrincipalObjectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Marketo\")\nexample_application_from_template = azuread.ApplicationFromTemplate(\"example\",\n    display_name=\"Example Application\",\n    template_id=example.template_id)\nexample_get_application = azuread.get_application_output(object_id=example_application_from_template.application_object_id)\nexample_get_service_principal = azuread.get_service_principal_output(object_id=example_application_from_template.service_principal_object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetApplicationTemplate.Invoke(new()\n    {\n        DisplayName = \"Marketo\",\n    });\n\n    var exampleApplicationFromTemplate = new AzureAD.Index.ApplicationFromTemplate(\"example\", new()\n    {\n        DisplayName = \"Example Application\",\n        TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n    });\n\n    var exampleGetApplication = AzureAD.Index.GetApplication.Invoke(new()\n    {\n        ObjectId = exampleApplicationFromTemplate.ApplicationObjectId,\n    });\n\n    var exampleGetServicePrincipal = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        ObjectId = exampleApplicationFromTemplate.ServicePrincipalObjectId,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Marketo\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplicationFromTemplate, err := azuread.NewApplicationFromTemplate(ctx, \"example\", \u0026azuread.ApplicationFromTemplateArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Application\"),\n\t\t\tTemplateId:  pulumi.String(pulumi.String(example.TemplateId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = azuread.GetApplicationOutput(ctx, azuread.GetApplicationOutputArgs{\n\t\t\tObjectId: exampleApplicationFromTemplate.ApplicationObjectId,\n\t\t}, nil)\n\t\t_ = azuread.GetServicePrincipalOutput(ctx, azuread.GetServicePrincipalOutputArgs{\n\t\t\tObjectId: exampleApplicationFromTemplate.ServicePrincipalObjectId,\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.ApplicationFromTemplate;\nimport com.pulumi.azuread.ApplicationFromTemplateArgs;\nimport com.pulumi.azuread.inputs.GetApplicationArgs;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n            .displayName(\"Marketo\")\n            .build());\n\n        var exampleApplicationFromTemplate = new ApplicationFromTemplate(\"exampleApplicationFromTemplate\", ApplicationFromTemplateArgs.builder()\n            .displayName(\"Example Application\")\n            .templateId(example.templateId())\n            .build());\n\n        final var exampleGetApplication = AzureadFunctions.getApplication(GetApplicationArgs.builder()\n            .objectId(exampleApplicationFromTemplate.applicationObjectId())\n            .build());\n\n        final var exampleGetServicePrincipal = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .objectId(exampleApplicationFromTemplate.servicePrincipalObjectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleApplicationFromTemplate:\n    type: azuread:ApplicationFromTemplate\n    name: example\n    properties:\n      displayName: Example Application\n      templateId: ${example.templateId}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getApplicationTemplate\n      arguments:\n        displayName: Marketo\n  exampleGetApplication:\n    fn::invoke:\n      function: azuread:getApplication\n      arguments:\n        objectId: ${exampleApplicationFromTemplate.applicationObjectId}\n  exampleGetServicePrincipal:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        objectId: ${exampleApplicationFromTemplate.servicePrincipalObjectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nTemplated Applications can be imported using the template ID, the object ID of the application, and the object ID of the service principal, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationFromTemplate:ApplicationFromTemplate example /applicationTemplates/00000000-0000-0000-0000-000000000000/instantiate/11111111-1111-1111-1111-111111111111/22222222-2222-2222-2222-222222222222\n```\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID for the application.\n"},"applicationObjectId":{"type":"string","description":"The object ID for the application.\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"servicePrincipalId":{"type":"string","description":"The resource ID for the service principal.\n"},"servicePrincipalObjectId":{"type":"string","description":"The object ID for the service principal.\n"},"templateId":{"type":"string","description":"Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.\n"}},"required":["applicationId","applicationObjectId","displayName","servicePrincipalId","servicePrincipalObjectId","templateId"],"inputProperties":{"displayName":{"type":"string","description":"The display name for the application.\n"},"templateId":{"type":"string","description":"Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["displayName","templateId"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationFromTemplate resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID for the application.\n"},"applicationObjectId":{"type":"string","description":"The object ID for the application.\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"servicePrincipalId":{"type":"string","description":"The resource ID for the service principal.\n"},"servicePrincipalObjectId":{"type":"string","description":"The object ID for the service principal.\n"},"templateId":{"type":"string","description":"Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/applicationIdentifierUri:ApplicationIdentifierUri":{"description":"Manages a single Identifier URI for an application registration.\n\nThis resource is analogous to the \u003cspan pulumi-lang-nodejs=\"`identifierUris`\" pulumi-lang-dotnet=\"`IdentifierUris`\" pulumi-lang-go=\"`identifierUris`\" pulumi-lang-python=\"`identifier_uris`\" pulumi-lang-yaml=\"`identifierUris`\" pulumi-lang-java=\"`identifierUris`\"\u003e`identifierUris`\u003c/span\u003e property in the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource. When using these resources together, you should use the \u003cspan pulumi-lang-nodejs=\"`ignoreChanges`\" pulumi-lang-dotnet=\"`IgnoreChanges`\" pulumi-lang-go=\"`ignoreChanges`\" pulumi-lang-python=\"`ignore_changes`\" pulumi-lang-yaml=\"`ignoreChanges`\" pulumi-lang-java=\"`ignoreChanges`\"\u003e`ignoreChanges`\u003c/span\u003e lifecycle meta-argument (see example below).\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationIdentifierUri = new azuread.ApplicationIdentifierUri(\"example\", {\n    applicationId: example.id,\n    identifierUri: \"https://app.example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_identifier_uri = azuread.ApplicationIdentifierUri(\"example\",\n    application_id=example.id,\n    identifier_uri=\"https://app.example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationIdentifierUri = new AzureAD.Index.ApplicationIdentifierUri(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        IdentifierUri = \"https://app.example.com\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationIdentifierUri(ctx, \"example\", \u0026azuread.ApplicationIdentifierUriArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tIdentifierUri: pulumi.String(\"https://app.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationIdentifierUri;\nimport com.pulumi.azuread.ApplicationIdentifierUriArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationIdentifierUri = new ApplicationIdentifierUri(\"exampleApplicationIdentifierUri\", ApplicationIdentifierUriArgs.builder()\n            .applicationId(example.id())\n            .identifierUri(\"https://app.example.com\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationIdentifierUri:\n    type: azuread:ApplicationIdentifierUri\n    name: example\n    properties:\n      applicationId: ${example.id}\n      identifierUri: https://app.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing multiple identifier URIs for the same application, create another instance of this resource\n\n*Usage with\u003cspan pulumi-lang-nodejs=\" azuread.Application \" pulumi-lang-dotnet=\" azuread.Application \" pulumi-lang-go=\" Application \" pulumi-lang-python=\" Application \" pulumi-lang-yaml=\" azuread.Application \" pulumi-lang-java=\" azuread.Application \"\u003e azuread.Application \u003c/span\u003eresource*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleApplicationIdentifierUri = new azuread.ApplicationIdentifierUri(\"example\", {applicationId: example.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_application_identifier_uri = azuread.ApplicationIdentifierUri(\"example\", application_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationIdentifierUri = new AzureAD.Index.ApplicationIdentifierUri(\"example\", new()\n    {\n        ApplicationId = example.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationIdentifierUri(ctx, \"example\", \u0026azuread.ApplicationIdentifierUriArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ApplicationIdentifierUri;\nimport com.pulumi.azuread.ApplicationIdentifierUriArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationIdentifierUri = new ApplicationIdentifierUri(\"exampleApplicationIdentifierUri\", ApplicationIdentifierUriArgs.builder()\n            .applicationId(example.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleApplicationIdentifierUri:\n    type: azuread:ApplicationIdentifierUri\n    name: example\n    properties:\n      applicationId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Identifier URIs can be imported using the object ID of the application and the base64-encoded identifier URI, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationIdentifierUri:ApplicationIdentifierUri example /applications/00000000-0000-0000-0000-000000000000/identifierUris/aHR0cHM6Ly9leGFtcGxlLm5ldC8=\n```\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"identifierUri":{"type":"string","description":"The user-defined URI that uniquely identifies an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. Changing this forces a new resource to be created.\n"}},"required":["applicationId","identifierUri"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"identifierUri":{"type":"string","description":"The user-defined URI that uniquely identifies an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["applicationId","identifierUri"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationIdentifierUri resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"identifierUri":{"type":"string","description":"The user-defined URI that uniquely identifies an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/applicationKnownClients:ApplicationKnownClients":{"description":"Manages the known client applications for an application registration.\n\n\u003e This resource is incompatible with the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource, instead use this with the \u003cspan pulumi-lang-nodejs=\"`azuread.ApplicationRegistration`\" pulumi-lang-dotnet=\"`azuread.ApplicationRegistration`\" pulumi-lang-go=\"`ApplicationRegistration`\" pulumi-lang-python=\"`ApplicationRegistration`\" pulumi-lang-yaml=\"`azuread.ApplicationRegistration`\" pulumi-lang-java=\"`azuread.ApplicationRegistration`\"\u003e`azuread.ApplicationRegistration`\u003c/span\u003e resource.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst client = new azuread.ApplicationRegistration(\"client\", {displayName: \"example client\"});\nconst exampleApplicationKnownClients = new azuread.ApplicationKnownClients(\"example\", {\n    applicationId: example.id,\n    knownClientIds: [client.clientId],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nclient = azuread.ApplicationRegistration(\"client\", display_name=\"example client\")\nexample_application_known_clients = azuread.ApplicationKnownClients(\"example\",\n    application_id=example.id,\n    known_client_ids=[client.client_id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var client = new AzureAD.Index.ApplicationRegistration(\"client\", new()\n    {\n        DisplayName = \"example client\",\n    });\n\n    var exampleApplicationKnownClients = new AzureAD.Index.ApplicationKnownClients(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        KnownClientIds = new[]\n        {\n            client.ClientId,\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := azuread.NewApplicationRegistration(ctx, \"client\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationKnownClients(ctx, \"example\", \u0026azuread.ApplicationKnownClientsArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tKnownClientIds: pulumi.StringArray{\n\t\t\t\tclient.ClientId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationKnownClients;\nimport com.pulumi.azuread.ApplicationKnownClientsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var client = new ApplicationRegistration(\"client\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example client\")\n            .build());\n\n        var exampleApplicationKnownClients = new ApplicationKnownClients(\"exampleApplicationKnownClients\", ApplicationKnownClientsArgs.builder()\n            .applicationId(example.id())\n            .knownClientIds(client.clientId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  client:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example client\n  exampleApplicationKnownClients:\n    type: azuread:ApplicationKnownClients\n    name: example\n    properties:\n      applicationId: ${example.id}\n      knownClientIds:\n        - ${client.clientId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Known Clients can be imported using the object ID of the application in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationKnownClients:ApplicationKnownClients example /applications/00000000-0000-0000-0000-000000000000/knownClients\n```\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"knownClientIds":{"type":"array","items":{"type":"string"},"description":"A set of client IDs for the known applications.\n"}},"required":["applicationId","knownClientIds"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"knownClientIds":{"type":"array","items":{"type":"string"},"description":"A set of client IDs for the known applications.\n"}},"requiredInputs":["applicationId","knownClientIds"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationKnownClients resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"knownClientIds":{"type":"array","items":{"type":"string"},"description":"A set of client IDs for the known applications.\n"}},"type":"object"}},"azuread:index/applicationOptionalClaims:ApplicationOptionalClaims":{"description":"Manages optional claims for an application registration.\n\nThis resource is analogous to the \u003cspan pulumi-lang-nodejs=\"`optionalClaims`\" pulumi-lang-dotnet=\"`OptionalClaims`\" pulumi-lang-go=\"`optionalClaims`\" pulumi-lang-python=\"`optional_claims`\" pulumi-lang-yaml=\"`optionalClaims`\" pulumi-lang-java=\"`optionalClaims`\"\u003e`optionalClaims`\u003c/span\u003e block in the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource. When using these resources together, you should use the \u003cspan pulumi-lang-nodejs=\"`ignoreChanges`\" pulumi-lang-dotnet=\"`IgnoreChanges`\" pulumi-lang-go=\"`ignoreChanges`\" pulumi-lang-python=\"`ignore_changes`\" pulumi-lang-yaml=\"`ignoreChanges`\" pulumi-lang-java=\"`ignoreChanges`\"\u003e`ignoreChanges`\u003c/span\u003e lifecycle meta-argument (see example below).\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationOptionalClaims = new azuread.ApplicationOptionalClaims(\"example\", {\n    applicationId: example.id,\n    accessTokens: [\n        {\n            name: \"myclaim\",\n        },\n        {\n            name: \"otherclaim\",\n        },\n    ],\n    idTokens: [{\n        name: \"userclaim\",\n        source: \"user\",\n        essential: true,\n        additionalProperties: [\"emit_as_roles\"],\n    }],\n    saml2Tokens: [{\n        name: \"samlexample\",\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_optional_claims = azuread.ApplicationOptionalClaims(\"example\",\n    application_id=example.id,\n    access_tokens=[\n        {\n            \"name\": \"myclaim\",\n        },\n        {\n            \"name\": \"otherclaim\",\n        },\n    ],\n    id_tokens=[{\n        \"name\": \"userclaim\",\n        \"source\": \"user\",\n        \"essential\": True,\n        \"additional_properties\": [\"emit_as_roles\"],\n    }],\n    saml2_tokens=[{\n        \"name\": \"samlexample\",\n    }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationOptionalClaims = new AzureAD.Index.ApplicationOptionalClaims(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        AccessTokens = new[]\n        {\n            new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs\n            {\n                Name = \"myclaim\",\n            },\n            new AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs\n            {\n                Name = \"otherclaim\",\n            },\n        },\n        IdTokens = new[]\n        {\n            new AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs\n            {\n                Name = \"userclaim\",\n                Source = \"user\",\n                Essential = true,\n                AdditionalProperties = new[]\n                {\n                    \"emit_as_roles\",\n                },\n            },\n        },\n        Saml2Tokens = new[]\n        {\n            new AzureAD.Inputs.ApplicationOptionalClaimsSaml2TokenArgs\n            {\n                Name = \"samlexample\",\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationOptionalClaims(ctx, \"example\", \u0026azuread.ApplicationOptionalClaimsArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tAccessTokens: azuread.ApplicationOptionalClaimsAccessTokenArray{\n\t\t\t\t\u0026azuread.ApplicationOptionalClaimsAccessTokenArgs{\n\t\t\t\t\tName: pulumi.String(\"myclaim\"),\n\t\t\t\t},\n\t\t\t\t\u0026azuread.ApplicationOptionalClaimsAccessTokenArgs{\n\t\t\t\t\tName: pulumi.String(\"otherclaim\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tIdTokens: azuread.ApplicationOptionalClaimsIdTokenArray{\n\t\t\t\t\u0026azuread.ApplicationOptionalClaimsIdTokenArgs{\n\t\t\t\t\tName:      pulumi.String(\"userclaim\"),\n\t\t\t\t\tSource:    pulumi.String(\"user\"),\n\t\t\t\t\tEssential: pulumi.Bool(true),\n\t\t\t\t\tAdditionalProperties: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"emit_as_roles\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSaml2Tokens: azuread.ApplicationOptionalClaimsSaml2TokenArray{\n\t\t\t\t\u0026azuread.ApplicationOptionalClaimsSaml2TokenArgs{\n\t\t\t\t\tName: pulumi.String(\"samlexample\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationOptionalClaims;\nimport com.pulumi.azuread.ApplicationOptionalClaimsArgs;\nimport com.pulumi.azuread.inputs.ApplicationOptionalClaimsAccessTokenArgs;\nimport com.pulumi.azuread.inputs.ApplicationOptionalClaimsIdTokenArgs;\nimport com.pulumi.azuread.inputs.ApplicationOptionalClaimsSaml2TokenArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationOptionalClaims = new ApplicationOptionalClaims(\"exampleApplicationOptionalClaims\", ApplicationOptionalClaimsArgs.builder()\n            .applicationId(example.id())\n            .accessTokens(            \n                ApplicationOptionalClaimsAccessTokenArgs.builder()\n                    .name(\"myclaim\")\n                    .build(),\n                ApplicationOptionalClaimsAccessTokenArgs.builder()\n                    .name(\"otherclaim\")\n                    .build())\n            .idTokens(ApplicationOptionalClaimsIdTokenArgs.builder()\n                .name(\"userclaim\")\n                .source(\"user\")\n                .essential(true)\n                .additionalProperties(\"emit_as_roles\")\n                .build())\n            .saml2Tokens(ApplicationOptionalClaimsSaml2TokenArgs.builder()\n                .name(\"samlexample\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationOptionalClaims:\n    type: azuread:ApplicationOptionalClaims\n    name: example\n    properties:\n      applicationId: ${example.id}\n      accessTokens:\n        - name: myclaim\n        - name: otherclaim\n      idTokens:\n        - name: userclaim\n          source: user\n          essential: true\n          additionalProperties:\n            - emit_as_roles\n      saml2Tokens:\n        - name: samlexample\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Optional Claims can be imported using the object ID of the application, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationOptionalClaims:ApplicationOptionalClaims example /applications/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"accessTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsAccessToken:ApplicationOptionalClaimsAccessToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e blocks as documented below.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"idTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsIdToken:ApplicationOptionalClaimsIdToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e blocks as documented below.\n"},"saml2Tokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsSaml2Token:ApplicationOptionalClaimsSaml2Token"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e blocks as documented below.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e must be specified\n"}},"required":["applicationId"],"inputProperties":{"accessTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsAccessToken:ApplicationOptionalClaimsAccessToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e blocks as documented below.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"idTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsIdToken:ApplicationOptionalClaimsIdToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e blocks as documented below.\n"},"saml2Tokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsSaml2Token:ApplicationOptionalClaimsSaml2Token"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e blocks as documented below.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e must be specified\n"}},"requiredInputs":["applicationId"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationOptionalClaims resources.\n","properties":{"accessTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsAccessToken:ApplicationOptionalClaimsAccessToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e blocks as documented below.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"idTokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsIdToken:ApplicationOptionalClaimsIdToken"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e blocks as documented below.\n"},"saml2Tokens":{"type":"array","items":{"$ref":"#/types/azuread:index/ApplicationOptionalClaimsSaml2Token:ApplicationOptionalClaimsSaml2Token"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e blocks as documented below.\n\n\u003e At least one of \u003cspan pulumi-lang-nodejs=\"`accessToken`\" pulumi-lang-dotnet=\"`AccessToken`\" pulumi-lang-go=\"`accessToken`\" pulumi-lang-python=\"`access_token`\" pulumi-lang-yaml=\"`accessToken`\" pulumi-lang-java=\"`accessToken`\"\u003e`accessToken`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`idToken`\" pulumi-lang-dotnet=\"`IdToken`\" pulumi-lang-go=\"`idToken`\" pulumi-lang-python=\"`id_token`\" pulumi-lang-yaml=\"`idToken`\" pulumi-lang-java=\"`idToken`\"\u003e`idToken`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`saml2Token`\" pulumi-lang-dotnet=\"`Saml2Token`\" pulumi-lang-go=\"`saml2Token`\" pulumi-lang-python=\"`saml2_token`\" pulumi-lang-yaml=\"`saml2Token`\" pulumi-lang-java=\"`saml2Token`\"\u003e`saml2Token`\u003c/span\u003e must be specified\n"}},"type":"object"}},"azuread:index/applicationOwner:ApplicationOwner":{"description":"Manages a single owner of an application registration.\n\n\u003e This resource is incompatible with the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource, instead use this with the \u003cspan pulumi-lang-nodejs=\"`azuread.ApplicationRegistration`\" pulumi-lang-dotnet=\"`azuread.ApplicationRegistration`\" pulumi-lang-go=\"`ApplicationRegistration`\" pulumi-lang-python=\"`ApplicationRegistration`\" pulumi-lang-yaml=\"`azuread.ApplicationRegistration`\" pulumi-lang-java=\"`azuread.ApplicationRegistration`\"\u003e`azuread.ApplicationRegistration`\u003c/span\u003e resource.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Pulumi must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst jane = new azuread.User(\"jane\", {\n    userPrincipalName: \"jane.fischer@example.com\",\n    displayName: \"Jane Fischer\",\n    password: \"Ch@ngeMe\",\n});\nconst exampleJane = new azuread.ApplicationOwner(\"example_jane\", {\n    applicationId: example.id,\n    ownerObjectId: jane.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\njane = azuread.User(\"jane\",\n    user_principal_name=\"jane.fischer@example.com\",\n    display_name=\"Jane Fischer\",\n    password=\"Ch@ngeMe\")\nexample_jane = azuread.ApplicationOwner(\"example_jane\",\n    application_id=example.id,\n    owner_object_id=jane.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var jane = new AzureAD.Index.User(\"jane\", new()\n    {\n        UserPrincipalName = \"jane.fischer@example.com\",\n        DisplayName = \"Jane Fischer\",\n        Password = \"Ch@ngeMe\",\n    });\n\n    var exampleJane = new AzureAD.Index.ApplicationOwner(\"example_jane\", new()\n    {\n        ApplicationId = example.Id,\n        OwnerObjectId = jane.ObjectId,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjane, err := azuread.NewUser(ctx, \"jane\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jane.fischer@example.com\"),\n\t\t\tDisplayName:       pulumi.String(\"Jane Fischer\"),\n\t\t\tPassword:          pulumi.String(\"Ch@ngeMe\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationOwner(ctx, \"example_jane\", \u0026azuread.ApplicationOwnerArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tOwnerObjectId: jane.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.ApplicationOwner;\nimport com.pulumi.azuread.ApplicationOwnerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var jane = new User(\"jane\", UserArgs.builder()\n            .userPrincipalName(\"jane.fischer@example.com\")\n            .displayName(\"Jane Fischer\")\n            .password(\"Ch@ngeMe\")\n            .build());\n\n        var exampleJane = new ApplicationOwner(\"exampleJane\", ApplicationOwnerArgs.builder()\n            .applicationId(example.id())\n            .ownerObjectId(jane.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  jane:\n    type: azuread:User\n    properties:\n      userPrincipalName: jane.fischer@example.com\n      displayName: Jane Fischer\n      password: Ch@ngeMe\n  exampleJane:\n    type: azuread:ApplicationOwner\n    name: example_jane\n    properties:\n      applicationId: ${example.id}\n      ownerObjectId: ${jane.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing more application owners, create additional instances of this resource\n\n## Import\n\nApplication Owners can be imported using the object ID of the application and the object ID of the owner, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationOwner:ApplicationOwner example /applications/00000000-0000-0000-0000-000000000000/owners/11111111-1111-1111-1111-111111111111\n```\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"ownerObjectId":{"type":"string","description":"The object ID of the owner to assign to the application, typically a user or service principal. Changing this forces a new resource to be created.\n"}},"required":["applicationId","ownerObjectId"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"ownerObjectId":{"type":"string","description":"The object ID of the owner to assign to the application, typically a user or service principal. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["applicationId","ownerObjectId"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationOwner resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"ownerObjectId":{"type":"string","description":"The object ID of the owner to assign to the application, typically a user or service principal. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/applicationPassword:ApplicationPassword":{"description":"Manages a password credential associated with an application within Azure Active Directory. These are also referred to as client secrets during authentication.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleApplicationPassword = new azuread.ApplicationPassword(\"example\", {applicationId: example.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_application_password = azuread.ApplicationPassword(\"example\", application_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationPassword = new AzureAD.Index.ApplicationPassword(\"example\", new()\n    {\n        ApplicationId = example.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationPassword(ctx, \"example\", \u0026azuread.ApplicationPasswordArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationPassword;\nimport com.pulumi.azuread.ApplicationPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationPassword = new ApplicationPassword(\"exampleApplicationPassword\", ApplicationPasswordArgs.builder()\n            .applicationId(example.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleApplicationPassword:\n    type: azuread:ApplicationPassword\n    name: example\n    properties:\n      applicationId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Time-based rotation*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as time from \"@pulumiverse/time\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleRotating = new time.Rotating(\"example\", {rotationDays: 7});\nconst exampleApplicationPassword = new azuread.ApplicationPassword(\"example\", {\n    applicationId: example.id,\n    rotateWhenChanged: {\n        rotation: exampleRotating.id,\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumiverse_time as time\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_rotating = time.Rotating(\"example\", rotation_days=7)\nexample_application_password = azuread.ApplicationPassword(\"example\",\n    application_id=example.id,\n    rotate_when_changed={\n        \"rotation\": example_rotating.id,\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Time = Pulumiverse.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleRotating = new Time.Index.Rotating(\"example\", new()\n    {\n        RotationDays = 7,\n    });\n\n    var exampleApplicationPassword = new AzureAD.Index.ApplicationPassword(\"example\", new()\n    {\n        ApplicationId = example.Id,\n        RotateWhenChanged = \n        {\n            { \"rotation\", exampleRotating.Id },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-time/sdk/go/time\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRotating, err := time.NewRotating(ctx, \"example\", \u0026time.RotatingArgs{\n\t\t\tRotationDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationPassword(ctx, \"example\", \u0026azuread.ApplicationPasswordArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tRotateWhenChanged: pulumi.StringMap{\n\t\t\t\t\"rotation\": exampleRotating.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumiverse.time.Rotating;\nimport com.pulumiverse.time.RotatingArgs;\nimport com.pulumi.azuread.ApplicationPassword;\nimport com.pulumi.azuread.ApplicationPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleRotating = new Rotating(\"exampleRotating\", RotatingArgs.builder()\n            .rotationDays(7)\n            .build());\n\n        var exampleApplicationPassword = new ApplicationPassword(\"exampleApplicationPassword\", ApplicationPasswordArgs.builder()\n            .applicationId(example.id())\n            .rotateWhenChanged(Map.of(\"rotation\", exampleRotating.id()))\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleRotating:\n    type: time:Rotating\n    name: example\n    properties:\n      rotationDays: 7\n  exampleApplicationPassword:\n    type: azuread:ApplicationPassword\n    name: example\n    properties:\n      applicationId: ${example.id}\n      rotateWhenChanged:\n        rotation: ${exampleRotating.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this password should be created. Changing this field forces a new resource to be created.\n"},"displayName":{"type":"string","description":"A display name for the password. Changing this field forces a new resource to be created.\n"},"endDate":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n"},"endDateRelative":{"type":"string","description":"A relative duration for which the password is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property."},"keyId":{"type":"string","description":"A UUID used to uniquely identify this password credential.\n"},"rotateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.\n"},"startDate":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.\n"},"value":{"type":"string","description":"The password for this application, which is generated by Azure Active Directory.\n","secret":true}},"required":["applicationId","displayName","endDate","keyId","startDate","value"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this password should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"displayName":{"type":"string","description":"A display name for the password. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the password is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"rotateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["applicationId"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationPassword resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which this password should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"displayName":{"type":"string","description":"A display name for the password. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the password is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"keyId":{"type":"string","description":"A UUID used to uniquely identify this password credential.\n"},"rotateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The password for this application, which is generated by Azure Active Directory.\n","secret":true}},"type":"object"}},"azuread:index/applicationPermissionScope:ApplicationPermissionScope":{"description":"Manages a permission scope for an application registration.\n\nThis resource is analogous to the \u003cspan pulumi-lang-nodejs=\"`oauth2PermissionScope`\" pulumi-lang-dotnet=\"`Oauth2PermissionScope`\" pulumi-lang-go=\"`oauth2PermissionScope`\" pulumi-lang-python=\"`oauth2_permission_scope`\" pulumi-lang-yaml=\"`oauth2PermissionScope`\" pulumi-lang-java=\"`oauth2PermissionScope`\"\u003e`oauth2PermissionScope`\u003c/span\u003e block in the \u003cspan pulumi-lang-nodejs=\"`api`\" pulumi-lang-dotnet=\"`Api`\" pulumi-lang-go=\"`api`\" pulumi-lang-python=\"`api`\" pulumi-lang-yaml=\"`api`\" pulumi-lang-java=\"`api`\"\u003e`api`\u003c/span\u003e block of the  \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource. When using these resources together, you should use the \u003cspan pulumi-lang-nodejs=\"`ignoreChanges`\" pulumi-lang-dotnet=\"`IgnoreChanges`\" pulumi-lang-go=\"`ignoreChanges`\" pulumi-lang-python=\"`ignore_changes`\" pulumi-lang-yaml=\"`ignoreChanges`\" pulumi-lang-java=\"`ignoreChanges`\"\u003e`ignoreChanges`\u003c/span\u003e lifecycle meta-argument (see example below).\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as random from \"@pulumi/random\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst exampleAdminister = new random.index.Uuid(\"example_administer\", {});\nconst exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope(\"example\", {\n    applicationId: test.id,\n    scopeId: exampleAdminister.id,\n    value: \"administer\",\n    adminConsentDescription: \"Administer the application\",\n    adminConsentDisplayName: \"Administer\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_random as random\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_administer = random.Uuid(\"example_administer\")\nexample_application_permission_scope = azuread.ApplicationPermissionScope(\"example\",\n    application_id=test[\"id\"],\n    scope_id=example_administer[\"id\"],\n    value=\"administer\",\n    admin_consent_description=\"Administer the application\",\n    admin_consent_display_name=\"Administer\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Random = Pulumi.Random;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleAdminister = new Random.Index.Uuid(\"example_administer\");\n\n    var exampleApplicationPermissionScope = new AzureAD.Index.ApplicationPermissionScope(\"example\", new()\n    {\n        ApplicationId = test.Id,\n        ScopeId = exampleAdminister.Id,\n        Value = \"administer\",\n        AdminConsentDescription = \"Administer the application\",\n        AdminConsentDisplayName = \"Administer\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-random/sdk/v4/go/random\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAdminister, err := random.NewUuid(ctx, \"example_administer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationPermissionScope(ctx, \"example\", \u0026azuread.ApplicationPermissionScopeArgs{\n\t\t\tApplicationId:           pulumi.Any(test.Id),\n\t\t\tScopeId:                 exampleAdminister.Id,\n\t\t\tValue:                   pulumi.String(\"administer\"),\n\t\t\tAdminConsentDescription: pulumi.String(\"Administer the application\"),\n\t\t\tAdminConsentDisplayName: pulumi.String(\"Administer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.random.Uuid;\nimport com.pulumi.azuread.ApplicationPermissionScope;\nimport com.pulumi.azuread.ApplicationPermissionScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleAdminister = new Uuid(\"exampleAdminister\");\n\n        var exampleApplicationPermissionScope = new ApplicationPermissionScope(\"exampleApplicationPermissionScope\", ApplicationPermissionScopeArgs.builder()\n            .applicationId(test.id())\n            .scopeId(exampleAdminister.id())\n            .value(\"administer\")\n            .adminConsentDescription(\"Administer the application\")\n            .adminConsentDisplayName(\"Administer\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  exampleAdminister:\n    type: random:Uuid\n    name: example_administer\n  exampleApplicationPermissionScope:\n    type: azuread:ApplicationPermissionScope\n    name: example\n    properties:\n      applicationId: ${test.id}\n      scopeId: ${exampleAdminister.id}\n      value: administer\n      adminConsentDescription: Administer the application\n      adminConsentDisplayName: Administer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **Tip** For managing more permissions scopes, create additional instances of this resource\n\n*Usage with\u003cspan pulumi-lang-nodejs=\" azuread.Application \" pulumi-lang-dotnet=\" azuread.Application \" pulumi-lang-go=\" Application \" pulumi-lang-python=\" Application \" pulumi-lang-yaml=\" azuread.Application \" pulumi-lang-java=\" azuread.Application \"\u003e azuread.Application \u003c/span\u003eresource*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope(\"example\", {applicationId: example.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_application_permission_scope = azuread.ApplicationPermissionScope(\"example\", application_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleApplicationPermissionScope = new AzureAD.Index.ApplicationPermissionScope(\"example\", new()\n    {\n        ApplicationId = example.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationPermissionScope(ctx, \"example\", \u0026azuread.ApplicationPermissionScopeArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ApplicationPermissionScope;\nimport com.pulumi.azuread.ApplicationPermissionScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleApplicationPermissionScope = new ApplicationPermissionScope(\"exampleApplicationPermissionScope\", ApplicationPermissionScopeArgs.builder()\n            .applicationId(example.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleApplicationPermissionScope:\n    type: azuread:ApplicationPermissionScope\n    name: example\n    properties:\n      applicationId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication App Roles can be imported using the object ID of the application and the ID of the permission scope, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationPermissionScope:ApplicationPermissionScope example /applications/00000000-0000-0000-0000-000000000000/permissionScopes/11111111-1111-1111-1111-111111111111\n```\n\n","properties":{"adminConsentDescription":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.\n"},"adminConsentDisplayName":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"scopeId":{"type":"string","description":"The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.\n"},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.\n"},"userConsentDescription":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.\n"},"userConsentDisplayName":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience.\n\n\u003e **Tip** Use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource to generate UUIDs and save them to state for permission scopes within your Terraform configuration\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth access tokens.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.\n"}},"required":["adminConsentDescription","adminConsentDisplayName","applicationId","scopeId","value"],"inputProperties":{"adminConsentDescription":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.\n"},"adminConsentDisplayName":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"scopeId":{"type":"string","description":"The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.\n"},"userConsentDescription":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.\n"},"userConsentDisplayName":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience.\n\n\u003e **Tip** Use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource to generate UUIDs and save them to state for permission scopes within your Terraform configuration\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth access tokens.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.\n"}},"requiredInputs":["adminConsentDescription","adminConsentDisplayName","applicationId","scopeId","value"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationPermissionScope resources.\n","properties":{"adminConsentDescription":{"type":"string","description":"Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.\n"},"adminConsentDisplayName":{"type":"string","description":"Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.\n"},"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"scopeId":{"type":"string","description":"The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.\n"},"userConsentDescription":{"type":"string","description":"Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.\n"},"userConsentDisplayName":{"type":"string","description":"Display name for the delegated permission that appears in the end user consent experience.\n\n\u003e **Tip** Use the \u003cspan pulumi-lang-nodejs=\"`randomUuid`\" pulumi-lang-dotnet=\"`RandomUuid`\" pulumi-lang-go=\"`randomUuid`\" pulumi-lang-python=\"`random_uuid`\" pulumi-lang-yaml=\"`randomUuid`\" pulumi-lang-java=\"`randomUuid`\"\u003e`randomUuid`\u003c/span\u003e resource to generate UUIDs and save them to state for permission scopes within your Terraform configuration\n"},"value":{"type":"string","description":"The value that is used for the \u003cspan pulumi-lang-nodejs=\"`scp`\" pulumi-lang-dotnet=\"`Scp`\" pulumi-lang-go=\"`scp`\" pulumi-lang-python=\"`scp`\" pulumi-lang-yaml=\"`scp`\" pulumi-lang-java=\"`scp`\"\u003e`scp`\u003c/span\u003e claim in OAuth access tokens.\n\n\u003e **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.\n"}},"type":"object"}},"azuread:index/applicationPreAuthorized:ApplicationPreAuthorized":{"description":"Manages client applications that are pre-authorized with the specified permissions to access an application's APIs without requiring user consent.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst authorized = new azuread.ApplicationRegistration(\"authorized\", {displayName: \"example-authorized-app\"});\nconst authorizer = new azuread.Application(\"authorizer\", {\n    displayName: \"example-authorizing-app\",\n    api: {\n        oauth2PermissionScopes: [\n            {\n                adminConsentDescription: \"Administer the application\",\n                adminConsentDisplayName: \"Administer\",\n                enabled: true,\n                id: \"00000000-0000-0000-0000-000000000000\",\n                type: \"Admin\",\n                value: \"administer\",\n            },\n            {\n                adminConsentDescription: \"Access the application\",\n                adminConsentDisplayName: \"Access\",\n                enabled: true,\n                id: \"11111111-1111-1111-1111-111111111111\",\n                type: \"User\",\n                userConsentDescription: \"Access the application\",\n                userConsentDisplayName: \"Access\",\n                value: \"user_impersonation\",\n            },\n        ],\n    },\n});\nconst example = new azuread.ApplicationPreAuthorized(\"example\", {\n    applicationId: authorizer.id,\n    authorizedClientId: authorized.clientId,\n    permissionIds: [\n        \"00000000-0000-0000-0000-000000000000\",\n        \"11111111-1111-1111-1111-111111111111\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nauthorized = azuread.ApplicationRegistration(\"authorized\", display_name=\"example-authorized-app\")\nauthorizer = azuread.Application(\"authorizer\",\n    display_name=\"example-authorizing-app\",\n    api={\n        \"oauth2_permission_scopes\": [\n            {\n                \"admin_consent_description\": \"Administer the application\",\n                \"admin_consent_display_name\": \"Administer\",\n                \"enabled\": True,\n                \"id\": \"00000000-0000-0000-0000-000000000000\",\n                \"type\": \"Admin\",\n                \"value\": \"administer\",\n            },\n            {\n                \"admin_consent_description\": \"Access the application\",\n                \"admin_consent_display_name\": \"Access\",\n                \"enabled\": True,\n                \"id\": \"11111111-1111-1111-1111-111111111111\",\n                \"type\": \"User\",\n                \"user_consent_description\": \"Access the application\",\n                \"user_consent_display_name\": \"Access\",\n                \"value\": \"user_impersonation\",\n            },\n        ],\n    })\nexample = azuread.ApplicationPreAuthorized(\"example\",\n    application_id=authorizer.id,\n    authorized_client_id=authorized.client_id,\n    permission_ids=[\n        \"00000000-0000-0000-0000-000000000000\",\n        \"11111111-1111-1111-1111-111111111111\",\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var authorized = new AzureAD.Index.ApplicationRegistration(\"authorized\", new()\n    {\n        DisplayName = \"example-authorized-app\",\n    });\n\n    var authorizer = new AzureAD.Index.Application(\"authorizer\", new()\n    {\n        DisplayName = \"example-authorizing-app\",\n        Api = new AzureAD.Inputs.ApplicationApiArgs\n        {\n            Oauth2PermissionScopes = new[]\n            {\n                new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs\n                {\n                    AdminConsentDescription = \"Administer the application\",\n                    AdminConsentDisplayName = \"Administer\",\n                    Enabled = true,\n                    Id = \"00000000-0000-0000-0000-000000000000\",\n                    Type = \"Admin\",\n                    Value = \"administer\",\n                },\n                new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs\n                {\n                    AdminConsentDescription = \"Access the application\",\n                    AdminConsentDisplayName = \"Access\",\n                    Enabled = true,\n                    Id = \"11111111-1111-1111-1111-111111111111\",\n                    Type = \"User\",\n                    UserConsentDescription = \"Access the application\",\n                    UserConsentDisplayName = \"Access\",\n                    Value = \"user_impersonation\",\n                },\n            },\n        },\n    });\n\n    var example = new AzureAD.Index.ApplicationPreAuthorized(\"example\", new()\n    {\n        ApplicationId = authorizer.Id,\n        AuthorizedClientId = authorized.ClientId,\n        PermissionIds = new[]\n        {\n            \"00000000-0000-0000-0000-000000000000\",\n            \"11111111-1111-1111-1111-111111111111\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tauthorized, err := azuread.NewApplicationRegistration(ctx, \"authorized\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example-authorized-app\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauthorizer, err := azuread.NewApplication(ctx, \"authorizer\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example-authorizing-app\"),\n\t\t\tApi: \u0026azuread.ApplicationApiArgs{\n\t\t\t\tOauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{\n\t\t\t\t\t\u0026azuread.ApplicationApiOauth2PermissionScopeArgs{\n\t\t\t\t\t\tAdminConsentDescription: pulumi.String(\"Administer the application\"),\n\t\t\t\t\t\tAdminConsentDisplayName: pulumi.String(\"Administer\"),\n\t\t\t\t\t\tEnabled:                 pulumi.Bool(true),\n\t\t\t\t\t\tId:                      pulumi.String(\"00000000-0000-0000-0000-000000000000\"),\n\t\t\t\t\t\tType:                    pulumi.String(\"Admin\"),\n\t\t\t\t\t\tValue:                   pulumi.String(\"administer\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026azuread.ApplicationApiOauth2PermissionScopeArgs{\n\t\t\t\t\t\tAdminConsentDescription: pulumi.String(\"Access the application\"),\n\t\t\t\t\t\tAdminConsentDisplayName: pulumi.String(\"Access\"),\n\t\t\t\t\t\tEnabled:                 pulumi.Bool(true),\n\t\t\t\t\t\tId:                      pulumi.String(\"11111111-1111-1111-1111-111111111111\"),\n\t\t\t\t\t\tType:                    pulumi.String(\"User\"),\n\t\t\t\t\t\tUserConsentDescription:  pulumi.String(\"Access the application\"),\n\t\t\t\t\t\tUserConsentDisplayName:  pulumi.String(\"Access\"),\n\t\t\t\t\t\tValue:                   pulumi.String(\"user_impersonation\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationPreAuthorized(ctx, \"example\", \u0026azuread.ApplicationPreAuthorizedArgs{\n\t\t\tApplicationId:      authorizer.ID(),\n\t\t\tAuthorizedClientId: authorized.ClientId,\n\t\t\tPermissionIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"00000000-0000-0000-0000-000000000000\"),\n\t\t\t\tpulumi.String(\"11111111-1111-1111-1111-111111111111\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationApiArgs;\nimport com.pulumi.azuread.ApplicationPreAuthorized;\nimport com.pulumi.azuread.ApplicationPreAuthorizedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var authorized = new ApplicationRegistration(\"authorized\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example-authorized-app\")\n            .build());\n\n        var authorizer = new Application(\"authorizer\", ApplicationArgs.builder()\n            .displayName(\"example-authorizing-app\")\n            .api(ApplicationApiArgs.builder()\n                .oauth2PermissionScopes(                \n                    ApplicationApiOauth2PermissionScopeArgs.builder()\n                        .adminConsentDescription(\"Administer the application\")\n                        .adminConsentDisplayName(\"Administer\")\n                        .enabled(true)\n                        .id(\"00000000-0000-0000-0000-000000000000\")\n                        .type(\"Admin\")\n                        .value(\"administer\")\n                        .build(),\n                    ApplicationApiOauth2PermissionScopeArgs.builder()\n                        .adminConsentDescription(\"Access the application\")\n                        .adminConsentDisplayName(\"Access\")\n                        .enabled(true)\n                        .id(\"11111111-1111-1111-1111-111111111111\")\n                        .type(\"User\")\n                        .userConsentDescription(\"Access the application\")\n                        .userConsentDisplayName(\"Access\")\n                        .value(\"user_impersonation\")\n                        .build())\n                .build())\n            .build());\n\n        var example = new ApplicationPreAuthorized(\"example\", ApplicationPreAuthorizedArgs.builder()\n            .applicationId(authorizer.id())\n            .authorizedClientId(authorized.clientId())\n            .permissionIds(            \n                \"00000000-0000-0000-0000-000000000000\",\n                \"11111111-1111-1111-1111-111111111111\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  authorized:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example-authorized-app\n  authorizer:\n    type: azuread:Application\n    properties:\n      displayName: example-authorizing-app\n      api:\n        oauth2PermissionScopes:\n          - adminConsentDescription: Administer the application\n            adminConsentDisplayName: Administer\n            enabled: true\n            id: 00000000-0000-0000-0000-000000000000\n            type: Admin\n            value: administer\n          - adminConsentDescription: Access the application\n            adminConsentDisplayName: Access\n            enabled: true\n            id: 11111111-1111-1111-1111-111111111111\n            type: User\n            userConsentDescription: Access the application\n            userConsentDisplayName: Access\n            value: user_impersonation\n  example:\n    type: azuread:ApplicationPreAuthorized\n    properties:\n      applicationId: ${authorizer.id}\n      authorizedClientId: ${authorized.clientId}\n      permissionIds:\n        - 00000000-0000-0000-0000-000000000000\n        - 11111111-1111-1111-1111-111111111111\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPre-authorized applications can be imported using the object ID of the authorizing application and the application ID of the application being authorized, e.g.\n\n```sh\n$ pulumi import azuread:index/applicationPreAuthorized:ApplicationPreAuthorized example 00000000-0000-0000-0000-000000000000/preAuthorizedApplication/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the authorizing application's object ID, the string \"preAuthorizedApplication\" and the authorized application's application ID (client ID) in the format `{ObjectId}/preAuthorizedApplication/{ApplicationId}`.\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.\n"},"authorizedClientId":{"type":"string","description":"The client ID of the application being authorized. Changing this field forces a new resource to be created.\n"},"permissionIds":{"type":"array","items":{"type":"string"},"description":"A set of permission scope IDs required by the authorized application.\n"}},"required":["applicationId","authorizedClientId","permissionIds"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"authorizedClientId":{"type":"string","description":"The client ID of the application being authorized. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"permissionIds":{"type":"array","items":{"type":"string"},"description":"A set of permission scope IDs required by the authorized application.\n"}},"requiredInputs":["applicationId","authorizedClientId","permissionIds"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationPreAuthorized resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"authorizedClientId":{"type":"string","description":"The client ID of the application being authorized. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"permissionIds":{"type":"array","items":{"type":"string"},"description":"A set of permission scope IDs required by the authorized application.\n"}},"type":"object"}},"azuread:index/applicationRedirectUris:ApplicationRedirectUris":{"description":"Manages the redirect URIs for an application registration.\n\n\u003e This resource is incompatible with the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource, instead use this with the \u003cspan pulumi-lang-nodejs=\"`azuread.ApplicationRegistration`\" pulumi-lang-dotnet=\"`azuread.ApplicationRegistration`\" pulumi-lang-go=\"`ApplicationRegistration`\" pulumi-lang-python=\"`ApplicationRegistration`\" pulumi-lang-yaml=\"`azuread.ApplicationRegistration`\" pulumi-lang-java=\"`azuread.ApplicationRegistration`\"\u003e`azuread.ApplicationRegistration`\u003c/span\u003e resource.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {displayName: \"example\"});\nconst examplePublic = new azuread.ApplicationRedirectUris(\"example_public\", {\n    applicationId: example.id,\n    type: \"PublicClient\",\n    redirectUris: [\n        \"myapp://auth\",\n        \"sample.mobile.app.bundie.id://auth\",\n        \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n        \"https://login.live.com/oauth20_desktop.srf\",\n        \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n        \"urn:ietf:wg:oauth:2.0:foo\",\n    ],\n});\nconst exampleSpa = new azuread.ApplicationRedirectUris(\"example_spa\", {\n    applicationId: example.id,\n    type: \"SPA\",\n    redirectUris: [\n        \"https://mobile.example.com/\",\n        \"https://beta.example.com/\",\n    ],\n});\nconst exampleWeb = new azuread.ApplicationRedirectUris(\"example_web\", {\n    applicationId: example.id,\n    type: \"Web\",\n    redirectUris: [\n        \"https://app.example.com/\",\n        \"https://classic.example.com/\",\n        \"urn:ietf:wg:oauth:2.0:oob\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\", display_name=\"example\")\nexample_public = azuread.ApplicationRedirectUris(\"example_public\",\n    application_id=example.id,\n    type=\"PublicClient\",\n    redirect_uris=[\n        \"myapp://auth\",\n        \"sample.mobile.app.bundie.id://auth\",\n        \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n        \"https://login.live.com/oauth20_desktop.srf\",\n        \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n        \"urn:ietf:wg:oauth:2.0:foo\",\n    ])\nexample_spa = azuread.ApplicationRedirectUris(\"example_spa\",\n    application_id=example.id,\n    type=\"SPA\",\n    redirect_uris=[\n        \"https://mobile.example.com/\",\n        \"https://beta.example.com/\",\n    ])\nexample_web = azuread.ApplicationRedirectUris(\"example_web\",\n    application_id=example.id,\n    type=\"Web\",\n    redirect_uris=[\n        \"https://app.example.com/\",\n        \"https://classic.example.com/\",\n        \"urn:ietf:wg:oauth:2.0:oob\",\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var examplePublic = new AzureAD.Index.ApplicationRedirectUris(\"example_public\", new()\n    {\n        ApplicationId = example.Id,\n        Type = \"PublicClient\",\n        RedirectUris = new[]\n        {\n            \"myapp://auth\",\n            \"sample.mobile.app.bundie.id://auth\",\n            \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n            \"https://login.live.com/oauth20_desktop.srf\",\n            \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n            \"urn:ietf:wg:oauth:2.0:foo\",\n        },\n    });\n\n    var exampleSpa = new AzureAD.Index.ApplicationRedirectUris(\"example_spa\", new()\n    {\n        ApplicationId = example.Id,\n        Type = \"SPA\",\n        RedirectUris = new[]\n        {\n            \"https://mobile.example.com/\",\n            \"https://beta.example.com/\",\n        },\n    });\n\n    var exampleWeb = new AzureAD.Index.ApplicationRedirectUris(\"example_web\", new()\n    {\n        ApplicationId = example.Id,\n        Type = \"Web\",\n        RedirectUris = new[]\n        {\n            \"https://app.example.com/\",\n            \"https://classic.example.com/\",\n            \"urn:ietf:wg:oauth:2.0:oob\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_public\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType:          pulumi.String(\"PublicClient\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"myapp://auth\"),\n\t\t\t\tpulumi.String(\"sample.mobile.app.bundie.id://auth\"),\n\t\t\t\tpulumi.String(\"https://login.microsoftonline.com/common/oauth2/nativeclient\"),\n\t\t\t\tpulumi.String(\"https://login.live.com/oauth20_desktop.srf\"),\n\t\t\t\tpulumi.String(\"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\"),\n\t\t\t\tpulumi.String(\"urn:ietf:wg:oauth:2.0:foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_spa\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType:          pulumi.String(\"SPA\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://mobile.example.com/\"),\n\t\t\t\tpulumi.String(\"https://beta.example.com/\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplicationRedirectUris(ctx, \"example_web\", \u0026azuread.ApplicationRedirectUrisArgs{\n\t\t\tApplicationId: example.ID(),\n\t\t\tType:          pulumi.String(\"Web\"),\n\t\t\tRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"https://app.example.com/\"),\n\t\t\t\tpulumi.String(\"https://classic.example.com/\"),\n\t\t\t\tpulumi.String(\"urn:ietf:wg:oauth:2.0:oob\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport com.pulumi.azuread.ApplicationRedirectUris;\nimport com.pulumi.azuread.ApplicationRedirectUrisArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var examplePublic = new ApplicationRedirectUris(\"examplePublic\", ApplicationRedirectUrisArgs.builder()\n            .applicationId(example.id())\n            .type(\"PublicClient\")\n            .redirectUris(            \n                \"myapp://auth\",\n                \"sample.mobile.app.bundie.id://auth\",\n                \"https://login.microsoftonline.com/common/oauth2/nativeclient\",\n                \"https://login.live.com/oauth20_desktop.srf\",\n                \"ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\",\n                \"urn:ietf:wg:oauth:2.0:foo\")\n            .build());\n\n        var exampleSpa = new ApplicationRedirectUris(\"exampleSpa\", ApplicationRedirectUrisArgs.builder()\n            .applicationId(example.id())\n            .type(\"SPA\")\n            .redirectUris(            \n                \"https://mobile.example.com/\",\n                \"https://beta.example.com/\")\n            .build());\n\n        var exampleWeb = new ApplicationRedirectUris(\"exampleWeb\", ApplicationRedirectUrisArgs.builder()\n            .applicationId(example.id())\n            .type(\"Web\")\n            .redirectUris(            \n                \"https://app.example.com/\",\n                \"https://classic.example.com/\",\n                \"urn:ietf:wg:oauth:2.0:oob\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: example\n  examplePublic:\n    type: azuread:ApplicationRedirectUris\n    name: example_public\n    properties:\n      applicationId: ${example.id}\n      type: PublicClient\n      redirectUris:\n        - myapp://auth\n        - sample.mobile.app.bundie.id://auth\n        - https://login.microsoftonline.com/common/oauth2/nativeclient\n        - https://login.live.com/oauth20_desktop.srf\n        - ms-appx-web://Microsoft.AAD.BrokerPlugin/00000000-1111-1111-1111-222222222222\n        - urn:ietf:wg:oauth:2.0:foo\n  exampleSpa:\n    type: azuread:ApplicationRedirectUris\n    name: example_spa\n    properties:\n      applicationId: ${example.id}\n      type: SPA\n      redirectUris:\n        - https://mobile.example.com/\n        - https://beta.example.com/\n  exampleWeb:\n    type: azuread:ApplicationRedirectUris\n    name: example_web\n    properties:\n      applicationId: ${example.id}\n      type: Web\n      redirectUris:\n        - https://app.example.com/\n        - https://classic.example.com/\n        - urn:ietf:wg:oauth:2.0:oob\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication API Access can be imported using the object ID of the application and the URI type, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationRedirectUris:ApplicationRedirectUris example /applications/00000000-0000-0000-0000-000000000000/redirectUris/Web\n```\n\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n"},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A set of redirect URIs to assign to the application.\n"},"type":{"type":"string","description":"The type of redirect URIs to manage. Must be one of: `PublicClient`, `SPA`, or `Web`. Changing this forces a new resource to be created.\n"}},"required":["applicationId","redirectUris","type"],"inputProperties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A set of redirect URIs to assign to the application.\n"},"type":{"type":"string","description":"The type of redirect URIs to manage. Must be one of: `PublicClient`, `SPA`, or `Web`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["applicationId","redirectUris","type"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationRedirectUris resources.\n","properties":{"applicationId":{"type":"string","description":"The resource ID of the application registration. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A set of redirect URIs to assign to the application.\n"},"type":{"type":"string","description":"The type of redirect URIs to manage. Must be one of: `PublicClient`, `SPA`, or `Web`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/applicationRegistration:ApplicationRegistration":{"description":"Manages an application registration within Azure Active Directory.\n\nFor a more comprehensive alternative, please see the\u003cspan pulumi-lang-nodejs=\" azuread.Application \" pulumi-lang-dotnet=\" azuread.Application \" pulumi-lang-go=\" Application \" pulumi-lang-python=\" Application \" pulumi-lang-yaml=\" azuread.Application \" pulumi-lang-java=\" azuread.Application \"\u003e azuread.Application \u003c/span\u003eresource. Please note that this resource should not be used together with the \u003cspan pulumi-lang-nodejs=\"`azuread.Application`\" pulumi-lang-dotnet=\"`azuread.Application`\" pulumi-lang-go=\"`Application`\" pulumi-lang-python=\"`Application`\" pulumi-lang-yaml=\"`azuread.Application`\" pulumi-lang-java=\"`azuread.Application`\"\u003e`azuread.Application`\u003c/span\u003e resource when managing the same application.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ApplicationRegistration(\"example\", {\n    displayName: \"Example Application\",\n    description: \"My example application\",\n    signInAudience: \"AzureADMyOrg\",\n    homepageUrl: \"https://app.example.com/\",\n    logoutUrl: \"https://app.example.com/logout\",\n    marketingUrl: \"https://example.com/\",\n    privacyStatementUrl: \"https://example.com/privacy\",\n    supportUrl: \"https://support.example.com/\",\n    termsOfServiceUrl: \"https://example.com/terms\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ApplicationRegistration(\"example\",\n    display_name=\"Example Application\",\n    description=\"My example application\",\n    sign_in_audience=\"AzureADMyOrg\",\n    homepage_url=\"https://app.example.com/\",\n    logout_url=\"https://app.example.com/logout\",\n    marketing_url=\"https://example.com/\",\n    privacy_statement_url=\"https://example.com/privacy\",\n    support_url=\"https://support.example.com/\",\n    terms_of_service_url=\"https://example.com/terms\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ApplicationRegistration(\"example\", new()\n    {\n        DisplayName = \"Example Application\",\n        Description = \"My example application\",\n        SignInAudience = \"AzureADMyOrg\",\n        HomepageUrl = \"https://app.example.com/\",\n        LogoutUrl = \"https://app.example.com/logout\",\n        MarketingUrl = \"https://example.com/\",\n        PrivacyStatementUrl = \"https://example.com/privacy\",\n        SupportUrl = \"https://support.example.com/\",\n        TermsOfServiceUrl = \"https://example.com/terms\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewApplicationRegistration(ctx, \"example\", \u0026azuread.ApplicationRegistrationArgs{\n\t\t\tDisplayName:         pulumi.String(\"Example Application\"),\n\t\t\tDescription:         pulumi.String(\"My example application\"),\n\t\t\tSignInAudience:      pulumi.String(\"AzureADMyOrg\"),\n\t\t\tHomepageUrl:         pulumi.String(\"https://app.example.com/\"),\n\t\t\tLogoutUrl:           pulumi.String(\"https://app.example.com/logout\"),\n\t\t\tMarketingUrl:        pulumi.String(\"https://example.com/\"),\n\t\t\tPrivacyStatementUrl: pulumi.String(\"https://example.com/privacy\"),\n\t\t\tSupportUrl:          pulumi.String(\"https://support.example.com/\"),\n\t\t\tTermsOfServiceUrl:   pulumi.String(\"https://example.com/terms\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ApplicationRegistration;\nimport com.pulumi.azuread.ApplicationRegistrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ApplicationRegistration(\"example\", ApplicationRegistrationArgs.builder()\n            .displayName(\"Example Application\")\n            .description(\"My example application\")\n            .signInAudience(\"AzureADMyOrg\")\n            .homepageUrl(\"https://app.example.com/\")\n            .logoutUrl(\"https://app.example.com/logout\")\n            .marketingUrl(\"https://example.com/\")\n            .privacyStatementUrl(\"https://example.com/privacy\")\n            .supportUrl(\"https://support.example.com/\")\n            .termsOfServiceUrl(\"https://example.com/terms\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ApplicationRegistration\n    properties:\n      displayName: Example Application\n      description: My example application\n      signInAudience: AzureADMyOrg\n      homepageUrl: https://app.example.com/\n      logoutUrl: https://app.example.com/logout\n      marketingUrl: https://example.com/\n      privacyStatementUrl: https://example.com/privacy\n      supportUrl: https://support.example.com/\n      termsOfServiceUrl: https://example.com/terms\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nApplication Registrations can be imported using the object ID of the application, in the following format.\n\n```sh\n$ pulumi import azuread:index/applicationRegistration:ApplicationRegistration example /applications/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"clientId":{"type":"string","description":"The Client ID for the application, which is globally unique.\n"},"description":{"type":"string","description":"A description of the application, as shown to end users.\n"},"disabledByMicrosoft":{"type":"string","description":"Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"groupMembershipClaims":{"type":"array","items":{"type":"string"},"description":"Configures the \u003cspan pulumi-lang-nodejs=\"`groups`\" pulumi-lang-dotnet=\"`Groups`\" pulumi-lang-go=\"`groups`\" pulumi-lang-python=\"`groups`\" pulumi-lang-yaml=\"`groups`\" pulumi-lang-java=\"`groups`\"\u003e`groups`\u003c/span\u003e claim issued in a user or OAuth access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n"},"homepageUrl":{"type":"string","description":"Home page or landing page of the application.\n"},"implicitAccessTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an access token using OAuth implicit flow.\n"},"implicitIdTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an ID token using OAuth implicit flow.\n"},"logoutUrl":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.\n"},"marketingUrl":{"type":"string","description":"URL of the marketing page for the application.\n"},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application.\n"},"objectId":{"type":"string","description":"The object ID of the application within the tenant.\n"},"privacyStatementUrl":{"type":"string","description":"URL of the privacy statement for the application.\n"},"publisherDomain":{"type":"string","description":"The verified publisher domain for the application.\n"},"requestedAccessTokenVersion":{"type":"integer","description":"The access token version expected by this resource. Must be one of \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e, and must be \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e when \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e.\n"},"serviceManagementReference":{"type":"string","description":"References application context information from a Service or Asset Management database.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.\n"},"supportUrl":{"type":"string","description":"URL of the support page for the application.\n"},"termsOfServiceUrl":{"type":"string","description":"URL of the terms of service statement for the application.\n"}},"required":["clientId","disabledByMicrosoft","displayName","objectId","publisherDomain"],"inputProperties":{"description":{"type":"string","description":"A description of the application, as shown to end users.\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"groupMembershipClaims":{"type":"array","items":{"type":"string"},"description":"Configures the \u003cspan pulumi-lang-nodejs=\"`groups`\" pulumi-lang-dotnet=\"`Groups`\" pulumi-lang-go=\"`groups`\" pulumi-lang-python=\"`groups`\" pulumi-lang-yaml=\"`groups`\" pulumi-lang-java=\"`groups`\"\u003e`groups`\u003c/span\u003e claim issued in a user or OAuth access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n"},"homepageUrl":{"type":"string","description":"Home page or landing page of the application.\n"},"implicitAccessTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an access token using OAuth implicit flow.\n"},"implicitIdTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an ID token using OAuth implicit flow.\n"},"logoutUrl":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.\n"},"marketingUrl":{"type":"string","description":"URL of the marketing page for the application.\n"},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application.\n"},"privacyStatementUrl":{"type":"string","description":"URL of the privacy statement for the application.\n"},"requestedAccessTokenVersion":{"type":"integer","description":"The access token version expected by this resource. Must be one of \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e, and must be \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e when \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e.\n"},"serviceManagementReference":{"type":"string","description":"References application context information from a Service or Asset Management database.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.\n"},"supportUrl":{"type":"string","description":"URL of the support page for the application.\n"},"termsOfServiceUrl":{"type":"string","description":"URL of the terms of service statement for the application.\n"}},"requiredInputs":["displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering ApplicationRegistration resources.\n","properties":{"clientId":{"type":"string","description":"The Client ID for the application, which is globally unique.\n"},"description":{"type":"string","description":"A description of the application, as shown to end users.\n"},"disabledByMicrosoft":{"type":"string","description":"Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`\n"},"displayName":{"type":"string","description":"The display name for the application.\n"},"groupMembershipClaims":{"type":"array","items":{"type":"string"},"description":"Configures the \u003cspan pulumi-lang-nodejs=\"`groups`\" pulumi-lang-dotnet=\"`Groups`\" pulumi-lang-go=\"`groups`\" pulumi-lang-python=\"`groups`\" pulumi-lang-yaml=\"`groups`\" pulumi-lang-java=\"`groups`\"\u003e`groups`\u003c/span\u003e claim issued in a user or OAuth access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n"},"homepageUrl":{"type":"string","description":"Home page or landing page of the application.\n"},"implicitAccessTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an access token using OAuth implicit flow.\n"},"implicitIdTokenIssuanceEnabled":{"type":"boolean","description":"Whether this web application can request an ID token using OAuth implicit flow.\n"},"logoutUrl":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols.\n"},"marketingUrl":{"type":"string","description":"URL of the marketing page for the application.\n"},"notes":{"type":"string","description":"User-specified notes relevant for the management of the application.\n"},"objectId":{"type":"string","description":"The object ID of the application within the tenant.\n"},"privacyStatementUrl":{"type":"string","description":"URL of the privacy statement for the application.\n"},"publisherDomain":{"type":"string","description":"The verified publisher domain for the application.\n"},"requestedAccessTokenVersion":{"type":"integer","description":"The access token version expected by this resource. Must be one of \u003cspan pulumi-lang-nodejs=\"`1`\" pulumi-lang-dotnet=\"`1`\" pulumi-lang-go=\"`1`\" pulumi-lang-python=\"`1`\" pulumi-lang-yaml=\"`1`\" pulumi-lang-java=\"`1`\"\u003e`1`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e, and must be \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e when \u003cspan pulumi-lang-nodejs=\"`signInAudience`\" pulumi-lang-dotnet=\"`SignInAudience`\" pulumi-lang-go=\"`signInAudience`\" pulumi-lang-python=\"`sign_in_audience`\" pulumi-lang-yaml=\"`signInAudience`\" pulumi-lang-java=\"`signInAudience`\"\u003e`signInAudience`\u003c/span\u003e is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to \u003cspan pulumi-lang-nodejs=\"`2`\" pulumi-lang-dotnet=\"`2`\" pulumi-lang-go=\"`2`\" pulumi-lang-python=\"`2`\" pulumi-lang-yaml=\"`2`\" pulumi-lang-java=\"`2`\"\u003e`2`\u003c/span\u003e.\n"},"serviceManagementReference":{"type":"string","description":"References application context information from a Service or Asset Management database.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.\n"},"supportUrl":{"type":"string","description":"URL of the support page for the application.\n"},"termsOfServiceUrl":{"type":"string","description":"URL of the terms of service statement for the application.\n"}},"type":"object"}},"azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy":{"description":"Manages a Authentication Strength Policy within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.AuthenticationStrengthPolicy(\"example\", {\n    displayName: \"Example Authentication Strength Policy\",\n    description: \"Policy for demo purposes\",\n    allowedCombinations: [\n        \"fido2\",\n        \"password\",\n    ],\n});\nconst example2 = new azuread.AuthenticationStrengthPolicy(\"example2\", {\n    displayName: \"Example Authentication Strength Policy\",\n    description: \"Policy for demo purposes with all possible combinations\",\n    allowedCombinations: [\n        \"fido2\",\n        \"password\",\n        \"deviceBasedPush\",\n        \"temporaryAccessPassOneTime\",\n        \"federatedMultiFactor\",\n        \"federatedSingleFactor\",\n        \"hardwareOath,federatedSingleFactor\",\n        \"microsoftAuthenticatorPush,federatedSingleFactor\",\n        \"password,hardwareOath\",\n        \"password,microsoftAuthenticatorPush\",\n        \"password,sms\",\n        \"password,softwareOath\",\n        \"password,voice\",\n        \"sms\",\n        \"sms,federatedSingleFactor\",\n        \"softwareOath,federatedSingleFactor\",\n        \"temporaryAccessPassMultiUse\",\n        \"voice,federatedSingleFactor\",\n        \"windowsHelloForBusiness\",\n        \"x509CertificateMultiFactor\",\n        \"x509CertificateSingleFactor\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.AuthenticationStrengthPolicy(\"example\",\n    display_name=\"Example Authentication Strength Policy\",\n    description=\"Policy for demo purposes\",\n    allowed_combinations=[\n        \"fido2\",\n        \"password\",\n    ])\nexample2 = azuread.AuthenticationStrengthPolicy(\"example2\",\n    display_name=\"Example Authentication Strength Policy\",\n    description=\"Policy for demo purposes with all possible combinations\",\n    allowed_combinations=[\n        \"fido2\",\n        \"password\",\n        \"deviceBasedPush\",\n        \"temporaryAccessPassOneTime\",\n        \"federatedMultiFactor\",\n        \"federatedSingleFactor\",\n        \"hardwareOath,federatedSingleFactor\",\n        \"microsoftAuthenticatorPush,federatedSingleFactor\",\n        \"password,hardwareOath\",\n        \"password,microsoftAuthenticatorPush\",\n        \"password,sms\",\n        \"password,softwareOath\",\n        \"password,voice\",\n        \"sms\",\n        \"sms,federatedSingleFactor\",\n        \"softwareOath,federatedSingleFactor\",\n        \"temporaryAccessPassMultiUse\",\n        \"voice,federatedSingleFactor\",\n        \"windowsHelloForBusiness\",\n        \"x509CertificateMultiFactor\",\n        \"x509CertificateSingleFactor\",\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.AuthenticationStrengthPolicy(\"example\", new()\n    {\n        DisplayName = \"Example Authentication Strength Policy\",\n        Description = \"Policy for demo purposes\",\n        AllowedCombinations = new[]\n        {\n            \"fido2\",\n            \"password\",\n        },\n    });\n\n    var example2 = new AzureAD.Index.AuthenticationStrengthPolicy(\"example2\", new()\n    {\n        DisplayName = \"Example Authentication Strength Policy\",\n        Description = \"Policy for demo purposes with all possible combinations\",\n        AllowedCombinations = new[]\n        {\n            \"fido2\",\n            \"password\",\n            \"deviceBasedPush\",\n            \"temporaryAccessPassOneTime\",\n            \"federatedMultiFactor\",\n            \"federatedSingleFactor\",\n            \"hardwareOath,federatedSingleFactor\",\n            \"microsoftAuthenticatorPush,federatedSingleFactor\",\n            \"password,hardwareOath\",\n            \"password,microsoftAuthenticatorPush\",\n            \"password,sms\",\n            \"password,softwareOath\",\n            \"password,voice\",\n            \"sms\",\n            \"sms,federatedSingleFactor\",\n            \"softwareOath,federatedSingleFactor\",\n            \"temporaryAccessPassMultiUse\",\n            \"voice,federatedSingleFactor\",\n            \"windowsHelloForBusiness\",\n            \"x509CertificateMultiFactor\",\n            \"x509CertificateSingleFactor\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewAuthenticationStrengthPolicy(ctx, \"example\", \u0026azuread.AuthenticationStrengthPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Authentication Strength Policy\"),\n\t\t\tDescription: pulumi.String(\"Policy for demo purposes\"),\n\t\t\tAllowedCombinations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"fido2\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAuthenticationStrengthPolicy(ctx, \"example2\", \u0026azuread.AuthenticationStrengthPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"Example Authentication Strength Policy\"),\n\t\t\tDescription: pulumi.String(\"Policy for demo purposes with all possible combinations\"),\n\t\t\tAllowedCombinations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"fido2\"),\n\t\t\t\tpulumi.String(\"password\"),\n\t\t\t\tpulumi.String(\"deviceBasedPush\"),\n\t\t\t\tpulumi.String(\"temporaryAccessPassOneTime\"),\n\t\t\t\tpulumi.String(\"federatedMultiFactor\"),\n\t\t\t\tpulumi.String(\"federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"hardwareOath,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"microsoftAuthenticatorPush,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"password,hardwareOath\"),\n\t\t\t\tpulumi.String(\"password,microsoftAuthenticatorPush\"),\n\t\t\t\tpulumi.String(\"password,sms\"),\n\t\t\t\tpulumi.String(\"password,softwareOath\"),\n\t\t\t\tpulumi.String(\"password,voice\"),\n\t\t\t\tpulumi.String(\"sms\"),\n\t\t\t\tpulumi.String(\"sms,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"softwareOath,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"temporaryAccessPassMultiUse\"),\n\t\t\t\tpulumi.String(\"voice,federatedSingleFactor\"),\n\t\t\t\tpulumi.String(\"windowsHelloForBusiness\"),\n\t\t\t\tpulumi.String(\"x509CertificateMultiFactor\"),\n\t\t\t\tpulumi.String(\"x509CertificateSingleFactor\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AuthenticationStrengthPolicy;\nimport com.pulumi.azuread.AuthenticationStrengthPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new AuthenticationStrengthPolicy(\"example\", AuthenticationStrengthPolicyArgs.builder()\n            .displayName(\"Example Authentication Strength Policy\")\n            .description(\"Policy for demo purposes\")\n            .allowedCombinations(            \n                \"fido2\",\n                \"password\")\n            .build());\n\n        var example2 = new AuthenticationStrengthPolicy(\"example2\", AuthenticationStrengthPolicyArgs.builder()\n            .displayName(\"Example Authentication Strength Policy\")\n            .description(\"Policy for demo purposes with all possible combinations\")\n            .allowedCombinations(            \n                \"fido2\",\n                \"password\",\n                \"deviceBasedPush\",\n                \"temporaryAccessPassOneTime\",\n                \"federatedMultiFactor\",\n                \"federatedSingleFactor\",\n                \"hardwareOath,federatedSingleFactor\",\n                \"microsoftAuthenticatorPush,federatedSingleFactor\",\n                \"password,hardwareOath\",\n                \"password,microsoftAuthenticatorPush\",\n                \"password,sms\",\n                \"password,softwareOath\",\n                \"password,voice\",\n                \"sms\",\n                \"sms,federatedSingleFactor\",\n                \"softwareOath,federatedSingleFactor\",\n                \"temporaryAccessPassMultiUse\",\n                \"voice,federatedSingleFactor\",\n                \"windowsHelloForBusiness\",\n                \"x509CertificateMultiFactor\",\n                \"x509CertificateSingleFactor\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:AuthenticationStrengthPolicy\n    properties:\n      displayName: Example Authentication Strength Policy\n      description: Policy for demo purposes\n      allowedCombinations:\n        - fido2\n        - password\n  example2:\n    type: azuread:AuthenticationStrengthPolicy\n    properties:\n      displayName: Example Authentication Strength Policy\n      description: Policy for demo purposes with all possible combinations\n      allowedCombinations:\n        - fido2\n        - password\n        - deviceBasedPush\n        - temporaryAccessPassOneTime\n        - federatedMultiFactor\n        - federatedSingleFactor\n        - hardwareOath,federatedSingleFactor\n        - microsoftAuthenticatorPush,federatedSingleFactor\n        - password,hardwareOath\n        - password,microsoftAuthenticatorPush\n        - password,sms\n        - password,softwareOath\n        - password,voice\n        - sms\n        - sms,federatedSingleFactor\n        - softwareOath,federatedSingleFactor\n        - temporaryAccessPassMultiUse\n        - voice,federatedSingleFactor\n        - windowsHelloForBusiness\n        - x509CertificateMultiFactor\n        - x509CertificateSingleFactor\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication Strength Policies can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/authenticationStrengthPolicy:AuthenticationStrengthPolicy my_policy /policies/authenticationStrengthPolicies/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"allowedCombinations":{"type":"array","items":{"type":"string"},"description":"List of allowed authentication methods for this authentication strength policy.\n"},"description":{"type":"string","description":"The description for this authentication strength policy.\n"},"displayName":{"type":"string","description":"The friendly name for this authentication strength policy.\n"}},"required":["allowedCombinations","displayName"],"inputProperties":{"allowedCombinations":{"type":"array","items":{"type":"string"},"description":"List of allowed authentication methods for this authentication strength policy.\n"},"description":{"type":"string","description":"The description for this authentication strength policy.\n"},"displayName":{"type":"string","description":"The friendly name for this authentication strength policy.\n"}},"requiredInputs":["allowedCombinations","displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering AuthenticationStrengthPolicy resources.\n","properties":{"allowedCombinations":{"type":"array","items":{"type":"string"},"description":"List of allowed authentication methods for this authentication strength policy.\n"},"description":{"type":"string","description":"The description for this authentication strength policy.\n"},"displayName":{"type":"string","description":"The friendly name for this authentication strength policy.\n"}},"type":"object"}},"azuread:index/claimsMappingPolicy:ClaimsMappingPolicy":{"description":"Manages a Claims Mapping Policy within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ApplicationConfiguration` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst myPolicy = new azuread.ClaimsMappingPolicy(\"my_policy\", {\n    definitions: [JSON.stringify({\n        ClaimsMappingPolicy: {\n            ClaimsSchema: [\n                {\n                    ID: \"employeeid\",\n                    JwtClaimType: \"name\",\n                    SamlClaimType: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n                    Source: \"user\",\n                },\n                {\n                    ID: \"tenantcountry\",\n                    JwtClaimType: \"country\",\n                    SamlClaimType: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country\",\n                    Source: \"company\",\n                },\n            ],\n            IncludeBasicClaimSet: \"true\",\n            Version: 1,\n        },\n    })],\n    displayName: \"My Policy\",\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_azuread as azuread\n\nmy_policy = azuread.ClaimsMappingPolicy(\"my_policy\",\n    definitions=[json.dumps({\n        \"ClaimsMappingPolicy\": {\n            \"ClaimsSchema\": [\n                {\n                    \"ID\": \"employeeid\",\n                    \"JwtClaimType\": \"name\",\n                    \"SamlClaimType\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n                    \"Source\": \"user\",\n                },\n                {\n                    \"ID\": \"tenantcountry\",\n                    \"JwtClaimType\": \"country\",\n                    \"SamlClaimType\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country\",\n                    \"Source\": \"company\",\n                },\n            ],\n            \"IncludeBasicClaimSet\": \"true\",\n            \"Version\": 1,\n        },\n    })],\n    display_name=\"My Policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var myPolicy = new AzureAD.Index.ClaimsMappingPolicy(\"my_policy\", new()\n    {\n        Definitions = new[]\n        {\n            JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n            {\n                [\"ClaimsMappingPolicy\"] = new Dictionary\u003cstring, object?\u003e\n                {\n                    [\"ClaimsSchema\"] = new[]\n                    {\n                        new Dictionary\u003cstring, object?\u003e\n                        {\n                            [\"ID\"] = \"employeeid\",\n                            [\"JwtClaimType\"] = \"name\",\n                            [\"SamlClaimType\"] = \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n                            [\"Source\"] = \"user\",\n                        },\n                        new Dictionary\u003cstring, object?\u003e\n                        {\n                            [\"ID\"] = \"tenantcountry\",\n                            [\"JwtClaimType\"] = \"country\",\n                            [\"SamlClaimType\"] = \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country\",\n                            [\"Source\"] = \"company\",\n                        },\n                    },\n                    [\"IncludeBasicClaimSet\"] = \"true\",\n                    [\"Version\"] = 1,\n                },\n            }),\n        },\n        DisplayName = \"My Policy\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"ClaimsMappingPolicy\": map[string]interface{}{\n\t\t\t\t\"ClaimsSchema\": []map[string]interface{}{\n\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\"ID\":            \"employeeid\",\n\t\t\t\t\t\t\"JwtClaimType\":  \"name\",\n\t\t\t\t\t\t\"SamlClaimType\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\n\t\t\t\t\t\t\"Source\":        \"user\",\n\t\t\t\t\t},\n\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\"ID\":            \"tenantcountry\",\n\t\t\t\t\t\t\"JwtClaimType\":  \"country\",\n\t\t\t\t\t\t\"SamlClaimType\": \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country\",\n\t\t\t\t\t\t\"Source\":        \"company\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\"IncludeBasicClaimSet\": \"true\",\n\t\t\t\t\"Version\":              1,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = azuread.NewClaimsMappingPolicy(ctx, \"my_policy\", \u0026azuread.ClaimsMappingPolicyArgs{\n\t\t\tDefinitions: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(json0)),\n\t\t\t},\n\t\t\tDisplayName: pulumi.String(\"My Policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ClaimsMappingPolicy;\nimport com.pulumi.azuread.ClaimsMappingPolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var myPolicy = new ClaimsMappingPolicy(\"myPolicy\", ClaimsMappingPolicyArgs.builder()\n            .definitions(serializeJson(\n                jsonObject(\n                    jsonProperty(\"ClaimsMappingPolicy\", jsonObject(\n                        jsonProperty(\"ClaimsSchema\", jsonArray(\n                            jsonObject(\n                                jsonProperty(\"ID\", \"employeeid\"),\n                                jsonProperty(\"JwtClaimType\", \"name\"),\n                                jsonProperty(\"SamlClaimType\", \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\"),\n                                jsonProperty(\"Source\", \"user\")\n                            ), \n                            jsonObject(\n                                jsonProperty(\"ID\", \"tenantcountry\"),\n                                jsonProperty(\"JwtClaimType\", \"country\"),\n                                jsonProperty(\"SamlClaimType\", \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country\"),\n                                jsonProperty(\"Source\", \"company\")\n                            )\n                        )),\n                        jsonProperty(\"IncludeBasicClaimSet\", \"true\"),\n                        jsonProperty(\"Version\", 1)\n                    ))\n                )))\n            .displayName(\"My Policy\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  myPolicy:\n    type: azuread:ClaimsMappingPolicy\n    name: my_policy\n    properties:\n      definitions:\n        - fn::toJSON:\n            ClaimsMappingPolicy:\n              ClaimsSchema:\n                - ID: employeeid\n                  JwtClaimType: name\n                  SamlClaimType: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\n                  Source: user\n                - ID: tenantcountry\n                  JwtClaimType: country\n                  SamlClaimType: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country\n                  Source: company\n              IncludeBasicClaimSet: 'true'\n              Version: 1\n      displayName: My Policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClaims Mapping Policies can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/claimsMappingPolicy:ClaimsMappingPolicy my_policy /policies/claimsMappingPolicies/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"definitions":{"type":"array","items":{"type":"string"},"description":"The claims mapping policy. This is a JSON formatted string, for which the `jsonencode()` function can be used.\n"},"displayName":{"type":"string","description":"The display name for this Claims Mapping Policy.\n"}},"required":["definitions","displayName"],"inputProperties":{"definitions":{"type":"array","items":{"type":"string"},"description":"The claims mapping policy. This is a JSON formatted string, for which the `jsonencode()` function can be used.\n"},"displayName":{"type":"string","description":"The display name for this Claims Mapping Policy.\n"}},"requiredInputs":["definitions","displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering ClaimsMappingPolicy resources.\n","properties":{"definitions":{"type":"array","items":{"type":"string"},"description":"The claims mapping policy. This is a JSON formatted string, for which the `jsonencode()` function can be used.\n"},"displayName":{"type":"string","description":"The display name for this Claims Mapping Policy.\n"}},"type":"object"}},"azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy":{"description":"Manages a Conditional Access Policy within Azure Active Directory.\n\n\u003e **Licensing Requirements** Specifying \u003cspan pulumi-lang-nodejs=\"`clientApplications`\" pulumi-lang-dotnet=\"`ClientApplications`\" pulumi-lang-go=\"`clientApplications`\" pulumi-lang-python=\"`client_applications`\" pulumi-lang-yaml=\"`clientApplications`\" pulumi-lang-java=\"`clientApplications`\"\u003e`clientApplications`\u003c/span\u003e property requires the activation of Microsoft Entra on your tenant and the availability of sufficient Workload Identities Premium licences (one per service principal managed by a conditional access).\n\n\u003e **API Limits** This resource is subject to a restrictive API request limit of 1 request/second. Whilst Terraform will automatically back-off and retry throttled requests, if you have a large number of resource changes to make, you may wish to reduce parallelism or specify extended custom resource timeouts.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`\n\n## Example Usage\n\n### All users except guests or external users\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n    displayName: \"example policy\",\n    state: \"disabled\",\n    conditions: {\n        clientAppTypes: [\"all\"],\n        signInRiskLevels: [\"medium\"],\n        userRiskLevels: [\"medium\"],\n        applications: {\n            includedApplications: [\"All\"],\n            excludedApplications: [],\n        },\n        devices: {\n            filter: {\n                mode: \"exclude\",\n                rule: \"device.operatingSystem eq \\\"Doors\\\"\",\n            },\n        },\n        locations: {\n            includedLocations: [\"All\"],\n            excludedLocations: [\"AllTrusted\"],\n        },\n        platforms: {\n            includedPlatforms: [\"android\"],\n            excludedPlatforms: [\"iOS\"],\n        },\n        users: {\n            includedUsers: [\"All\"],\n            excludedUsers: [\"GuestsOrExternalUsers\"],\n        },\n    },\n    grantControls: {\n        operator: \"OR\",\n        builtInControls: [\"mfa\"],\n    },\n    sessionControls: {\n        applicationEnforcedRestrictionsEnabled: true,\n        disableResilienceDefaults: false,\n        signInFrequency: 10,\n        signInFrequencyPeriod: \"hours\",\n        cloudAppSecurityPolicy: \"monitorOnly\",\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.ConditionalAccessPolicy(\"example\",\n    display_name=\"example policy\",\n    state=\"disabled\",\n    conditions={\n        \"client_app_types\": [\"all\"],\n        \"sign_in_risk_levels\": [\"medium\"],\n        \"user_risk_levels\": [\"medium\"],\n        \"applications\": {\n            \"included_applications\": [\"All\"],\n            \"excluded_applications\": [],\n        },\n        \"devices\": {\n            \"filter\": {\n                \"mode\": \"exclude\",\n                \"rule\": \"device.operatingSystem eq \\\"Doors\\\"\",\n            },\n        },\n        \"locations\": {\n            \"included_locations\": [\"All\"],\n            \"excluded_locations\": [\"AllTrusted\"],\n        },\n        \"platforms\": {\n            \"included_platforms\": [\"android\"],\n            \"excluded_platforms\": [\"iOS\"],\n        },\n        \"users\": {\n            \"included_users\": [\"All\"],\n            \"excluded_users\": [\"GuestsOrExternalUsers\"],\n        },\n    },\n    grant_controls={\n        \"operator\": \"OR\",\n        \"built_in_controls\": [\"mfa\"],\n    },\n    session_controls={\n        \"application_enforced_restrictions_enabled\": True,\n        \"disable_resilience_defaults\": False,\n        \"sign_in_frequency\": 10,\n        \"sign_in_frequency_period\": \"hours\",\n        \"cloud_app_security_policy\": \"monitorOnly\",\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.ConditionalAccessPolicy(\"example\", new()\n    {\n        DisplayName = \"example policy\",\n        State = \"disabled\",\n        Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n        {\n            ClientAppTypes = new[]\n            {\n                \"all\",\n            },\n            SignInRiskLevels = new[]\n            {\n                \"medium\",\n            },\n            UserRiskLevels = new[]\n            {\n                \"medium\",\n            },\n            Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n            {\n                IncludedApplications = new[]\n                {\n                    \"All\",\n                },\n                ExcludedApplications = new() { },\n            },\n            Devices = new AzureAD.Inputs.ConditionalAccessPolicyConditionsDevicesArgs\n            {\n                Filter = new AzureAD.Inputs.ConditionalAccessPolicyConditionsDevicesFilterArgs\n                {\n                    Mode = \"exclude\",\n                    Rule = \"device.operatingSystem eq \\\"Doors\\\"\",\n                },\n            },\n            Locations = new AzureAD.Inputs.ConditionalAccessPolicyConditionsLocationsArgs\n            {\n                IncludedLocations = new[]\n                {\n                    \"All\",\n                },\n                ExcludedLocations = new[]\n                {\n                    \"AllTrusted\",\n                },\n            },\n            Platforms = new AzureAD.Inputs.ConditionalAccessPolicyConditionsPlatformsArgs\n            {\n                IncludedPlatforms = new[]\n                {\n                    \"android\",\n                },\n                ExcludedPlatforms = new[]\n                {\n                    \"iOS\",\n                },\n            },\n            Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n            {\n                IncludedUsers = new[]\n                {\n                    \"All\",\n                },\n                ExcludedUsers = new[]\n                {\n                    \"GuestsOrExternalUsers\",\n                },\n            },\n        },\n        GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n        {\n            Operator = \"OR\",\n            BuiltInControls = new[]\n            {\n                \"mfa\",\n            },\n        },\n        SessionControls = new AzureAD.Inputs.ConditionalAccessPolicySessionControlsArgs\n        {\n            ApplicationEnforcedRestrictionsEnabled = true,\n            DisableResilienceDefaults = false,\n            SignInFrequency = 10,\n            SignInFrequencyPeriod = \"hours\",\n            CloudAppSecurityPolicy = \"monitorOnly\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState:       pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tSignInRiskLevels: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"medium\"),\n\t\t\t\t},\n\t\t\t\tUserRiskLevels: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"medium\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedApplications: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t\tDevices: \u0026azuread.ConditionalAccessPolicyConditionsDevicesArgs{\n\t\t\t\t\tFilter: \u0026azuread.ConditionalAccessPolicyConditionsDevicesFilterArgs{\n\t\t\t\t\t\tMode: pulumi.String(\"exclude\"),\n\t\t\t\t\t\tRule: pulumi.String(\"device.operatingSystem eq \\\"Doors\\\"\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLocations: \u0026azuread.ConditionalAccessPolicyConditionsLocationsArgs{\n\t\t\t\t\tIncludedLocations: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedLocations: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"AllTrusted\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPlatforms: \u0026azuread.ConditionalAccessPolicyConditionsPlatformsArgs{\n\t\t\t\t\tIncludedPlatforms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"android\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedPlatforms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"iOS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"GuestsOrExternalUsers\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"mfa\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSessionControls: \u0026azuread.ConditionalAccessPolicySessionControlsArgs{\n\t\t\t\tApplicationEnforcedRestrictionsEnabled: pulumi.Bool(true),\n\t\t\t\tDisableResilienceDefaults:              pulumi.Bool(false),\n\t\t\t\tSignInFrequency:                        pulumi.Int(10),\n\t\t\t\tSignInFrequencyPeriod:                  pulumi.String(\"hours\"),\n\t\t\t\tCloudAppSecurityPolicy:                 pulumi.String(\"monitorOnly\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsDevicesArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsDevicesFilterArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsLocationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsPlatformsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicySessionControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n            .displayName(\"example policy\")\n            .state(\"disabled\")\n            .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n                .clientAppTypes(\"all\")\n                .signInRiskLevels(\"medium\")\n                .userRiskLevels(\"medium\")\n                .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n                    .includedApplications(\"All\")\n                    .excludedApplications()\n                    .build())\n                .devices(ConditionalAccessPolicyConditionsDevicesArgs.builder()\n                    .filter(ConditionalAccessPolicyConditionsDevicesFilterArgs.builder()\n                        .mode(\"exclude\")\n                        .rule(\"device.operatingSystem eq \\\"Doors\\\"\")\n                        .build())\n                    .build())\n                .locations(ConditionalAccessPolicyConditionsLocationsArgs.builder()\n                    .includedLocations(\"All\")\n                    .excludedLocations(\"AllTrusted\")\n                    .build())\n                .platforms(ConditionalAccessPolicyConditionsPlatformsArgs.builder()\n                    .includedPlatforms(\"android\")\n                    .excludedPlatforms(\"iOS\")\n                    .build())\n                .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n                    .includedUsers(\"All\")\n                    .excludedUsers(\"GuestsOrExternalUsers\")\n                    .build())\n                .build())\n            .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n                .operator(\"OR\")\n                .builtInControls(\"mfa\")\n                .build())\n            .sessionControls(ConditionalAccessPolicySessionControlsArgs.builder()\n                .applicationEnforcedRestrictionsEnabled(true)\n                .disableResilienceDefaults(false)\n                .signInFrequency(10)\n                .signInFrequencyPeriod(\"hours\")\n                .cloudAppSecurityPolicy(\"monitorOnly\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ConditionalAccessPolicy\n    properties:\n      displayName: example policy\n      state: disabled\n      conditions:\n        clientAppTypes:\n          - all\n        signInRiskLevels:\n          - medium\n        userRiskLevels:\n          - medium\n        applications:\n          includedApplications:\n            - All\n          excludedApplications: []\n        devices:\n          filter:\n            mode: exclude\n            rule: device.operatingSystem eq \"Doors\"\n        locations:\n          includedLocations:\n            - All\n          excludedLocations:\n            - AllTrusted\n        platforms:\n          includedPlatforms:\n            - android\n          excludedPlatforms:\n            - iOS\n        users:\n          includedUsers:\n            - All\n          excludedUsers:\n            - GuestsOrExternalUsers\n      grantControls:\n        operator: OR\n        builtInControls:\n          - mfa\n      sessionControls:\n        applicationEnforcedRestrictionsEnabled: true\n        disableResilienceDefaults: false\n        signInFrequency: 10\n        signInFrequencyPeriod: hours\n        cloudAppSecurityPolicy: monitorOnly\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Included client applications / service principals\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n    displayName: \"example policy\",\n    state: \"disabled\",\n    conditions: {\n        clientAppTypes: [\"all\"],\n        applications: {\n            includedApplications: [\"All\"],\n        },\n        clientApplications: {\n            includedServicePrincipals: [current.then(current =\u003e current.objectId)],\n            excludedServicePrincipals: [],\n        },\n        users: {\n            includedUsers: [\"None\"],\n        },\n    },\n    grantControls: {\n        operator: \"OR\",\n        builtInControls: [\"block\"],\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.ConditionalAccessPolicy(\"example\",\n    display_name=\"example policy\",\n    state=\"disabled\",\n    conditions={\n        \"client_app_types\": [\"all\"],\n        \"applications\": {\n            \"included_applications\": [\"All\"],\n        },\n        \"client_applications\": {\n            \"included_service_principals\": [current.object_id],\n            \"excluded_service_principals\": [],\n        },\n        \"users\": {\n            \"included_users\": [\"None\"],\n        },\n    },\n    grant_controls={\n        \"operator\": \"OR\",\n        \"built_in_controls\": [\"block\"],\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.ConditionalAccessPolicy(\"example\", new()\n    {\n        DisplayName = \"example policy\",\n        State = \"disabled\",\n        Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n        {\n            ClientAppTypes = new[]\n            {\n                \"all\",\n            },\n            Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n            {\n                IncludedApplications = new[]\n                {\n                    \"All\",\n                },\n            },\n            ClientApplications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs\n            {\n                IncludedServicePrincipals = new[]\n                {\n                    current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n                },\n                ExcludedServicePrincipals = new() { },\n            },\n            Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n            {\n                IncludedUsers = new[]\n                {\n                    \"None\",\n                },\n            },\n        },\n        GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n        {\n            Operator = \"OR\",\n            BuiltInControls = new[]\n            {\n                \"block\",\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState:       pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientApplications: \u0026azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs{\n\t\t\t\t\tIncludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedServicePrincipals: pulumi.StringArray{},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"None\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n            .displayName(\"example policy\")\n            .state(\"disabled\")\n            .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n                .clientAppTypes(\"all\")\n                .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n                    .includedApplications(\"All\")\n                    .build())\n                .clientApplications(ConditionalAccessPolicyConditionsClientApplicationsArgs.builder()\n                    .includedServicePrincipals(current.objectId())\n                    .excludedServicePrincipals()\n                    .build())\n                .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n                    .includedUsers(\"None\")\n                    .build())\n                .build())\n            .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n                .operator(\"OR\")\n                .builtInControls(\"block\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ConditionalAccessPolicy\n    properties:\n      displayName: example policy\n      state: disabled\n      conditions:\n        clientAppTypes:\n          - all\n        applications:\n          includedApplications:\n            - All\n        clientApplications:\n          includedServicePrincipals:\n            - ${current.objectId}\n          excludedServicePrincipals: []\n        users:\n          includedUsers:\n            - None\n      grantControls:\n        operator: OR\n        builtInControls:\n          - block\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Excluded client applications / service principals\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.ConditionalAccessPolicy(\"example\", {\n    displayName: \"example policy\",\n    state: \"disabled\",\n    conditions: {\n        clientAppTypes: [\"all\"],\n        applications: {\n            includedApplications: [\"All\"],\n        },\n        clientApplications: {\n            includedServicePrincipals: [\"ServicePrincipalsInMyTenant\"],\n            excludedServicePrincipals: [current.then(current =\u003e current.objectId)],\n        },\n        users: {\n            includedUsers: [\"None\"],\n        },\n    },\n    grantControls: {\n        operator: \"OR\",\n        builtInControls: [\"block\"],\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.ConditionalAccessPolicy(\"example\",\n    display_name=\"example policy\",\n    state=\"disabled\",\n    conditions={\n        \"client_app_types\": [\"all\"],\n        \"applications\": {\n            \"included_applications\": [\"All\"],\n        },\n        \"client_applications\": {\n            \"included_service_principals\": [\"ServicePrincipalsInMyTenant\"],\n            \"excluded_service_principals\": [current.object_id],\n        },\n        \"users\": {\n            \"included_users\": [\"None\"],\n        },\n    },\n    grant_controls={\n        \"operator\": \"OR\",\n        \"built_in_controls\": [\"block\"],\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.ConditionalAccessPolicy(\"example\", new()\n    {\n        DisplayName = \"example policy\",\n        State = \"disabled\",\n        Conditions = new AzureAD.Inputs.ConditionalAccessPolicyConditionsArgs\n        {\n            ClientAppTypes = new[]\n            {\n                \"all\",\n            },\n            Applications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsApplicationsArgs\n            {\n                IncludedApplications = new[]\n                {\n                    \"All\",\n                },\n            },\n            ClientApplications = new AzureAD.Inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs\n            {\n                IncludedServicePrincipals = new[]\n                {\n                    \"ServicePrincipalsInMyTenant\",\n                },\n                ExcludedServicePrincipals = new[]\n                {\n                    current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n                },\n            },\n            Users = new AzureAD.Inputs.ConditionalAccessPolicyConditionsUsersArgs\n            {\n                IncludedUsers = new[]\n                {\n                    \"None\",\n                },\n            },\n        },\n        GrantControls = new AzureAD.Inputs.ConditionalAccessPolicyGrantControlsArgs\n        {\n            Operator = \"OR\",\n            BuiltInControls = new[]\n            {\n                \"block\",\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewConditionalAccessPolicy(ctx, \"example\", \u0026azuread.ConditionalAccessPolicyArgs{\n\t\t\tDisplayName: pulumi.String(\"example policy\"),\n\t\t\tState:       pulumi.String(\"disabled\"),\n\t\t\tConditions: \u0026azuread.ConditionalAccessPolicyConditionsArgs{\n\t\t\t\tClientAppTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t},\n\t\t\t\tApplications: \u0026azuread.ConditionalAccessPolicyConditionsApplicationsArgs{\n\t\t\t\t\tIncludedApplications: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tClientApplications: \u0026azuread.ConditionalAccessPolicyConditionsClientApplicationsArgs{\n\t\t\t\t\tIncludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ServicePrincipalsInMyTenant\"),\n\t\t\t\t\t},\n\t\t\t\t\tExcludedServicePrincipals: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUsers: \u0026azuread.ConditionalAccessPolicyConditionsUsersArgs{\n\t\t\t\t\tIncludedUsers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"None\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGrantControls: \u0026azuread.ConditionalAccessPolicyGrantControlsArgs{\n\t\t\t\tOperator: pulumi.String(\"OR\"),\n\t\t\t\tBuiltInControls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"block\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ConditionalAccessPolicy;\nimport com.pulumi.azuread.ConditionalAccessPolicyArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsClientApplicationsArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyConditionsUsersArgs;\nimport com.pulumi.azuread.inputs.ConditionalAccessPolicyGrantControlsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new ConditionalAccessPolicy(\"example\", ConditionalAccessPolicyArgs.builder()\n            .displayName(\"example policy\")\n            .state(\"disabled\")\n            .conditions(ConditionalAccessPolicyConditionsArgs.builder()\n                .clientAppTypes(\"all\")\n                .applications(ConditionalAccessPolicyConditionsApplicationsArgs.builder()\n                    .includedApplications(\"All\")\n                    .build())\n                .clientApplications(ConditionalAccessPolicyConditionsClientApplicationsArgs.builder()\n                    .includedServicePrincipals(\"ServicePrincipalsInMyTenant\")\n                    .excludedServicePrincipals(current.objectId())\n                    .build())\n                .users(ConditionalAccessPolicyConditionsUsersArgs.builder()\n                    .includedUsers(\"None\")\n                    .build())\n                .build())\n            .grantControls(ConditionalAccessPolicyGrantControlsArgs.builder()\n                .operator(\"OR\")\n                .builtInControls(\"block\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:ConditionalAccessPolicy\n    properties:\n      displayName: example policy\n      state: disabled\n      conditions:\n        clientAppTypes:\n          - all\n        applications:\n          includedApplications:\n            - All\n        clientApplications:\n          includedServicePrincipals:\n            - ServicePrincipalsInMyTenant\n          excludedServicePrincipals:\n            - ${current.objectId}\n        users:\n          includedUsers:\n            - None\n      grantControls:\n        operator: OR\n        builtInControls:\n          - block\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConditional Access Policies can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/conditionalAccessPolicy:ConditionalAccessPolicy my_location /identity/conditionalAccess/policies/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"conditions":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditions:ConditionalAccessPolicyConditions","description":"A \u003cspan pulumi-lang-nodejs=\"`conditions`\" pulumi-lang-dotnet=\"`Conditions`\" pulumi-lang-go=\"`conditions`\" pulumi-lang-python=\"`conditions`\" pulumi-lang-yaml=\"`conditions`\" pulumi-lang-java=\"`conditions`\"\u003e`conditions`\u003c/span\u003e block as documented below, which specifies the rules that must be met for the policy to apply.\n"},"displayName":{"type":"string","description":"The friendly name for this Conditional Access Policy.\n"},"grantControls":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyGrantControls:ConditionalAccessPolicyGrantControls","description":"A \u003cspan pulumi-lang-nodejs=\"`grantControls`\" pulumi-lang-dotnet=\"`GrantControls`\" pulumi-lang-go=\"`grantControls`\" pulumi-lang-python=\"`grant_controls`\" pulumi-lang-yaml=\"`grantControls`\" pulumi-lang-java=\"`grantControls`\"\u003e`grantControls`\u003c/span\u003e block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.\n"},"objectId":{"type":"string","description":"The object ID of the policy"},"sessionControls":{"$ref":"#/types/azuread:index/ConditionalAccessPolicySessionControls:ConditionalAccessPolicySessionControls","description":"A \u003cspan pulumi-lang-nodejs=\"`sessionControls`\" pulumi-lang-dotnet=\"`SessionControls`\" pulumi-lang-go=\"`sessionControls`\" pulumi-lang-python=\"`session_controls`\" pulumi-lang-yaml=\"`sessionControls`\" pulumi-lang-java=\"`sessionControls`\"\u003e`sessionControls`\u003c/span\u003e block as documented below, which specifies the session controls that are enforced after sign-in.\n\n\u003e Note: At least one of \u003cspan pulumi-lang-nodejs=\"`grantControls`\" pulumi-lang-dotnet=\"`GrantControls`\" pulumi-lang-go=\"`grantControls`\" pulumi-lang-python=\"`grant_controls`\" pulumi-lang-yaml=\"`grantControls`\" pulumi-lang-java=\"`grantControls`\"\u003e`grantControls`\u003c/span\u003e and/or \u003cspan pulumi-lang-nodejs=\"`sessionControls`\" pulumi-lang-dotnet=\"`SessionControls`\" pulumi-lang-go=\"`sessionControls`\" pulumi-lang-python=\"`session_controls`\" pulumi-lang-yaml=\"`sessionControls`\" pulumi-lang-java=\"`sessionControls`\"\u003e`sessionControls`\u003c/span\u003e blocks must be specified.\n"},"state":{"type":"string","description":"Specifies the state of the policy object. Possible values are: \u003cspan pulumi-lang-nodejs=\"`enabled`\" pulumi-lang-dotnet=\"`Enabled`\" pulumi-lang-go=\"`enabled`\" pulumi-lang-python=\"`enabled`\" pulumi-lang-yaml=\"`enabled`\" pulumi-lang-java=\"`enabled`\"\u003e`enabled`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`disabled`\" pulumi-lang-dotnet=\"`Disabled`\" pulumi-lang-go=\"`disabled`\" pulumi-lang-python=\"`disabled`\" pulumi-lang-yaml=\"`disabled`\" pulumi-lang-java=\"`disabled`\"\u003e`disabled`\u003c/span\u003e and `enabledForReportingButNotEnforced`\n"}},"required":["conditions","displayName","objectId","state"],"inputProperties":{"conditions":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditions:ConditionalAccessPolicyConditions","description":"A \u003cspan pulumi-lang-nodejs=\"`conditions`\" pulumi-lang-dotnet=\"`Conditions`\" pulumi-lang-go=\"`conditions`\" pulumi-lang-python=\"`conditions`\" pulumi-lang-yaml=\"`conditions`\" pulumi-lang-java=\"`conditions`\"\u003e`conditions`\u003c/span\u003e block as documented below, which specifies the rules that must be met for the policy to apply.\n"},"displayName":{"type":"string","description":"The friendly name for this Conditional Access Policy.\n"},"grantControls":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyGrantControls:ConditionalAccessPolicyGrantControls","description":"A \u003cspan pulumi-lang-nodejs=\"`grantControls`\" pulumi-lang-dotnet=\"`GrantControls`\" pulumi-lang-go=\"`grantControls`\" pulumi-lang-python=\"`grant_controls`\" pulumi-lang-yaml=\"`grantControls`\" pulumi-lang-java=\"`grantControls`\"\u003e`grantControls`\u003c/span\u003e block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.\n"},"sessionControls":{"$ref":"#/types/azuread:index/ConditionalAccessPolicySessionControls:ConditionalAccessPolicySessionControls","description":"A \u003cspan pulumi-lang-nodejs=\"`sessionControls`\" pulumi-lang-dotnet=\"`SessionControls`\" pulumi-lang-go=\"`sessionControls`\" pulumi-lang-python=\"`session_controls`\" pulumi-lang-yaml=\"`sessionControls`\" pulumi-lang-java=\"`sessionControls`\"\u003e`sessionControls`\u003c/span\u003e block as documented below, which specifies the session controls that are enforced after sign-in.\n\n\u003e Note: At least one of \u003cspan pulumi-lang-nodejs=\"`grantControls`\" pulumi-lang-dotnet=\"`GrantControls`\" pulumi-lang-go=\"`grantControls`\" pulumi-lang-python=\"`grant_controls`\" pulumi-lang-yaml=\"`grantControls`\" pulumi-lang-java=\"`grantControls`\"\u003e`grantControls`\u003c/span\u003e and/or \u003cspan pulumi-lang-nodejs=\"`sessionControls`\" pulumi-lang-dotnet=\"`SessionControls`\" pulumi-lang-go=\"`sessionControls`\" pulumi-lang-python=\"`session_controls`\" pulumi-lang-yaml=\"`sessionControls`\" pulumi-lang-java=\"`sessionControls`\"\u003e`sessionControls`\u003c/span\u003e blocks must be specified.\n"},"state":{"type":"string","description":"Specifies the state of the policy object. Possible values are: \u003cspan pulumi-lang-nodejs=\"`enabled`\" pulumi-lang-dotnet=\"`Enabled`\" pulumi-lang-go=\"`enabled`\" pulumi-lang-python=\"`enabled`\" pulumi-lang-yaml=\"`enabled`\" pulumi-lang-java=\"`enabled`\"\u003e`enabled`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`disabled`\" pulumi-lang-dotnet=\"`Disabled`\" pulumi-lang-go=\"`disabled`\" pulumi-lang-python=\"`disabled`\" pulumi-lang-yaml=\"`disabled`\" pulumi-lang-java=\"`disabled`\"\u003e`disabled`\u003c/span\u003e and `enabledForReportingButNotEnforced`\n"}},"requiredInputs":["conditions","displayName","state"],"stateInputs":{"description":"Input properties used for looking up and filtering ConditionalAccessPolicy resources.\n","properties":{"conditions":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyConditions:ConditionalAccessPolicyConditions","description":"A \u003cspan pulumi-lang-nodejs=\"`conditions`\" pulumi-lang-dotnet=\"`Conditions`\" pulumi-lang-go=\"`conditions`\" pulumi-lang-python=\"`conditions`\" pulumi-lang-yaml=\"`conditions`\" pulumi-lang-java=\"`conditions`\"\u003e`conditions`\u003c/span\u003e block as documented below, which specifies the rules that must be met for the policy to apply.\n"},"displayName":{"type":"string","description":"The friendly name for this Conditional Access Policy.\n"},"grantControls":{"$ref":"#/types/azuread:index/ConditionalAccessPolicyGrantControls:ConditionalAccessPolicyGrantControls","description":"A \u003cspan pulumi-lang-nodejs=\"`grantControls`\" pulumi-lang-dotnet=\"`GrantControls`\" pulumi-lang-go=\"`grantControls`\" pulumi-lang-python=\"`grant_controls`\" pulumi-lang-yaml=\"`grantControls`\" pulumi-lang-java=\"`grantControls`\"\u003e`grantControls`\u003c/span\u003e block as documented below, which specifies the grant controls that must be fulfilled to pass the policy.\n"},"objectId":{"type":"string","description":"The object ID of the policy"},"sessionControls":{"$ref":"#/types/azuread:index/ConditionalAccessPolicySessionControls:ConditionalAccessPolicySessionControls","description":"A \u003cspan pulumi-lang-nodejs=\"`sessionControls`\" pulumi-lang-dotnet=\"`SessionControls`\" pulumi-lang-go=\"`sessionControls`\" pulumi-lang-python=\"`session_controls`\" pulumi-lang-yaml=\"`sessionControls`\" pulumi-lang-java=\"`sessionControls`\"\u003e`sessionControls`\u003c/span\u003e block as documented below, which specifies the session controls that are enforced after sign-in.\n\n\u003e Note: At least one of \u003cspan pulumi-lang-nodejs=\"`grantControls`\" pulumi-lang-dotnet=\"`GrantControls`\" pulumi-lang-go=\"`grantControls`\" pulumi-lang-python=\"`grant_controls`\" pulumi-lang-yaml=\"`grantControls`\" pulumi-lang-java=\"`grantControls`\"\u003e`grantControls`\u003c/span\u003e and/or \u003cspan pulumi-lang-nodejs=\"`sessionControls`\" pulumi-lang-dotnet=\"`SessionControls`\" pulumi-lang-go=\"`sessionControls`\" pulumi-lang-python=\"`session_controls`\" pulumi-lang-yaml=\"`sessionControls`\" pulumi-lang-java=\"`sessionControls`\"\u003e`sessionControls`\u003c/span\u003e blocks must be specified.\n"},"state":{"type":"string","description":"Specifies the state of the policy object. Possible values are: \u003cspan pulumi-lang-nodejs=\"`enabled`\" pulumi-lang-dotnet=\"`Enabled`\" pulumi-lang-go=\"`enabled`\" pulumi-lang-python=\"`enabled`\" pulumi-lang-yaml=\"`enabled`\" pulumi-lang-java=\"`enabled`\"\u003e`enabled`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`disabled`\" pulumi-lang-dotnet=\"`Disabled`\" pulumi-lang-go=\"`disabled`\" pulumi-lang-python=\"`disabled`\" pulumi-lang-yaml=\"`disabled`\" pulumi-lang-java=\"`disabled`\"\u003e`disabled`\u003c/span\u003e and `enabledForReportingButNotEnforced`\n"}},"type":"object"}},"azuread:index/customDirectoryRole:CustomDirectoryRole":{"description":"Manages a Custom Directory Role within Azure Active Directory.\n\nThis resource is for managing custom directory roles. For management of built-in roles, see the\u003cspan pulumi-lang-nodejs=\" azuread.DirectoryRole \" pulumi-lang-dotnet=\" azuread.DirectoryRole \" pulumi-lang-go=\" DirectoryRole \" pulumi-lang-python=\" DirectoryRole \" pulumi-lang-yaml=\" azuread.DirectoryRole \" pulumi-lang-java=\" azuread.DirectoryRole \"\u003e azuread.DirectoryRole \u003c/span\u003eresource.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.CustomDirectoryRole(\"example\", {\n    displayName: \"My Custom Role\",\n    description: \"Allows reading applications and updating groups\",\n    enabled: true,\n    version: \"1.0\",\n    permissions: [\n        {\n            allowedResourceActions: [\n                \"microsoft.directory/applications/basic/update\",\n                \"microsoft.directory/applications/create\",\n                \"microsoft.directory/applications/standard/read\",\n            ],\n        },\n        {\n            allowedResourceActions: [\n                \"microsoft.directory/groups/allProperties/read\",\n                \"microsoft.directory/groups/allProperties/read\",\n                \"microsoft.directory/groups/basic/update\",\n                \"microsoft.directory/groups/create\",\n                \"microsoft.directory/groups/delete\",\n            ],\n        },\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.CustomDirectoryRole(\"example\",\n    display_name=\"My Custom Role\",\n    description=\"Allows reading applications and updating groups\",\n    enabled=True,\n    version=\"1.0\",\n    permissions=[\n        {\n            \"allowed_resource_actions\": [\n                \"microsoft.directory/applications/basic/update\",\n                \"microsoft.directory/applications/create\",\n                \"microsoft.directory/applications/standard/read\",\n            ],\n        },\n        {\n            \"allowed_resource_actions\": [\n                \"microsoft.directory/groups/allProperties/read\",\n                \"microsoft.directory/groups/allProperties/read\",\n                \"microsoft.directory/groups/basic/update\",\n                \"microsoft.directory/groups/create\",\n                \"microsoft.directory/groups/delete\",\n            ],\n        },\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.CustomDirectoryRole(\"example\", new()\n    {\n        DisplayName = \"My Custom Role\",\n        Description = \"Allows reading applications and updating groups\",\n        Enabled = true,\n        Version = \"1.0\",\n        Permissions = new[]\n        {\n            new AzureAD.Inputs.CustomDirectoryRolePermissionArgs\n            {\n                AllowedResourceActions = new[]\n                {\n                    \"microsoft.directory/applications/basic/update\",\n                    \"microsoft.directory/applications/create\",\n                    \"microsoft.directory/applications/standard/read\",\n                },\n            },\n            new AzureAD.Inputs.CustomDirectoryRolePermissionArgs\n            {\n                AllowedResourceActions = new[]\n                {\n                    \"microsoft.directory/groups/allProperties/read\",\n                    \"microsoft.directory/groups/allProperties/read\",\n                    \"microsoft.directory/groups/basic/update\",\n                    \"microsoft.directory/groups/create\",\n                    \"microsoft.directory/groups/delete\",\n                },\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewCustomDirectoryRole(ctx, \"example\", \u0026azuread.CustomDirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"My Custom Role\"),\n\t\t\tDescription: pulumi.String(\"Allows reading applications and updating groups\"),\n\t\t\tEnabled:     pulumi.Bool(true),\n\t\t\tVersion:     pulumi.String(\"1.0\"),\n\t\t\tPermissions: azuread.CustomDirectoryRolePermissionArray{\n\t\t\t\t\u0026azuread.CustomDirectoryRolePermissionArgs{\n\t\t\t\t\tAllowedResourceActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/applications/basic/update\"),\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/applications/create\"),\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/applications/standard/read\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026azuread.CustomDirectoryRolePermissionArgs{\n\t\t\t\t\tAllowedResourceActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/groups/allProperties/read\"),\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/groups/allProperties/read\"),\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/groups/basic/update\"),\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/groups/create\"),\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/groups/delete\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.CustomDirectoryRole;\nimport com.pulumi.azuread.CustomDirectoryRoleArgs;\nimport com.pulumi.azuread.inputs.CustomDirectoryRolePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new CustomDirectoryRole(\"example\", CustomDirectoryRoleArgs.builder()\n            .displayName(\"My Custom Role\")\n            .description(\"Allows reading applications and updating groups\")\n            .enabled(true)\n            .version(\"1.0\")\n            .permissions(            \n                CustomDirectoryRolePermissionArgs.builder()\n                    .allowedResourceActions(                    \n                        \"microsoft.directory/applications/basic/update\",\n                        \"microsoft.directory/applications/create\",\n                        \"microsoft.directory/applications/standard/read\")\n                    .build(),\n                CustomDirectoryRolePermissionArgs.builder()\n                    .allowedResourceActions(                    \n                        \"microsoft.directory/groups/allProperties/read\",\n                        \"microsoft.directory/groups/allProperties/read\",\n                        \"microsoft.directory/groups/basic/update\",\n                        \"microsoft.directory/groups/create\",\n                        \"microsoft.directory/groups/delete\")\n                    .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:CustomDirectoryRole\n    properties:\n      displayName: My Custom Role\n      description: Allows reading applications and updating groups\n      enabled: true\n      version: '1.0'\n      permissions:\n        - allowedResourceActions:\n            - microsoft.directory/applications/basic/update\n            - microsoft.directory/applications/create\n            - microsoft.directory/applications/standard/read\n        - allowedResourceActions:\n            - microsoft.directory/groups/allProperties/read\n            - microsoft.directory/groups/allProperties/read\n            - microsoft.directory/groups/basic/update\n            - microsoft.directory/groups/create\n            - microsoft.directory/groups/delete\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n","properties":{"description":{"type":"string","description":"The description of the custom directory role.\n"},"displayName":{"type":"string","description":"The display name of the custom directory role.\n"},"enabled":{"type":"boolean","description":"Indicates whether the role is enabled for assignment.\n"},"objectId":{"type":"string","description":"The object ID of the custom directory role.\n"},"permissions":{"type":"array","items":{"$ref":"#/types/azuread:index/CustomDirectoryRolePermission:CustomDirectoryRolePermission"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`permissions`\" pulumi-lang-dotnet=\"`Permissions`\" pulumi-lang-go=\"`permissions`\" pulumi-lang-python=\"`permissions`\" pulumi-lang-yaml=\"`permissions`\" pulumi-lang-java=\"`permissions`\"\u003e`permissions`\u003c/span\u003e blocks as documented below.\n"},"templateId":{"type":"string","description":"Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created.\n"},"version":{"type":"string","description":"The version of the role definition. This can be any arbitrary string between 1-128 characters.\n"}},"required":["displayName","enabled","objectId","permissions","templateId","version"],"inputProperties":{"description":{"type":"string","description":"The description of the custom directory role.\n"},"displayName":{"type":"string","description":"The display name of the custom directory role.\n"},"enabled":{"type":"boolean","description":"Indicates whether the role is enabled for assignment.\n"},"permissions":{"type":"array","items":{"$ref":"#/types/azuread:index/CustomDirectoryRolePermission:CustomDirectoryRolePermission"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`permissions`\" pulumi-lang-dotnet=\"`Permissions`\" pulumi-lang-go=\"`permissions`\" pulumi-lang-python=\"`permissions`\" pulumi-lang-yaml=\"`permissions`\" pulumi-lang-java=\"`permissions`\"\u003e`permissions`\u003c/span\u003e blocks as documented below.\n"},"templateId":{"type":"string","description":"Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"version":{"type":"string","description":"The version of the role definition. This can be any arbitrary string between 1-128 characters.\n"}},"requiredInputs":["displayName","enabled","permissions","version"],"stateInputs":{"description":"Input properties used for looking up and filtering CustomDirectoryRole resources.\n","properties":{"description":{"type":"string","description":"The description of the custom directory role.\n"},"displayName":{"type":"string","description":"The display name of the custom directory role.\n"},"enabled":{"type":"boolean","description":"Indicates whether the role is enabled for assignment.\n"},"objectId":{"type":"string","description":"The object ID of the custom directory role.\n"},"permissions":{"type":"array","items":{"$ref":"#/types/azuread:index/CustomDirectoryRolePermission:CustomDirectoryRolePermission"},"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`permissions`\" pulumi-lang-dotnet=\"`Permissions`\" pulumi-lang-go=\"`permissions`\" pulumi-lang-python=\"`permissions`\" pulumi-lang-yaml=\"`permissions`\" pulumi-lang-java=\"`permissions`\"\u003e`permissions`\u003c/span\u003e blocks as documented below.\n"},"templateId":{"type":"string","description":"Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"version":{"type":"string","description":"The version of the role definition. This can be any arbitrary string between 1-128 characters.\n"}},"type":"object"}},"azuread:index/directoryRole:DirectoryRole":{"description":"Manages a Directory Role within Azure Active Directory. Directory Roles are also known as Administrator Roles.\n\nDirectory Roles are built-in to Azure Active Directory and are immutable. However, by default they are not activated in a tenant (except for the Global Administrator role). This resource ensures a directory role is activated from its associated role template, and exports the object ID of the role, so that role assignments can be made for it.\n\nOnce activated, directory roles cannot be deactivated and so this resource does not perform any actions on destroy.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Activate a directory role by its template ID*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.DirectoryRole(\"example\", {templateId: \"00000000-0000-0000-0000-000000000000\"});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.DirectoryRole(\"example\", template_id=\"00000000-0000-0000-0000-000000000000\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.DirectoryRole(\"example\", new()\n    {\n        TemplateId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tTemplateId: pulumi.String(\"00000000-0000-0000-0000-000000000000\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new DirectoryRole(\"example\", DirectoryRoleArgs.builder()\n            .templateId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:DirectoryRole\n    properties:\n      templateId: 00000000-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Activate a directory role by display name*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.DirectoryRole(\"example\", {displayName: \"Printer administrator\"});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.DirectoryRole(\"example\", display_name=\"Printer administrator\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.DirectoryRole(\"example\", new()\n    {\n        DisplayName = \"Printer administrator\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Printer administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new DirectoryRole(\"example\", DirectoryRoleArgs.builder()\n            .displayName(\"Printer administrator\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:DirectoryRole\n    properties:\n      displayName: Printer administrator\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n","properties":{"description":{"type":"string","description":"The description of the directory role.\n"},"displayName":{"type":"string","description":"The display name of the directory role to activate. Changing this forces a new resource to be created.\n"},"objectId":{"type":"string","description":"The object ID of the directory role.\n"},"templateId":{"type":"string","description":"The object ID of the role template from which to activate the directory role. Changing this forces a new resource to be created.\n\n\u003e Either \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`templateId`\" pulumi-lang-dotnet=\"`TemplateId`\" pulumi-lang-go=\"`templateId`\" pulumi-lang-python=\"`template_id`\" pulumi-lang-yaml=\"`templateId`\" pulumi-lang-java=\"`templateId`\"\u003e`templateId`\u003c/span\u003e must be specified.\n"}},"required":["description","displayName","objectId","templateId"],"inputProperties":{"displayName":{"type":"string","description":"The display name of the directory role to activate. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"templateId":{"type":"string","description":"The object ID of the role template from which to activate the directory role. Changing this forces a new resource to be created.\n\n\u003e Either \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`templateId`\" pulumi-lang-dotnet=\"`TemplateId`\" pulumi-lang-go=\"`templateId`\" pulumi-lang-python=\"`template_id`\" pulumi-lang-yaml=\"`templateId`\" pulumi-lang-java=\"`templateId`\"\u003e`templateId`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true}},"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryRole resources.\n","properties":{"description":{"type":"string","description":"The description of the directory role.\n"},"displayName":{"type":"string","description":"The display name of the directory role to activate. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"objectId":{"type":"string","description":"The object ID of the directory role.\n"},"templateId":{"type":"string","description":"The object ID of the role template from which to activate the directory role. Changing this forces a new resource to be created.\n\n\u003e Either \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`templateId`\" pulumi-lang-dotnet=\"`TemplateId`\" pulumi-lang-go=\"`templateId`\" pulumi-lang-python=\"`template_id`\" pulumi-lang-yaml=\"`templateId`\" pulumi-lang-java=\"`templateId`\"\u003e`templateId`\u003c/span\u003e must be specified.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/directoryRoleAssignment:DirectoryRoleAssignment":{"description":"Manages a single directory role assignment within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Assignment for a built-in role*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleDirectoryRole = new azuread.DirectoryRole(\"example\", {displayName: \"Security administrator\"});\nconst exampleDirectoryRoleAssignment = new azuread.DirectoryRoleAssignment(\"example\", {\n    roleId: exampleDirectoryRole.templateId,\n    principalObjectId: example.then(example =\u003e example.objectId),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_directory_role = azuread.DirectoryRole(\"example\", display_name=\"Security administrator\")\nexample_directory_role_assignment = azuread.DirectoryRoleAssignment(\"example\",\n    role_id=example_directory_role.template_id,\n    principal_object_id=example.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleDirectoryRole = new AzureAD.Index.DirectoryRole(\"example\", new()\n    {\n        DisplayName = \"Security administrator\",\n    });\n\n    var exampleDirectoryRoleAssignment = new AzureAD.Index.DirectoryRoleAssignment(\"example\", new()\n    {\n        RoleId = exampleDirectoryRole.TemplateId,\n        PrincipalObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectoryRole, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Security administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewDirectoryRoleAssignment(ctx, \"example\", \u0026azuread.DirectoryRoleAssignmentArgs{\n\t\t\tRoleId:            exampleDirectoryRole.TemplateId,\n\t\t\tPrincipalObjectId: pulumi.String(pulumi.String(example.ObjectId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport com.pulumi.azuread.DirectoryRoleAssignment;\nimport com.pulumi.azuread.DirectoryRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleDirectoryRole = new DirectoryRole(\"exampleDirectoryRole\", DirectoryRoleArgs.builder()\n            .displayName(\"Security administrator\")\n            .build());\n\n        var exampleDirectoryRoleAssignment = new DirectoryRoleAssignment(\"exampleDirectoryRoleAssignment\", DirectoryRoleAssignmentArgs.builder()\n            .roleId(exampleDirectoryRole.templateId())\n            .principalObjectId(example.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleDirectoryRole:\n    type: azuread:DirectoryRole\n    name: example\n    properties:\n      displayName: Security administrator\n  exampleDirectoryRoleAssignment:\n    type: azuread:DirectoryRoleAssignment\n    name: example\n    properties:\n      roleId: ${exampleDirectoryRole.templateId}\n      principalObjectId: ${example.objectId}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e Note the use of the \u003cspan pulumi-lang-nodejs=\"`templateId`\" pulumi-lang-dotnet=\"`TemplateId`\" pulumi-lang-go=\"`templateId`\" pulumi-lang-python=\"`template_id`\" pulumi-lang-yaml=\"`templateId`\" pulumi-lang-java=\"`templateId`\"\u003e`templateId`\u003c/span\u003e attribute when referencing built-in roles.\n\n*Assignment for a custom role*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleCustomDirectoryRole = new azuread.CustomDirectoryRole(\"example\", {\n    displayName: \"My Custom Role\",\n    enabled: true,\n    version: \"1.0\",\n    permissions: [{\n        allowedResourceActions: [\n            \"microsoft.directory/applications/basic/update\",\n            \"microsoft.directory/applications/standard/read\",\n        ],\n    }],\n});\nconst exampleDirectoryRoleAssignment = new azuread.DirectoryRoleAssignment(\"example\", {\n    roleId: exampleCustomDirectoryRole.objectId,\n    principalObjectId: example.then(example =\u003e example.objectId),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_custom_directory_role = azuread.CustomDirectoryRole(\"example\",\n    display_name=\"My Custom Role\",\n    enabled=True,\n    version=\"1.0\",\n    permissions=[{\n        \"allowed_resource_actions\": [\n            \"microsoft.directory/applications/basic/update\",\n            \"microsoft.directory/applications/standard/read\",\n        ],\n    }])\nexample_directory_role_assignment = azuread.DirectoryRoleAssignment(\"example\",\n    role_id=example_custom_directory_role.object_id,\n    principal_object_id=example.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleCustomDirectoryRole = new AzureAD.Index.CustomDirectoryRole(\"example\", new()\n    {\n        DisplayName = \"My Custom Role\",\n        Enabled = true,\n        Version = \"1.0\",\n        Permissions = new[]\n        {\n            new AzureAD.Inputs.CustomDirectoryRolePermissionArgs\n            {\n                AllowedResourceActions = new[]\n                {\n                    \"microsoft.directory/applications/basic/update\",\n                    \"microsoft.directory/applications/standard/read\",\n                },\n            },\n        },\n    });\n\n    var exampleDirectoryRoleAssignment = new AzureAD.Index.DirectoryRoleAssignment(\"example\", new()\n    {\n        RoleId = exampleCustomDirectoryRole.ObjectId,\n        PrincipalObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCustomDirectoryRole, err := azuread.NewCustomDirectoryRole(ctx, \"example\", \u0026azuread.CustomDirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"My Custom Role\"),\n\t\t\tEnabled:     pulumi.Bool(true),\n\t\t\tVersion:     pulumi.String(\"1.0\"),\n\t\t\tPermissions: azuread.CustomDirectoryRolePermissionArray{\n\t\t\t\t\u0026azuread.CustomDirectoryRolePermissionArgs{\n\t\t\t\t\tAllowedResourceActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/applications/basic/update\"),\n\t\t\t\t\t\tpulumi.String(\"microsoft.directory/applications/standard/read\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewDirectoryRoleAssignment(ctx, \"example\", \u0026azuread.DirectoryRoleAssignmentArgs{\n\t\t\tRoleId:            exampleCustomDirectoryRole.ObjectId,\n\t\t\tPrincipalObjectId: pulumi.String(pulumi.String(example.ObjectId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.CustomDirectoryRole;\nimport com.pulumi.azuread.CustomDirectoryRoleArgs;\nimport com.pulumi.azuread.inputs.CustomDirectoryRolePermissionArgs;\nimport com.pulumi.azuread.DirectoryRoleAssignment;\nimport com.pulumi.azuread.DirectoryRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleCustomDirectoryRole = new CustomDirectoryRole(\"exampleCustomDirectoryRole\", CustomDirectoryRoleArgs.builder()\n            .displayName(\"My Custom Role\")\n            .enabled(true)\n            .version(\"1.0\")\n            .permissions(CustomDirectoryRolePermissionArgs.builder()\n                .allowedResourceActions(                \n                    \"microsoft.directory/applications/basic/update\",\n                    \"microsoft.directory/applications/standard/read\")\n                .build())\n            .build());\n\n        var exampleDirectoryRoleAssignment = new DirectoryRoleAssignment(\"exampleDirectoryRoleAssignment\", DirectoryRoleAssignmentArgs.builder()\n            .roleId(exampleCustomDirectoryRole.objectId())\n            .principalObjectId(example.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleCustomDirectoryRole:\n    type: azuread:CustomDirectoryRole\n    name: example\n    properties:\n      displayName: My Custom Role\n      enabled: true\n      version: '1.0'\n      permissions:\n        - allowedResourceActions:\n            - microsoft.directory/applications/basic/update\n            - microsoft.directory/applications/standard/read\n  exampleDirectoryRoleAssignment:\n    type: azuread:DirectoryRoleAssignment\n    name: example\n    properties:\n      roleId: ${exampleCustomDirectoryRole.objectId}\n      principalObjectId: ${example.objectId}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Scoped assignment for an application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as std from \"@pulumi/std\";\n\nconst exampleDirectoryRole = new azuread.DirectoryRole(\"example\", {displayName: \"Cloud application administrator\"});\nconst exampleApplication = new azuread.Application(\"example\", {displayName: \"My Application\"});\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleDirectoryRoleAssignment = new azuread.DirectoryRoleAssignment(\"example\", {\n    roleId: exampleDirectoryRole.templateId,\n    principalObjectId: example.then(example =\u003e example.objectId),\n    directoryScopeId: std.format({\n        input: \"/%s\",\n        args: [exampleApplication.objectId],\n    }).then(invoke =\u003e invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_std as std\n\nexample_directory_role = azuread.DirectoryRole(\"example\", display_name=\"Cloud application administrator\")\nexample_application = azuread.Application(\"example\", display_name=\"My Application\")\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_directory_role_assignment = azuread.DirectoryRoleAssignment(\"example\",\n    role_id=example_directory_role.template_id,\n    principal_object_id=example.object_id,\n    directory_scope_id=std.format(input=\"/%s\",\n        args=[example_application.object_id]).result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var exampleDirectoryRole = new AzureAD.Index.DirectoryRole(\"example\", new()\n    {\n        DisplayName = \"Cloud application administrator\",\n    });\n\n    var exampleApplication = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"My Application\",\n    });\n\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleDirectoryRoleAssignment = new AzureAD.Index.DirectoryRoleAssignment(\"example\", new()\n    {\n        RoleId = exampleDirectoryRole.TemplateId,\n        PrincipalObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n        DirectoryScopeId = Std.Index.Format.Invoke(new()\n        {\n            Input = \"/%s\",\n            Args = new[]\n            {\n                exampleApplication.ObjectId,\n            },\n        }).Apply(invoke =\u003e invoke.Result),\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDirectoryRole, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Cloud application administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"My Application\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFormat, err := std.Format(ctx, \u0026std.FormatArgs{\n\t\t\tInput: \"/%s\",\n\t\t\tArgs: pulumi.StringArray{\n\t\t\t\texampleApplication.ObjectId,\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewDirectoryRoleAssignment(ctx, \"example\", \u0026azuread.DirectoryRoleAssignmentArgs{\n\t\t\tRoleId:            exampleDirectoryRole.TemplateId,\n\t\t\tPrincipalObjectId: pulumi.String(pulumi.String(example.ObjectId)),\n\t\t\tDirectoryScopeId:  pulumi.String(invokeFormat.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.DirectoryRoleAssignment;\nimport com.pulumi.azuread.DirectoryRoleAssignmentArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FormatArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var exampleDirectoryRole = new DirectoryRole(\"exampleDirectoryRole\", DirectoryRoleArgs.builder()\n            .displayName(\"Cloud application administrator\")\n            .build());\n\n        var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder()\n            .displayName(\"My Application\")\n            .build());\n\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleDirectoryRoleAssignment = new DirectoryRoleAssignment(\"exampleDirectoryRoleAssignment\", DirectoryRoleAssignmentArgs.builder()\n            .roleId(exampleDirectoryRole.templateId())\n            .principalObjectId(example.objectId())\n            .directoryScopeId(StdFunctions.format(FormatArgs.builder()\n                .input(\"/%s\")\n                .args(exampleApplication.objectId())\n                .build()).result())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleDirectoryRole:\n    type: azuread:DirectoryRole\n    name: example\n    properties:\n      displayName: Cloud application administrator\n  exampleApplication:\n    type: azuread:Application\n    name: example\n    properties:\n      displayName: My Application\n  exampleDirectoryRoleAssignment:\n    type: azuread:DirectoryRoleAssignment\n    name: example\n    properties:\n      roleId: ${exampleDirectoryRole.templateId}\n      principalObjectId: ${example.objectId}\n      directoryScopeId:\n        fn::invoke:\n          function: std:format\n          arguments:\n            input: /%s\n            args:\n              - ${exampleApplication.objectId}\n          return: result\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e Note the use of the \u003cspan pulumi-lang-nodejs=\"`templateId`\" pulumi-lang-dotnet=\"`TemplateId`\" pulumi-lang-go=\"`templateId`\" pulumi-lang-python=\"`template_id`\" pulumi-lang-yaml=\"`templateId`\" pulumi-lang-java=\"`templateId`\"\u003e`templateId`\u003c/span\u003e attribute when referencing built-in roles.\n\n## Import\n\nDirectory role assignments can be imported using the ID of the assignment, e.g.\n\n```sh\n$ pulumi import azuread:index/directoryRoleAssignment:DirectoryRoleAssignment example ePROZI_iKE653D_d6aoLHyr-lKgHI8ZGiIdz8CLVcng-1\n```\n\n","properties":{"appScopeId":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`directoryScopeId`\" pulumi-lang-dotnet=\"`DirectoryScopeId`\" pulumi-lang-go=\"`directoryScopeId`\" pulumi-lang-python=\"`directory_scope_id`\" pulumi-lang-yaml=\"`directoryScopeId`\" pulumi-lang-java=\"`directoryScopeId`\"\u003e`directoryScopeId`\u003c/span\u003e. See [official documentation](https://docs.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignments?view=graph-rest-1.0\u0026tabs=http) for example usage. Changing this forces a new resource to be created.\n"},"directoryScopeId":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`appScopeId`\" pulumi-lang-dotnet=\"`AppScopeId`\" pulumi-lang-go=\"`appScopeId`\" pulumi-lang-python=\"`app_scope_id`\" pulumi-lang-yaml=\"`appScopeId`\" pulumi-lang-java=\"`appScopeId`\"\u003e`appScopeId`\u003c/span\u003e. See [official documentation](https://docs.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignments?view=graph-rest-1.0\u0026tabs=http) for example usage. Changing this forces a new resource to be created.\n"},"principalObjectId":{"type":"string","description":"The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n"},"roleId":{"type":"string","description":"The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created.\n"}},"required":["appScopeId","directoryScopeId","principalObjectId","roleId"],"inputProperties":{"appScopeId":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`directoryScopeId`\" pulumi-lang-dotnet=\"`DirectoryScopeId`\" pulumi-lang-go=\"`directoryScopeId`\" pulumi-lang-python=\"`directory_scope_id`\" pulumi-lang-yaml=\"`directoryScopeId`\" pulumi-lang-java=\"`directoryScopeId`\"\u003e`directoryScopeId`\u003c/span\u003e. See [official documentation](https://docs.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignments?view=graph-rest-1.0\u0026tabs=http) for example usage. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"directoryScopeId":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`appScopeId`\" pulumi-lang-dotnet=\"`AppScopeId`\" pulumi-lang-go=\"`appScopeId`\" pulumi-lang-python=\"`app_scope_id`\" pulumi-lang-yaml=\"`appScopeId`\" pulumi-lang-java=\"`appScopeId`\"\u003e`appScopeId`\u003c/span\u003e. See [official documentation](https://docs.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignments?view=graph-rest-1.0\u0026tabs=http) for example usage. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalObjectId":{"type":"string","description":"The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["principalObjectId","roleId"],"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryRoleAssignment resources.\n","properties":{"appScopeId":{"type":"string","description":"Identifier of the app-specific scope when the assignment scope is app-specific. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`directoryScopeId`\" pulumi-lang-dotnet=\"`DirectoryScopeId`\" pulumi-lang-go=\"`directoryScopeId`\" pulumi-lang-python=\"`directory_scope_id`\" pulumi-lang-yaml=\"`directoryScopeId`\" pulumi-lang-java=\"`directoryScopeId`\"\u003e`directoryScopeId`\u003c/span\u003e. See [official documentation](https://docs.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignments?view=graph-rest-1.0\u0026tabs=http) for example usage. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"directoryScopeId":{"type":"string","description":"Identifier of the directory object representing the scope of the assignment. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`appScopeId`\" pulumi-lang-dotnet=\"`AppScopeId`\" pulumi-lang-go=\"`appScopeId`\" pulumi-lang-python=\"`app_scope_id`\" pulumi-lang-yaml=\"`appScopeId`\" pulumi-lang-java=\"`appScopeId`\"\u003e`appScopeId`\u003c/span\u003e. See [official documentation](https://docs.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignments?view=graph-rest-1.0\u0026tabs=http) for example usage. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalObjectId":{"type":"string","description":"The object ID of the principal for you want to create a role assignment. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleId":{"type":"string","description":"The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/directoryRoleEligibilityScheduleRequest:DirectoryRoleEligibilityScheduleRequest":{"description":"Manages a single directory role eligibility schedule request within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nThe calling principal requires one of the following application roles: `RoleEligibilitySchedule.ReadWrite.Directory` or `RoleManagement.ReadWrite.Directory`.\n\nThe calling principal requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleDirectoryRole = new azuread.DirectoryRole(\"example\", {displayName: \"Application Administrator\"});\nconst exampleDirectoryRoleEligibilityScheduleRequest = new azuread.DirectoryRoleEligibilityScheduleRequest(\"example\", {\n    roleDefinitionId: exampleDirectoryRole.templateId,\n    principalId: example.then(example =\u003e example.objectId),\n    directoryScopeId: \"/\",\n    justification: \"Example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_directory_role = azuread.DirectoryRole(\"example\", display_name=\"Application Administrator\")\nexample_directory_role_eligibility_schedule_request = azuread.DirectoryRoleEligibilityScheduleRequest(\"example\",\n    role_definition_id=example_directory_role.template_id,\n    principal_id=example.object_id,\n    directory_scope_id=\"/\",\n    justification=\"Example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleDirectoryRole = new AzureAD.Index.DirectoryRole(\"example\", new()\n    {\n        DisplayName = \"Application Administrator\",\n    });\n\n    var exampleDirectoryRoleEligibilityScheduleRequest = new AzureAD.Index.DirectoryRoleEligibilityScheduleRequest(\"example\", new()\n    {\n        RoleDefinitionId = exampleDirectoryRole.TemplateId,\n        PrincipalId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n        DirectoryScopeId = \"/\",\n        Justification = \"Example\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectoryRole, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Application Administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewDirectoryRoleEligibilityScheduleRequest(ctx, \"example\", \u0026azuread.DirectoryRoleEligibilityScheduleRequestArgs{\n\t\t\tRoleDefinitionId: exampleDirectoryRole.TemplateId,\n\t\t\tPrincipalId:      pulumi.String(pulumi.String(example.ObjectId)),\n\t\t\tDirectoryScopeId: pulumi.String(\"/\"),\n\t\t\tJustification:    pulumi.String(\"Example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport com.pulumi.azuread.DirectoryRoleEligibilityScheduleRequest;\nimport com.pulumi.azuread.DirectoryRoleEligibilityScheduleRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleDirectoryRole = new DirectoryRole(\"exampleDirectoryRole\", DirectoryRoleArgs.builder()\n            .displayName(\"Application Administrator\")\n            .build());\n\n        var exampleDirectoryRoleEligibilityScheduleRequest = new DirectoryRoleEligibilityScheduleRequest(\"exampleDirectoryRoleEligibilityScheduleRequest\", DirectoryRoleEligibilityScheduleRequestArgs.builder()\n            .roleDefinitionId(exampleDirectoryRole.templateId())\n            .principalId(example.objectId())\n            .directoryScopeId(\"/\")\n            .justification(\"Example\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleDirectoryRole:\n    type: azuread:DirectoryRole\n    name: example\n    properties:\n      displayName: Application Administrator\n  exampleDirectoryRoleEligibilityScheduleRequest:\n    type: azuread:DirectoryRoleEligibilityScheduleRequest\n    name: example\n    properties:\n      roleDefinitionId: ${exampleDirectoryRole.templateId}\n      principalId: ${example.objectId}\n      directoryScopeId: /\n      justification: Example\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e Note the use of the \u003cspan pulumi-lang-nodejs=\"`templateId`\" pulumi-lang-dotnet=\"`TemplateId`\" pulumi-lang-go=\"`templateId`\" pulumi-lang-python=\"`template_id`\" pulumi-lang-yaml=\"`templateId`\" pulumi-lang-java=\"`templateId`\"\u003e`templateId`\u003c/span\u003e attribute when referencing built-in roles.\n\n## Import\n\nDirectory role eligibility schedule requests can be imported using the ID of the assignment, e.g.\n\n```sh\n$ pulumi import azuread:index/directoryRoleEligibilityScheduleRequest:DirectoryRoleEligibilityScheduleRequest example 822ec710-4c9f-4f71-a27a-451759cc7522\n```\n\n","properties":{"directoryScopeId":{"type":"string","description":"Identifier of the directory object representing the scope of the role eligibility. Changing this forces a new resource to be created.\n"},"justification":{"type":"string","description":"Justification for why the principal is granted the role eligibility. Changing this forces a new resource to be created.\n"},"principalId":{"type":"string","description":"The object ID of the principal to granted the role eligibility. Changing this forces a new resource to be created.\n"},"roleDefinitionId":{"type":"string","description":"The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created.\n"}},"required":["directoryScopeId","justification","principalId","roleDefinitionId"],"inputProperties":{"directoryScopeId":{"type":"string","description":"Identifier of the directory object representing the scope of the role eligibility. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"justification":{"type":"string","description":"Justification for why the principal is granted the role eligibility. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalId":{"type":"string","description":"The object ID of the principal to granted the role eligibility. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleDefinitionId":{"type":"string","description":"The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["directoryScopeId","justification","principalId","roleDefinitionId"],"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryRoleEligibilityScheduleRequest resources.\n","properties":{"directoryScopeId":{"type":"string","description":"Identifier of the directory object representing the scope of the role eligibility. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"justification":{"type":"string","description":"Justification for why the principal is granted the role eligibility. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"principalId":{"type":"string","description":"The object ID of the principal to granted the role eligibility. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleDefinitionId":{"type":"string","description":"The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/directoryRoleMember:DirectoryRoleMember":{"description":"Manages a single directory role membership (assignment) within Azure Active Directory.\n\n\u003e **Deprecation Warning:** This resource has been superseded by the\u003cspan pulumi-lang-nodejs=\" azuread.DirectoryRoleAssignment \" pulumi-lang-dotnet=\" azuread.DirectoryRoleAssignment \" pulumi-lang-go=\" DirectoryRoleAssignment \" pulumi-lang-python=\" DirectoryRoleAssignment \" pulumi-lang-yaml=\" azuread.DirectoryRoleAssignment \" pulumi-lang-java=\" azuread.DirectoryRoleAssignment \"\u003e azuread.DirectoryRoleAssignment \u003c/span\u003eresource and will be removed in version 3.0 of the AzureAD provider\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleDirectoryRole = new azuread.DirectoryRole(\"example\", {displayName: \"Security administrator\"});\nconst exampleDirectoryRoleMember = new azuread.DirectoryRoleMember(\"example\", {\n    roleObjectId: exampleDirectoryRole.objectId,\n    memberObjectId: example.then(example =\u003e example.objectId),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_directory_role = azuread.DirectoryRole(\"example\", display_name=\"Security administrator\")\nexample_directory_role_member = azuread.DirectoryRoleMember(\"example\",\n    role_object_id=example_directory_role.object_id,\n    member_object_id=example.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleDirectoryRole = new AzureAD.Index.DirectoryRole(\"example\", new()\n    {\n        DisplayName = \"Security administrator\",\n    });\n\n    var exampleDirectoryRoleMember = new AzureAD.Index.DirectoryRoleMember(\"example\", new()\n    {\n        RoleObjectId = exampleDirectoryRole.ObjectId,\n        MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDirectoryRole, err := azuread.NewDirectoryRole(ctx, \"example\", \u0026azuread.DirectoryRoleArgs{\n\t\t\tDisplayName: pulumi.String(\"Security administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewDirectoryRoleMember(ctx, \"example\", \u0026azuread.DirectoryRoleMemberArgs{\n\t\t\tRoleObjectId:   exampleDirectoryRole.ObjectId,\n\t\t\tMemberObjectId: pulumi.String(pulumi.String(example.ObjectId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.DirectoryRole;\nimport com.pulumi.azuread.DirectoryRoleArgs;\nimport com.pulumi.azuread.DirectoryRoleMember;\nimport com.pulumi.azuread.DirectoryRoleMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleDirectoryRole = new DirectoryRole(\"exampleDirectoryRole\", DirectoryRoleArgs.builder()\n            .displayName(\"Security administrator\")\n            .build());\n\n        var exampleDirectoryRoleMember = new DirectoryRoleMember(\"exampleDirectoryRoleMember\", DirectoryRoleMemberArgs.builder()\n            .roleObjectId(exampleDirectoryRole.objectId())\n            .memberObjectId(example.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleDirectoryRole:\n    type: azuread:DirectoryRole\n    name: example\n    properties:\n      displayName: Security administrator\n  exampleDirectoryRoleMember:\n    type: azuread:DirectoryRoleMember\n    name: example\n    properties:\n      roleObjectId: ${exampleDirectoryRole.objectId}\n      memberObjectId: ${example.objectId}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDirectory role members can be imported using the object ID of the role and the object ID of the member, e.g.\n\n```sh\n$ pulumi import azuread:index/directoryRoleMember:DirectoryRoleMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the Directory Role Object ID and the target Member Object ID in the format `{RoleObjectID}/member/{MemberObjectID}`.\n\n","properties":{"memberObjectId":{"type":"string","description":"The object ID of the principal you want to add as a member to the directory role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n"},"roleObjectId":{"type":"string","description":"The object ID of the directory role you want to add the member to. Changing this forces a new resource to be created.\n"}},"inputProperties":{"memberObjectId":{"type":"string","description":"The object ID of the principal you want to add as a member to the directory role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleObjectId":{"type":"string","description":"The object ID of the directory role you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"stateInputs":{"description":"Input properties used for looking up and filtering DirectoryRoleMember resources.\n","properties":{"memberObjectId":{"type":"string","description":"The object ID of the principal you want to add as a member to the directory role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"roleObjectId":{"type":"string","description":"The object ID of the directory role you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/group:Group":{"description":"Manages a group within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nAlternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.\n\nIf using the \u003cspan pulumi-lang-nodejs=\"`assignableToRole`\" pulumi-lang-dotnet=\"`AssignableToRole`\" pulumi-lang-go=\"`assignableToRole`\" pulumi-lang-python=\"`assignable_to_role`\" pulumi-lang-yaml=\"`assignableToRole`\" pulumi-lang-java=\"`assignableToRole`\"\u003e`assignableToRole`\u003c/span\u003e property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.\n\nIf specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\nWhen creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles.\n\nThe \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n    displayName: \"example\",\n    owners: [current.then(current =\u003e current.objectId)],\n    securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n    display_name=\"example\",\n    owners=[current.object_id],\n    security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"example\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        SecurityEnabled = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"example\")\n            .owners(current.objectId())\n            .securityEnabled(true)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: example\n      owners:\n        - ${current.objectId}\n      securityEnabled: true\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Microsoft 365 group*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst groupOwner = new azuread.User(\"group_owner\", {\n    userPrincipalName: \"example-group-owner@example.com\",\n    displayName: \"Group Owner\",\n    mailNickname: \"example-group-owner\",\n    password: \"SecretP@sswd99!\",\n});\nconst example = new azuread.Group(\"example\", {\n    displayName: \"example\",\n    mailEnabled: true,\n    mailNickname: \"ExampleGroup\",\n    securityEnabled: true,\n    types: [\"Unified\"],\n    owners: [\n        current.then(current =\u003e current.objectId),\n        groupOwner.objectId,\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\ngroup_owner = azuread.User(\"group_owner\",\n    user_principal_name=\"example-group-owner@example.com\",\n    display_name=\"Group Owner\",\n    mail_nickname=\"example-group-owner\",\n    password=\"SecretP@sswd99!\")\nexample = azuread.Group(\"example\",\n    display_name=\"example\",\n    mail_enabled=True,\n    mail_nickname=\"ExampleGroup\",\n    security_enabled=True,\n    types=[\"Unified\"],\n    owners=[\n        current.object_id,\n        group_owner.object_id,\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var groupOwner = new AzureAD.Index.User(\"group_owner\", new()\n    {\n        UserPrincipalName = \"example-group-owner@example.com\",\n        DisplayName = \"Group Owner\",\n        MailNickname = \"example-group-owner\",\n        Password = \"SecretP@sswd99!\",\n    });\n\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"example\",\n        MailEnabled = true,\n        MailNickname = \"ExampleGroup\",\n        SecurityEnabled = true,\n        Types = new[]\n        {\n            \"Unified\",\n        },\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n            groupOwner.ObjectId,\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupOwner, err := azuread.NewUser(ctx, \"group_owner\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"example-group-owner@example.com\"),\n\t\t\tDisplayName:       pulumi.String(\"Group Owner\"),\n\t\t\tMailNickname:      pulumi.String(\"example-group-owner\"),\n\t\t\tPassword:          pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"example\"),\n\t\t\tMailEnabled:     pulumi.Bool(true),\n\t\t\tMailNickname:    pulumi.String(\"ExampleGroup\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Unified\"),\n\t\t\t},\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t\tgroupOwner.ObjectId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var groupOwner = new User(\"groupOwner\", UserArgs.builder()\n            .userPrincipalName(\"example-group-owner@example.com\")\n            .displayName(\"Group Owner\")\n            .mailNickname(\"example-group-owner\")\n            .password(\"SecretP@sswd99!\")\n            .build());\n\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"example\")\n            .mailEnabled(true)\n            .mailNickname(\"ExampleGroup\")\n            .securityEnabled(true)\n            .types(\"Unified\")\n            .owners(            \n                current.objectId(),\n                groupOwner.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  groupOwner:\n    type: azuread:User\n    name: group_owner\n    properties:\n      userPrincipalName: example-group-owner@example.com\n      displayName: Group Owner\n      mailNickname: example-group-owner\n      password: SecretP@sswd99!\n  example:\n    type: azuread:Group\n    properties:\n      displayName: example\n      mailEnabled: true\n      mailNickname: ExampleGroup\n      securityEnabled: true\n      types:\n        - Unified\n      owners:\n        - ${current.objectId}\n        - ${groupOwner.objectId}\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with members*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.User(\"example\", {\n    displayName: \"J Doe\",\n    owners: [current.then(current =\u003e current.objectId)],\n    password: \"notSecure123\",\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleGroup = new azuread.Group(\"example\", {\n    displayName: \"MyGroup\",\n    owners: [current.then(current =\u003e current.objectId)],\n    securityEnabled: true,\n    members: [example.objectId],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.User(\"example\",\n    display_name=\"J Doe\",\n    owners=[current.object_id],\n    password=\"notSecure123\",\n    user_principal_name=\"jdoe@example.com\")\nexample_group = azuread.Group(\"example\",\n    display_name=\"MyGroup\",\n    owners=[current.object_id],\n    security_enabled=True,\n    members=[example.object_id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.User(\"example\", new()\n    {\n        DisplayName = \"J Doe\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        Password = \"notSecure123\",\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleGroup = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"MyGroup\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        SecurityEnabled = true,\n        Members = new[]\n        {\n            example.ObjectId,\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewUser(ctx, \"example\", \u0026azuread.UserArgs{\n\t\t\tDisplayName: pulumi.String(\"J Doe\"),\n\t\t\tOwners: []*string{\n\t\t\t\tcurrent.ObjectId,\n\t\t\t},\n\t\t\tPassword:          pulumi.String(\"notSecure123\"),\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"MyGroup\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\texample.ObjectId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new User(\"example\", UserArgs.builder()\n            .displayName(\"J Doe\")\n            .owners(List.of(current.objectId()))\n            .password(\"notSecure123\")\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder()\n            .displayName(\"MyGroup\")\n            .owners(current.objectId())\n            .securityEnabled(true)\n            .members(example.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:User\n    properties:\n      displayName: J Doe\n      owners:\n        - ${current.objectId}\n      password: notSecure123\n      userPrincipalName: jdoe@example.com\n  exampleGroup:\n    type: azuread:Group\n    name: example\n    properties:\n      displayName: MyGroup\n      owners:\n        - ${current.objectId}\n      securityEnabled: true\n      members:\n        - ${example.objectId}\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with dynamic membership*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n    displayName: \"MyGroup\",\n    owners: [current.then(current =\u003e current.objectId)],\n    securityEnabled: true,\n    types: [\"DynamicMembership\"],\n    dynamicMembership: {\n        enabled: true,\n        rule: \"user.department -eq \\\"Sales\\\"\",\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n    display_name=\"MyGroup\",\n    owners=[current.object_id],\n    security_enabled=True,\n    types=[\"DynamicMembership\"],\n    dynamic_membership={\n        \"enabled\": True,\n        \"rule\": \"user.department -eq \\\"Sales\\\"\",\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"MyGroup\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        SecurityEnabled = true,\n        Types = new[]\n        {\n            \"DynamicMembership\",\n        },\n        DynamicMembership = new AzureAD.Inputs.GroupDynamicMembershipArgs\n        {\n            Enabled = true,\n            Rule = \"user.department -eq \\\"Sales\\\"\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"MyGroup\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DynamicMembership\"),\n\t\t\t},\n\t\t\tDynamicMembership: \u0026azuread.GroupDynamicMembershipArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRule:    pulumi.String(\"user.department -eq \\\"Sales\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.inputs.GroupDynamicMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"MyGroup\")\n            .owners(current.objectId())\n            .securityEnabled(true)\n            .types(\"DynamicMembership\")\n            .dynamicMembership(GroupDynamicMembershipArgs.builder()\n                .enabled(true)\n                .rule(\"user.department -eq \\\"Sales\\\"\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: MyGroup\n      owners:\n        - ${current.objectId}\n      securityEnabled: true\n      types:\n        - DynamicMembership\n      dynamicMembership:\n        enabled: true\n        rule: user.department -eq \"Sales\"\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroups can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"administrativeUnitIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource, or the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n"},"assignableToRole":{"type":"boolean","description":"Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Can only be set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for security-enabled groups. Changing this forces a new resource to be created.\n"},"autoSubscribeNewMembers":{"type":"boolean","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"behaviors":{"type":"array","items":{"type":"string"},"description":"A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n"},"description":{"type":"string","description":"The description for the group.\n"},"displayName":{"type":"string","description":"The display name for the group.\n"},"dynamicMembership":{"$ref":"#/types/azuread:index/GroupDynamicMembership:GroupDynamicMembership","description":"A \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block as documented below. Required when \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e contains `DynamicMembership`. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property.\n"},"externalSendersAllowed":{"type":"boolean","description":"Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromAddressLists":{"type":"boolean","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromOutlookClients":{"type":"boolean","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"mail":{"type":"string","description":"The SMTP address for the group.\n"},"mailEnabled":{"type":"boolean","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e must be specified. Only Microsoft 365 groups can be mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"mailNickname":{"type":"string","description":"The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.\n"},"members":{"type":"array","items":{"type":"string"},"description":"A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block.\n\n!\u003e **Warning** Do not use the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property at the same time as the\u003cspan pulumi-lang-nodejs=\" azuread.GroupMember \" pulumi-lang-dotnet=\" azuread.GroupMember \" pulumi-lang-go=\" GroupMember \" pulumi-lang-python=\" GroupMember \" pulumi-lang-yaml=\" azuread.GroupMember \" pulumi-lang-java=\" azuread.GroupMember \"\u003e azuread.GroupMember \u003c/span\u003eresource for the same group. Doing so will cause a conflict and group members will be removed.\n"},"objectId":{"type":"string","description":"The object ID of the group.\n"},"onpremisesDomainName":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesGroupType":{"type":"string","description":"The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.\n"},"onpremisesNetbiosName":{"type":"string","description":"The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSamAccountName":{"type":"string","description":"The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSecurityIdentifier":{"type":"string","description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSyncEnabled":{"type":"boolean","description":"Whether this group is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. By default, the principal being used to execute Terraform is assigned as the sole owner. Groups cannot be created with no owners or have all their owners removed.\n\n\u003e **Group Ownership**  It's recommended to always specify one or more group owners, including the principal being used to execute Terraform, such as in the example above. When removing group owners, if a user principal has been assigned ownership, the last user cannot be removed as an owner. Microsoft 365 groups are required to always have at least one owner which _must be a user_ (i.e. not a service principal).\n"},"preferredLanguage":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing group is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"provisioningOptions":{"type":"array","items":{"type":"string"},"description":"A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.\n"},"proxyAddresses":{"type":"array","items":{"type":"string"},"description":"List of email addresses for the group that direct to the same group mailbox.\n"},"securityEnabled":{"type":"boolean","description":"Whether the group is a security group for controlling access to in-app resources. At least one of \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.\n"},"types":{"type":"array","items":{"type":"string"},"description":"A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e is true. Changing this forces a new resource to be created.\n\n\u003e **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.\n"},"visibility":{"type":"string","description":"The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.\n\n\u003e **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing groups if you want to avoid name collisions.\n"},"writebackEnabled":{"type":"boolean","description":"Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.\n"}},"required":["autoSubscribeNewMembers","displayName","externalSendersAllowed","hideFromAddressLists","hideFromOutlookClients","mail","mailNickname","members","objectId","onpremisesDomainName","onpremisesGroupType","onpremisesNetbiosName","onpremisesSamAccountName","onpremisesSecurityIdentifier","onpremisesSyncEnabled","owners","preferredLanguage","proxyAddresses","visibility"],"inputProperties":{"administrativeUnitIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource, or the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n"},"assignableToRole":{"type":"boolean","description":"Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Can only be set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for security-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"autoSubscribeNewMembers":{"type":"boolean","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"behaviors":{"type":"array","items":{"type":"string"},"description":"A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description for the group.\n"},"displayName":{"type":"string","description":"The display name for the group.\n"},"dynamicMembership":{"$ref":"#/types/azuread:index/GroupDynamicMembership:GroupDynamicMembership","description":"A \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block as documented below. Required when \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e contains `DynamicMembership`. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property.\n"},"externalSendersAllowed":{"type":"boolean","description":"Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromAddressLists":{"type":"boolean","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromOutlookClients":{"type":"boolean","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"mailEnabled":{"type":"boolean","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e must be specified. Only Microsoft 365 groups can be mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"mailNickname":{"type":"string","description":"The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"members":{"type":"array","items":{"type":"string"},"description":"A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block.\n\n!\u003e **Warning** Do not use the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property at the same time as the\u003cspan pulumi-lang-nodejs=\" azuread.GroupMember \" pulumi-lang-dotnet=\" azuread.GroupMember \" pulumi-lang-go=\" GroupMember \" pulumi-lang-python=\" GroupMember \" pulumi-lang-yaml=\" azuread.GroupMember \" pulumi-lang-java=\" azuread.GroupMember \"\u003e azuread.GroupMember \u003c/span\u003eresource for the same group. Doing so will cause a conflict and group members will be removed.\n"},"onpremisesGroupType":{"type":"string","description":"The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. By default, the principal being used to execute Terraform is assigned as the sole owner. Groups cannot be created with no owners or have all their owners removed.\n\n\u003e **Group Ownership**  It's recommended to always specify one or more group owners, including the principal being used to execute Terraform, such as in the example above. When removing group owners, if a user principal has been assigned ownership, the last user cannot be removed as an owner. Microsoft 365 groups are required to always have at least one owner which _must be a user_ (i.e. not a service principal).\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing group is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"provisioningOptions":{"type":"array","items":{"type":"string"},"description":"A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"securityEnabled":{"type":"boolean","description":"Whether the group is a security group for controlling access to in-app resources. At least one of \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.\n"},"types":{"type":"array","items":{"type":"string"},"description":"A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e is true. Changing this forces a new resource to be created.\n\n\u003e **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.\n","willReplaceOnChanges":true},"visibility":{"type":"string","description":"The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.\n\n\u003e **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing groups if you want to avoid name collisions.\n"},"writebackEnabled":{"type":"boolean","description":"Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.\n"}},"requiredInputs":["displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering Group resources.\n","properties":{"administrativeUnitIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource, or the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n"},"assignableToRole":{"type":"boolean","description":"Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Can only be set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for security-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"autoSubscribeNewMembers":{"type":"boolean","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"behaviors":{"type":"array","items":{"type":"string"},"description":"A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description for the group.\n"},"displayName":{"type":"string","description":"The display name for the group.\n"},"dynamicMembership":{"$ref":"#/types/azuread:index/GroupDynamicMembership:GroupDynamicMembership","description":"A \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block as documented below. Required when \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e contains `DynamicMembership`. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property.\n"},"externalSendersAllowed":{"type":"boolean","description":"Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromAddressLists":{"type":"boolean","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromOutlookClients":{"type":"boolean","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"mail":{"type":"string","description":"The SMTP address for the group.\n"},"mailEnabled":{"type":"boolean","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e must be specified. Only Microsoft 365 groups can be mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"mailNickname":{"type":"string","description":"The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"members":{"type":"array","items":{"type":"string"},"description":"A set of members who should be present in this group. Supported object types are Users, Groups or Service Principals. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block.\n\n!\u003e **Warning** Do not use the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property at the same time as the\u003cspan pulumi-lang-nodejs=\" azuread.GroupMember \" pulumi-lang-dotnet=\" azuread.GroupMember \" pulumi-lang-go=\" GroupMember \" pulumi-lang-python=\" GroupMember \" pulumi-lang-yaml=\" azuread.GroupMember \" pulumi-lang-java=\" azuread.GroupMember \"\u003e azuread.GroupMember \u003c/span\u003eresource for the same group. Doing so will cause a conflict and group members will be removed.\n"},"objectId":{"type":"string","description":"The object ID of the group.\n"},"onpremisesDomainName":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesGroupType":{"type":"string","description":"The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.\n"},"onpremisesNetbiosName":{"type":"string","description":"The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSamAccountName":{"type":"string","description":"The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSecurityIdentifier":{"type":"string","description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSyncEnabled":{"type":"boolean","description":"Whether this group is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. By default, the principal being used to execute Terraform is assigned as the sole owner. Groups cannot be created with no owners or have all their owners removed.\n\n\u003e **Group Ownership**  It's recommended to always specify one or more group owners, including the principal being used to execute Terraform, such as in the example above. When removing group owners, if a user principal has been assigned ownership, the last user cannot be removed as an owner. Microsoft 365 groups are required to always have at least one owner which _must be a user_ (i.e. not a service principal).\n"},"preferredLanguage":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing group is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"provisioningOptions":{"type":"array","items":{"type":"string"},"description":"A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"proxyAddresses":{"type":"array","items":{"type":"string"},"description":"List of email addresses for the group that direct to the same group mailbox.\n"},"securityEnabled":{"type":"boolean","description":"Whether the group is a security group for controlling access to in-app resources. At least one of \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.\n"},"types":{"type":"array","items":{"type":"string"},"description":"A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e is true. Changing this forces a new resource to be created.\n\n\u003e **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.\n","willReplaceOnChanges":true},"visibility":{"type":"string","description":"The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.\n\n\u003e **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing groups if you want to avoid name collisions.\n"},"writebackEnabled":{"type":"boolean","description":"Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.\n"}},"type":"object"}},"azuread:index/groupMember:GroupMember":{"description":"Manages a single group membership within Azure Active Directory.\n\n\u003e **Warning** Do not use this resource at the same time as the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource for the same group. Doing so will cause a conflict and group members will be removed.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nHowever, if the authenticated service principal is an owner of the group being managed, an application role is not required.\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"jdoe@example.com\",\n});\nconst exampleGroup = new azuread.Group(\"example\", {\n    displayName: \"my_group\",\n    securityEnabled: true,\n});\nconst exampleGroupMember = new azuread.GroupMember(\"example\", {\n    groupObjectId: exampleGroup.objectId,\n    memberObjectId: example.then(example =\u003e example.objectId),\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"jdoe@example.com\")\nexample_group = azuread.Group(\"example\",\n    display_name=\"my_group\",\n    security_enabled=True)\nexample_group_member = azuread.GroupMember(\"example\",\n    group_object_id=example_group.object_id,\n    member_object_id=example.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n    });\n\n    var exampleGroup = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"my_group\",\n        SecurityEnabled = true,\n    });\n\n    var exampleGroupMember = new AzureAD.Index.GroupMember(\"example\", new()\n    {\n        GroupObjectId = exampleGroup.ObjectId,\n        MemberObjectId = example.Apply(getUserResult =\u003e getUserResult.ObjectId),\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"jdoe@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"my_group\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupMember(ctx, \"example\", \u0026azuread.GroupMemberArgs{\n\t\t\tGroupObjectId:  exampleGroup.ObjectId,\n\t\t\tMemberObjectId: pulumi.String(pulumi.String(example.ObjectId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.GroupMember;\nimport com.pulumi.azuread.GroupMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .build());\n\n        var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder()\n            .displayName(\"my_group\")\n            .securityEnabled(true)\n            .build());\n\n        var exampleGroupMember = new GroupMember(\"exampleGroupMember\", GroupMemberArgs.builder()\n            .groupObjectId(exampleGroup.objectId())\n            .memberObjectId(example.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleGroup:\n    type: azuread:Group\n    name: example\n    properties:\n      displayName: my_group\n      securityEnabled: true\n  exampleGroupMember:\n    type: azuread:GroupMember\n    name: example\n    properties:\n      groupObjectId: ${exampleGroup.objectId}\n      memberObjectId: ${example.objectId}\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: jdoe@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroup members can be imported using the object ID of the group and the object ID of the member, e.g.\n\n```sh\n$ pulumi import azuread:index/groupMember:GroupMember example 00000000-0000-0000-0000-000000000000/member/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the Azure AD Group Object ID and the target Member Object ID in the format `{GroupObjectID}/member/{MemberObjectID}`.\n\n","properties":{"groupObjectId":{"type":"string","description":"The object ID of the group you want to add the member to. Changing this forces a new resource to be created.\n"},"memberObjectId":{"type":"string","description":"The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n"}},"required":["groupObjectId","memberObjectId"],"inputProperties":{"groupObjectId":{"type":"string","description":"The object ID of the group you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"memberObjectId":{"type":"string","description":"The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["groupObjectId","memberObjectId"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupMember resources.\n","properties":{"groupObjectId":{"type":"string","description":"The object ID of the group you want to add the member to. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"memberObjectId":{"type":"string","description":"The object ID of the principal you want to add as a member to the group. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy":{"description":"Manage a role policy for an Azure AD group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n    displayName: \"group-name\",\n    securityEnabled: true,\n});\nconst member = new azuread.User(\"member\", {\n    userPrincipalName: \"jdoe@example.com\",\n    displayName: \"J. Doe\",\n    mailNickname: \"jdoe\",\n    password: \"SecretP@sswd99!\",\n});\nconst exampleGroupRoleManagementPolicy = new azuread.GroupRoleManagementPolicy(\"example\", {\n    groupId: example.id,\n    roleId: \"member\",\n    activeAssignmentRules: {\n        expireAfter: \"P365D\",\n    },\n    eligibleAssignmentRules: {\n        expirationRequired: false,\n    },\n    notificationRules: {\n        eligibleAssignments: {\n            approverNotifications: {\n                notificationLevel: \"Critical\",\n                defaultRecipients: false,\n                additionalRecipients: [\n                    \"someone@example.com\",\n                    \"someone.else@example.com\",\n                ],\n            },\n        },\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n    display_name=\"group-name\",\n    security_enabled=True)\nmember = azuread.User(\"member\",\n    user_principal_name=\"jdoe@example.com\",\n    display_name=\"J. Doe\",\n    mail_nickname=\"jdoe\",\n    password=\"SecretP@sswd99!\")\nexample_group_role_management_policy = azuread.GroupRoleManagementPolicy(\"example\",\n    group_id=example.id,\n    role_id=\"member\",\n    active_assignment_rules={\n        \"expire_after\": \"P365D\",\n    },\n    eligible_assignment_rules={\n        \"expiration_required\": False,\n    },\n    notification_rules={\n        \"eligible_assignments\": {\n            \"approver_notifications\": {\n                \"notification_level\": \"Critical\",\n                \"default_recipients\": False,\n                \"additional_recipients\": [\n                    \"someone@example.com\",\n                    \"someone.else@example.com\",\n                ],\n            },\n        },\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"group-name\",\n        SecurityEnabled = true,\n    });\n\n    var member = new AzureAD.Index.User(\"member\", new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n        DisplayName = \"J. Doe\",\n        MailNickname = \"jdoe\",\n        Password = \"SecretP@sswd99!\",\n    });\n\n    var exampleGroupRoleManagementPolicy = new AzureAD.Index.GroupRoleManagementPolicy(\"example\", new()\n    {\n        GroupId = example.Id,\n        RoleId = \"member\",\n        ActiveAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs\n        {\n            ExpireAfter = \"P365D\",\n        },\n        EligibleAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs\n        {\n            ExpirationRequired = false,\n        },\n        NotificationRules = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesArgs\n        {\n            EligibleAssignments = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs\n            {\n                ApproverNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs\n                {\n                    NotificationLevel = \"Critical\",\n                    DefaultRecipients = false,\n                    AdditionalRecipients = new[]\n                    {\n                        \"someone@example.com\",\n                        \"someone.else@example.com\",\n                    },\n                },\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewUser(ctx, \"member\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName:       pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname:      pulumi.String(\"jdoe\"),\n\t\t\tPassword:          pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupRoleManagementPolicy(ctx, \"example\", \u0026azuread.GroupRoleManagementPolicyArgs{\n\t\t\tGroupId: example.ID(),\n\t\t\tRoleId:  pulumi.String(\"member\"),\n\t\t\tActiveAssignmentRules: \u0026azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs{\n\t\t\t\tExpireAfter: pulumi.String(\"P365D\"),\n\t\t\t},\n\t\t\tEligibleAssignmentRules: \u0026azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs{\n\t\t\t\tExpirationRequired: pulumi.Bool(false),\n\t\t\t},\n\t\t\tNotificationRules: \u0026azuread.GroupRoleManagementPolicyNotificationRulesArgs{\n\t\t\t\tEligibleAssignments: \u0026azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{\n\t\t\t\t\tApproverNotifications: \u0026azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{\n\t\t\t\t\t\tNotificationLevel: pulumi.String(\"Critical\"),\n\t\t\t\t\t\tDefaultRecipients: pulumi.Bool(false),\n\t\t\t\t\t\tAdditionalRecipients: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"someone@example.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"someone.else@example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.GroupRoleManagementPolicy;\nimport com.pulumi.azuread.GroupRoleManagementPolicyArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"group-name\")\n            .securityEnabled(true)\n            .build());\n\n        var member = new User(\"member\", UserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .displayName(\"J. Doe\")\n            .mailNickname(\"jdoe\")\n            .password(\"SecretP@sswd99!\")\n            .build());\n\n        var exampleGroupRoleManagementPolicy = new GroupRoleManagementPolicy(\"exampleGroupRoleManagementPolicy\", GroupRoleManagementPolicyArgs.builder()\n            .groupId(example.id())\n            .roleId(\"member\")\n            .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder()\n                .expireAfter(\"P365D\")\n                .build())\n            .eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs.builder()\n                .expirationRequired(false)\n                .build())\n            .notificationRules(GroupRoleManagementPolicyNotificationRulesArgs.builder()\n                .eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()\n                    .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()\n                        .notificationLevel(\"Critical\")\n                        .defaultRecipients(false)\n                        .additionalRecipients(                        \n                            \"someone@example.com\",\n                            \"someone.else@example.com\")\n                        .build())\n                    .build())\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: group-name\n      securityEnabled: true\n  member:\n    type: azuread:User\n    properties:\n      userPrincipalName: jdoe@example.com\n      displayName: J. Doe\n      mailNickname: jdoe\n      password: SecretP@sswd99!\n  exampleGroupRoleManagementPolicy:\n    type: azuread:GroupRoleManagementPolicy\n    name: example\n    properties:\n      groupId: ${example.id}\n      roleId: member\n      activeAssignmentRules:\n        expireAfter: P365D\n      eligibleAssignmentRules:\n        expirationRequired: false\n      notificationRules:\n        eligibleAssignments:\n          approverNotifications:\n            notificationLevel: Critical\n            defaultRecipients: false\n            additionalRecipients:\n              - someone@example.com\n              - someone.else@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBecause these policies are created automatically by Entra ID, they will auto-import on first use.\n\n","properties":{"activationRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules","description":"An \u003cspan pulumi-lang-nodejs=\"`activationRules`\" pulumi-lang-dotnet=\"`ActivationRules`\" pulumi-lang-go=\"`activationRules`\" pulumi-lang-python=\"`activation_rules`\" pulumi-lang-yaml=\"`activationRules`\" pulumi-lang-java=\"`activationRules`\"\u003e`activationRules`\u003c/span\u003e block as defined below.\n"},"activeAssignmentRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules","description":"An \u003cspan pulumi-lang-nodejs=\"`activeAssignmentRules`\" pulumi-lang-dotnet=\"`ActiveAssignmentRules`\" pulumi-lang-go=\"`activeAssignmentRules`\" pulumi-lang-python=\"`active_assignment_rules`\" pulumi-lang-yaml=\"`activeAssignmentRules`\" pulumi-lang-java=\"`activeAssignmentRules`\"\u003e`activeAssignmentRules`\u003c/span\u003e block as defined below.\n"},"description":{"type":"string","description":"(String) The description of this policy.\n"},"displayName":{"type":"string","description":"(String) The display name of this policy.\n"},"eligibleAssignmentRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules","description":"An \u003cspan pulumi-lang-nodejs=\"`eligibleAssignmentRules`\" pulumi-lang-dotnet=\"`EligibleAssignmentRules`\" pulumi-lang-go=\"`eligibleAssignmentRules`\" pulumi-lang-python=\"`eligible_assignment_rules`\" pulumi-lang-yaml=\"`eligibleAssignmentRules`\" pulumi-lang-java=\"`eligibleAssignmentRules`\"\u003e`eligibleAssignmentRules`\u003c/span\u003e block as defined below.\n"},"groupId":{"type":"string","description":"The ID of the Azure AD group for which the policy applies.\n"},"notificationRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules","description":"A \u003cspan pulumi-lang-nodejs=\"`notificationRules`\" pulumi-lang-dotnet=\"`NotificationRules`\" pulumi-lang-go=\"`notificationRules`\" pulumi-lang-python=\"`notification_rules`\" pulumi-lang-yaml=\"`notificationRules`\" pulumi-lang-java=\"`notificationRules`\"\u003e`notificationRules`\u003c/span\u003e block as defined below.\n"},"roleId":{"type":"string","description":"The type of assignment this policy coveres. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n"}},"required":["activationRules","activeAssignmentRules","description","displayName","eligibleAssignmentRules","groupId","notificationRules","roleId"],"inputProperties":{"activationRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules","description":"An \u003cspan pulumi-lang-nodejs=\"`activationRules`\" pulumi-lang-dotnet=\"`ActivationRules`\" pulumi-lang-go=\"`activationRules`\" pulumi-lang-python=\"`activation_rules`\" pulumi-lang-yaml=\"`activationRules`\" pulumi-lang-java=\"`activationRules`\"\u003e`activationRules`\u003c/span\u003e block as defined below.\n"},"activeAssignmentRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules","description":"An \u003cspan pulumi-lang-nodejs=\"`activeAssignmentRules`\" pulumi-lang-dotnet=\"`ActiveAssignmentRules`\" pulumi-lang-go=\"`activeAssignmentRules`\" pulumi-lang-python=\"`active_assignment_rules`\" pulumi-lang-yaml=\"`activeAssignmentRules`\" pulumi-lang-java=\"`activeAssignmentRules`\"\u003e`activeAssignmentRules`\u003c/span\u003e block as defined below.\n"},"eligibleAssignmentRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules","description":"An \u003cspan pulumi-lang-nodejs=\"`eligibleAssignmentRules`\" pulumi-lang-dotnet=\"`EligibleAssignmentRules`\" pulumi-lang-go=\"`eligibleAssignmentRules`\" pulumi-lang-python=\"`eligible_assignment_rules`\" pulumi-lang-yaml=\"`eligibleAssignmentRules`\" pulumi-lang-java=\"`eligibleAssignmentRules`\"\u003e`eligibleAssignmentRules`\u003c/span\u003e block as defined below.\n"},"groupId":{"type":"string","description":"The ID of the Azure AD group for which the policy applies.\n","willReplaceOnChanges":true},"notificationRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules","description":"A \u003cspan pulumi-lang-nodejs=\"`notificationRules`\" pulumi-lang-dotnet=\"`NotificationRules`\" pulumi-lang-go=\"`notificationRules`\" pulumi-lang-python=\"`notification_rules`\" pulumi-lang-yaml=\"`notificationRules`\" pulumi-lang-java=\"`notificationRules`\"\u003e`notificationRules`\u003c/span\u003e block as defined below.\n"},"roleId":{"type":"string","description":"The type of assignment this policy coveres. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n","willReplaceOnChanges":true}},"requiredInputs":["groupId","roleId"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupRoleManagementPolicy resources.\n","properties":{"activationRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules","description":"An \u003cspan pulumi-lang-nodejs=\"`activationRules`\" pulumi-lang-dotnet=\"`ActivationRules`\" pulumi-lang-go=\"`activationRules`\" pulumi-lang-python=\"`activation_rules`\" pulumi-lang-yaml=\"`activationRules`\" pulumi-lang-java=\"`activationRules`\"\u003e`activationRules`\u003c/span\u003e block as defined below.\n"},"activeAssignmentRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules","description":"An \u003cspan pulumi-lang-nodejs=\"`activeAssignmentRules`\" pulumi-lang-dotnet=\"`ActiveAssignmentRules`\" pulumi-lang-go=\"`activeAssignmentRules`\" pulumi-lang-python=\"`active_assignment_rules`\" pulumi-lang-yaml=\"`activeAssignmentRules`\" pulumi-lang-java=\"`activeAssignmentRules`\"\u003e`activeAssignmentRules`\u003c/span\u003e block as defined below.\n"},"description":{"type":"string","description":"(String) The description of this policy.\n"},"displayName":{"type":"string","description":"(String) The display name of this policy.\n"},"eligibleAssignmentRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules","description":"An \u003cspan pulumi-lang-nodejs=\"`eligibleAssignmentRules`\" pulumi-lang-dotnet=\"`EligibleAssignmentRules`\" pulumi-lang-go=\"`eligibleAssignmentRules`\" pulumi-lang-python=\"`eligible_assignment_rules`\" pulumi-lang-yaml=\"`eligibleAssignmentRules`\" pulumi-lang-java=\"`eligibleAssignmentRules`\"\u003e`eligibleAssignmentRules`\u003c/span\u003e block as defined below.\n"},"groupId":{"type":"string","description":"The ID of the Azure AD group for which the policy applies.\n","willReplaceOnChanges":true},"notificationRules":{"$ref":"#/types/azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules","description":"A \u003cspan pulumi-lang-nodejs=\"`notificationRules`\" pulumi-lang-dotnet=\"`NotificationRules`\" pulumi-lang-go=\"`notificationRules`\" pulumi-lang-python=\"`notification_rules`\" pulumi-lang-yaml=\"`notificationRules`\" pulumi-lang-java=\"`notificationRules`\"\u003e`notificationRules`\u003c/span\u003e block as defined below.\n"},"roleId":{"type":"string","description":"The type of assignment this policy coveres. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/groupWithoutMembers:GroupWithoutMembers":{"description":"Manages a group within Azure Active Directory. Does not directly manage or expose members of the group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nAlternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.\n\nIf using the \u003cspan pulumi-lang-nodejs=\"`assignableToRole`\" pulumi-lang-dotnet=\"`AssignableToRole`\" pulumi-lang-go=\"`assignableToRole`\" pulumi-lang-python=\"`assignable_to_role`\" pulumi-lang-yaml=\"`assignableToRole`\" pulumi-lang-java=\"`assignableToRole`\"\u003e`assignableToRole`\u003c/span\u003e property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.\n\nIf specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\nWhen creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles.\n\nThe \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.GroupWithoutMembers(\"example\", {\n    displayName: \"example\",\n    owners: [current.then(current =\u003e current.objectId)],\n    securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.GroupWithoutMembers(\"example\",\n    display_name=\"example\",\n    owners=[current.object_id],\n    security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.GroupWithoutMembers(\"example\", new()\n    {\n        DisplayName = \"example\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        SecurityEnabled = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupWithoutMembers(ctx, \"example\", \u0026azuread.GroupWithoutMembersArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.GroupWithoutMembers;\nimport com.pulumi.azuread.GroupWithoutMembersArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new GroupWithoutMembers(\"example\", GroupWithoutMembersArgs.builder()\n            .displayName(\"example\")\n            .owners(current.objectId())\n            .securityEnabled(true)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:GroupWithoutMembers\n    properties:\n      displayName: example\n      owners:\n        - ${current.objectId}\n      securityEnabled: true\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Microsoft 365 group*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst groupOwner = new azuread.User(\"group_owner\", {\n    userPrincipalName: \"example-group-owner@example.com\",\n    displayName: \"Group Owner\",\n    mailNickname: \"example-group-owner\",\n    password: \"SecretP@sswd99!\",\n});\nconst example = new azuread.GroupWithoutMembers(\"example\", {\n    displayName: \"example\",\n    mailEnabled: true,\n    mailNickname: \"ExampleGroup\",\n    securityEnabled: true,\n    types: [\"Unified\"],\n    owners: [\n        current.then(current =\u003e current.objectId),\n        groupOwner.objectId,\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\ngroup_owner = azuread.User(\"group_owner\",\n    user_principal_name=\"example-group-owner@example.com\",\n    display_name=\"Group Owner\",\n    mail_nickname=\"example-group-owner\",\n    password=\"SecretP@sswd99!\")\nexample = azuread.GroupWithoutMembers(\"example\",\n    display_name=\"example\",\n    mail_enabled=True,\n    mail_nickname=\"ExampleGroup\",\n    security_enabled=True,\n    types=[\"Unified\"],\n    owners=[\n        current.object_id,\n        group_owner.object_id,\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var groupOwner = new AzureAD.Index.User(\"group_owner\", new()\n    {\n        UserPrincipalName = \"example-group-owner@example.com\",\n        DisplayName = \"Group Owner\",\n        MailNickname = \"example-group-owner\",\n        Password = \"SecretP@sswd99!\",\n    });\n\n    var example = new AzureAD.Index.GroupWithoutMembers(\"example\", new()\n    {\n        DisplayName = \"example\",\n        MailEnabled = true,\n        MailNickname = \"ExampleGroup\",\n        SecurityEnabled = true,\n        Types = new[]\n        {\n            \"Unified\",\n        },\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n            groupOwner.ObjectId,\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupOwner, err := azuread.NewUser(ctx, \"group_owner\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"example-group-owner@example.com\"),\n\t\t\tDisplayName:       pulumi.String(\"Group Owner\"),\n\t\t\tMailNickname:      pulumi.String(\"example-group-owner\"),\n\t\t\tPassword:          pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupWithoutMembers(ctx, \"example\", \u0026azuread.GroupWithoutMembersArgs{\n\t\t\tDisplayName:     pulumi.String(\"example\"),\n\t\t\tMailEnabled:     pulumi.Bool(true),\n\t\t\tMailNickname:    pulumi.String(\"ExampleGroup\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Unified\"),\n\t\t\t},\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t\tgroupOwner.ObjectId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.GroupWithoutMembers;\nimport com.pulumi.azuread.GroupWithoutMembersArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var groupOwner = new User(\"groupOwner\", UserArgs.builder()\n            .userPrincipalName(\"example-group-owner@example.com\")\n            .displayName(\"Group Owner\")\n            .mailNickname(\"example-group-owner\")\n            .password(\"SecretP@sswd99!\")\n            .build());\n\n        var example = new GroupWithoutMembers(\"example\", GroupWithoutMembersArgs.builder()\n            .displayName(\"example\")\n            .mailEnabled(true)\n            .mailNickname(\"ExampleGroup\")\n            .securityEnabled(true)\n            .types(\"Unified\")\n            .owners(            \n                current.objectId(),\n                groupOwner.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  groupOwner:\n    type: azuread:User\n    name: group_owner\n    properties:\n      userPrincipalName: example-group-owner@example.com\n      displayName: Group Owner\n      mailNickname: example-group-owner\n      password: SecretP@sswd99!\n  example:\n    type: azuread:GroupWithoutMembers\n    properties:\n      displayName: example\n      mailEnabled: true\n      mailNickname: ExampleGroup\n      securityEnabled: true\n      types:\n        - Unified\n      owners:\n        - ${current.objectId}\n        - ${groupOwner.objectId}\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with dynamic membership*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.GroupWithoutMembers(\"example\", {\n    displayName: \"MyGroup\",\n    owners: [current.then(current =\u003e current.objectId)],\n    securityEnabled: true,\n    types: [\"DynamicMembership\"],\n    dynamicMembership: {\n        enabled: true,\n        rule: \"user.department -eq \\\"Sales\\\"\",\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.GroupWithoutMembers(\"example\",\n    display_name=\"MyGroup\",\n    owners=[current.object_id],\n    security_enabled=True,\n    types=[\"DynamicMembership\"],\n    dynamic_membership={\n        \"enabled\": True,\n        \"rule\": \"user.department -eq \\\"Sales\\\"\",\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.GroupWithoutMembers(\"example\", new()\n    {\n        DisplayName = \"MyGroup\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        SecurityEnabled = true,\n        Types = new[]\n        {\n            \"DynamicMembership\",\n        },\n        DynamicMembership = new AzureAD.Inputs.GroupWithoutMembersDynamicMembershipArgs\n        {\n            Enabled = true,\n            Rule = \"user.department -eq \\\"Sales\\\"\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupWithoutMembers(ctx, \"example\", \u0026azuread.GroupWithoutMembersArgs{\n\t\t\tDisplayName: pulumi.String(\"MyGroup\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DynamicMembership\"),\n\t\t\t},\n\t\t\tDynamicMembership: \u0026azuread.GroupWithoutMembersDynamicMembershipArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRule:    pulumi.String(\"user.department -eq \\\"Sales\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.GroupWithoutMembers;\nimport com.pulumi.azuread.GroupWithoutMembersArgs;\nimport com.pulumi.azuread.inputs.GroupWithoutMembersDynamicMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new GroupWithoutMembers(\"example\", GroupWithoutMembersArgs.builder()\n            .displayName(\"MyGroup\")\n            .owners(current.objectId())\n            .securityEnabled(true)\n            .types(\"DynamicMembership\")\n            .dynamicMembership(GroupWithoutMembersDynamicMembershipArgs.builder()\n                .enabled(true)\n                .rule(\"user.department -eq \\\"Sales\\\"\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:GroupWithoutMembers\n    properties:\n      displayName: MyGroup\n      owners:\n        - ${current.objectId}\n      securityEnabled: true\n      types:\n        - DynamicMembership\n      dynamicMembership:\n        enabled: true\n        rule: user.department -eq \"Sales\"\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroups can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/groupWithoutMembers:GroupWithoutMembers my_group /groups/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"administrativeUnitIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource, or the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n"},"assignableToRole":{"type":"boolean","description":"Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Can only be set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for security-enabled groups. Changing this forces a new resource to be created.\n"},"autoSubscribeNewMembers":{"type":"boolean","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"behaviors":{"type":"array","items":{"type":"string"},"description":"A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n"},"description":{"type":"string","description":"The description for the group.\n"},"displayName":{"type":"string","description":"The display name for the group.\n"},"dynamicMembership":{"$ref":"#/types/azuread:index/GroupWithoutMembersDynamicMembership:GroupWithoutMembersDynamicMembership","description":"A \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block as documented below. Required when \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e contains `DynamicMembership`. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property.\n"},"externalSendersAllowed":{"type":"boolean","description":"Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromAddressLists":{"type":"boolean","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromOutlookClients":{"type":"boolean","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"mail":{"type":"string","description":"The SMTP address for the group.\n"},"mailEnabled":{"type":"boolean","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e must be specified. Only Microsoft 365 groups can be mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"mailNickname":{"type":"string","description":"The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.\n"},"objectId":{"type":"string","description":"The object ID of the group.\n"},"onpremisesDomainName":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesGroupType":{"type":"string","description":"The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.\n"},"onpremisesNetbiosName":{"type":"string","description":"The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSamAccountName":{"type":"string","description":"The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSecurityIdentifier":{"type":"string","description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSyncEnabled":{"type":"boolean","description":"Whether this group is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. By default, the principal being used to execute Terraform is assigned as the sole owner. Groups cannot be created with no owners or have all their owners removed.\n\n\u003e **Group Ownership**  It's recommended to always specify one or more group owners, including the principal being used to execute Terraform, such as in the example above. When removing group owners, if a user principal has been assigned ownership, the last user cannot be removed as an owner. Microsoft 365 groups are required to always have at least one owner which _must be a user_ (i.e. not a service principal).\n"},"preferredLanguage":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing group is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"provisioningOptions":{"type":"array","items":{"type":"string"},"description":"A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.\n"},"proxyAddresses":{"type":"array","items":{"type":"string"},"description":"List of email addresses for the group that direct to the same group mailbox.\n"},"securityEnabled":{"type":"boolean","description":"Whether the group is a security group for controlling access to in-app resources. At least one of \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.\n"},"types":{"type":"array","items":{"type":"string"},"description":"A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e is true. Changing this forces a new resource to be created.\n\n\u003e **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.\n"},"visibility":{"type":"string","description":"The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.\n\n\u003e **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing groups if you want to avoid name collisions.\n"},"writebackEnabled":{"type":"boolean","description":"Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.\n"}},"required":["autoSubscribeNewMembers","displayName","externalSendersAllowed","hideFromAddressLists","hideFromOutlookClients","mail","mailNickname","objectId","onpremisesDomainName","onpremisesGroupType","onpremisesNetbiosName","onpremisesSamAccountName","onpremisesSecurityIdentifier","onpremisesSyncEnabled","owners","preferredLanguage","proxyAddresses","visibility"],"inputProperties":{"administrativeUnitIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource, or the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n"},"assignableToRole":{"type":"boolean","description":"Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Can only be set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for security-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"autoSubscribeNewMembers":{"type":"boolean","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"behaviors":{"type":"array","items":{"type":"string"},"description":"A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description for the group.\n"},"displayName":{"type":"string","description":"The display name for the group.\n"},"dynamicMembership":{"$ref":"#/types/azuread:index/GroupWithoutMembersDynamicMembership:GroupWithoutMembersDynamicMembership","description":"A \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block as documented below. Required when \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e contains `DynamicMembership`. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property.\n"},"externalSendersAllowed":{"type":"boolean","description":"Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromAddressLists":{"type":"boolean","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromOutlookClients":{"type":"boolean","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"mailEnabled":{"type":"boolean","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e must be specified. Only Microsoft 365 groups can be mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"mailNickname":{"type":"string","description":"The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"onpremisesGroupType":{"type":"string","description":"The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. By default, the principal being used to execute Terraform is assigned as the sole owner. Groups cannot be created with no owners or have all their owners removed.\n\n\u003e **Group Ownership**  It's recommended to always specify one or more group owners, including the principal being used to execute Terraform, such as in the example above. When removing group owners, if a user principal has been assigned ownership, the last user cannot be removed as an owner. Microsoft 365 groups are required to always have at least one owner which _must be a user_ (i.e. not a service principal).\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing group is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"provisioningOptions":{"type":"array","items":{"type":"string"},"description":"A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"securityEnabled":{"type":"boolean","description":"Whether the group is a security group for controlling access to in-app resources. At least one of \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.\n"},"types":{"type":"array","items":{"type":"string"},"description":"A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e is true. Changing this forces a new resource to be created.\n\n\u003e **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.\n","willReplaceOnChanges":true},"visibility":{"type":"string","description":"The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.\n\n\u003e **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing groups if you want to avoid name collisions.\n"},"writebackEnabled":{"type":"boolean","description":"Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.\n"}},"requiredInputs":["displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupWithoutMembers resources.\n","properties":{"administrativeUnitIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.\n\n\u003e **Caution** When using the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnitMember \" pulumi-lang-dotnet=\" azuread.AdministrativeUnitMember \" pulumi-lang-go=\" AdministrativeUnitMember \" pulumi-lang-python=\" AdministrativeUnitMember \" pulumi-lang-yaml=\" azuread.AdministrativeUnitMember \" pulumi-lang-java=\" azuread.AdministrativeUnitMember \"\u003e azuread.AdministrativeUnitMember \u003c/span\u003eresource, or the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property of the\u003cspan pulumi-lang-nodejs=\" azuread.AdministrativeUnit \" pulumi-lang-dotnet=\" azuread.AdministrativeUnit \" pulumi-lang-go=\" AdministrativeUnit \" pulumi-lang-python=\" AdministrativeUnit \" pulumi-lang-yaml=\" azuread.AdministrativeUnit \" pulumi-lang-java=\" azuread.AdministrativeUnit \"\u003e azuread.AdministrativeUnit \u003c/span\u003eresource, to manage Administrative Unit membership for a group, you will need to use an \u003cspan pulumi-lang-nodejs=\"`ignoreChanges \" pulumi-lang-dotnet=\"`IgnoreChanges \" pulumi-lang-go=\"`ignoreChanges \" pulumi-lang-python=\"`ignore_changes \" pulumi-lang-yaml=\"`ignoreChanges \" pulumi-lang-java=\"`ignoreChanges \"\u003e`ignoreChanges \u003c/span\u003e= \u003cspan pulumi-lang-nodejs=\"[administrativeUnitIds]\" pulumi-lang-dotnet=\"[AdministrativeUnitIds]\" pulumi-lang-go=\"[administrativeUnitIds]\" pulumi-lang-python=\"[administrative_unit_ids]\" pulumi-lang-yaml=\"[administrativeUnitIds]\" pulumi-lang-java=\"[administrativeUnitIds]\"\u003e[administrativeUnitIds]\u003c/span\u003e` lifecycle meta argument for the \u003cspan pulumi-lang-nodejs=\"`azuread.Group`\" pulumi-lang-dotnet=\"`azuread.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`azuread.Group`\" pulumi-lang-java=\"`azuread.Group`\"\u003e`azuread.Group`\u003c/span\u003e resource, in order to avoid a persistent diff.\n"},"assignableToRole":{"type":"boolean","description":"Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Can only be set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e for security-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"autoSubscribeNewMembers":{"type":"boolean","description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`autoSubscribeNewMembers`\" pulumi-lang-dotnet=\"`AutoSubscribeNewMembers`\" pulumi-lang-go=\"`autoSubscribeNewMembers`\" pulumi-lang-python=\"`auto_subscribe_new_members`\" pulumi-lang-yaml=\"`autoSubscribeNewMembers`\" pulumi-lang-java=\"`autoSubscribeNewMembers`\"\u003e`autoSubscribeNewMembers`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"behaviors":{"type":"array","items":{"type":"string"},"description":"A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description for the group.\n"},"displayName":{"type":"string","description":"The display name for the group.\n"},"dynamicMembership":{"$ref":"#/types/azuread:index/GroupWithoutMembersDynamicMembership:GroupWithoutMembersDynamicMembership","description":"A \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block as documented below. Required when \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e contains `DynamicMembership`. Cannot be used with the \u003cspan pulumi-lang-nodejs=\"`members`\" pulumi-lang-dotnet=\"`Members`\" pulumi-lang-go=\"`members`\" pulumi-lang-python=\"`members`\" pulumi-lang-yaml=\"`members`\" pulumi-lang-java=\"`members`\"\u003e`members`\u003c/span\u003e property.\n"},"externalSendersAllowed":{"type":"boolean","description":"Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`externalSendersAllowed`\" pulumi-lang-dotnet=\"`ExternalSendersAllowed`\" pulumi-lang-go=\"`externalSendersAllowed`\" pulumi-lang-python=\"`external_senders_allowed`\" pulumi-lang-yaml=\"`externalSendersAllowed`\" pulumi-lang-java=\"`externalSendersAllowed`\"\u003e`externalSendersAllowed`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromAddressLists":{"type":"boolean","description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromAddressLists`\" pulumi-lang-dotnet=\"`HideFromAddressLists`\" pulumi-lang-go=\"`hideFromAddressLists`\" pulumi-lang-python=\"`hide_from_address_lists`\" pulumi-lang-yaml=\"`hideFromAddressLists`\" pulumi-lang-java=\"`hideFromAddressLists`\"\u003e`hideFromAddressLists`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"hideFromOutlookClients":{"type":"boolean","description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.\n\n\u003e **Known Permissions Issue** The \u003cspan pulumi-lang-nodejs=\"`hideFromOutlookClients`\" pulumi-lang-dotnet=\"`HideFromOutlookClients`\" pulumi-lang-go=\"`hideFromOutlookClients`\" pulumi-lang-python=\"`hide_from_outlook_clients`\" pulumi-lang-yaml=\"`hideFromOutlookClients`\" pulumi-lang-java=\"`hideFromOutlookClients`\"\u003e`hideFromOutlookClients`\u003c/span\u003e property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.\n"},"mail":{"type":"string","description":"The SMTP address for the group.\n"},"mailEnabled":{"type":"boolean","description":"Whether the group is a mail enabled, with a shared group mailbox. At least one of \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e must be specified. Only Microsoft 365 groups can be mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"mailNickname":{"type":"string","description":"The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"objectId":{"type":"string","description":"The object ID of the group.\n"},"onpremisesDomainName":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesGroupType":{"type":"string","description":"The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.\n"},"onpremisesNetbiosName":{"type":"string","description":"The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSamAccountName":{"type":"string","description":"The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSecurityIdentifier":{"type":"string","description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSyncEnabled":{"type":"boolean","description":"Whether this group is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the group. Supported object types are users or service principals. By default, the principal being used to execute Terraform is assigned as the sole owner. Groups cannot be created with no owners or have all their owners removed.\n\n\u003e **Group Ownership**  It's recommended to always specify one or more group owners, including the principal being used to execute Terraform, such as in the example above. When removing group owners, if a user principal has been assigned ownership, the last user cannot be removed as an owner. Microsoft 365 groups are required to always have at least one owner which _must be a user_ (i.e. not a service principal).\n"},"preferredLanguage":{"type":"string","description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation.\n"},"preventDuplicateNames":{"type":"boolean","description":"If \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, will return an error if an existing group is found with the same name. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"provisioningOptions":{"type":"array","items":{"type":"string"},"description":"A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"proxyAddresses":{"type":"array","items":{"type":"string"},"description":"List of email addresses for the group that direct to the same group mailbox.\n"},"securityEnabled":{"type":"boolean","description":"Whether the group is a security group for controlling access to in-app resources. At least one of \u003cspan pulumi-lang-nodejs=\"`securityEnabled`\" pulumi-lang-dotnet=\"`SecurityEnabled`\" pulumi-lang-go=\"`securityEnabled`\" pulumi-lang-python=\"`security_enabled`\" pulumi-lang-yaml=\"`securityEnabled`\" pulumi-lang-java=\"`securityEnabled`\"\u003e`securityEnabled`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the \u003cspan pulumi-lang-nodejs=\"`types`\" pulumi-lang-dotnet=\"`Types`\" pulumi-lang-go=\"`types`\" pulumi-lang-python=\"`types`\" pulumi-lang-yaml=\"`types`\" pulumi-lang-java=\"`types`\"\u003e`types`\u003c/span\u003e property).\n"},"theme":{"type":"string","description":"The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.\n"},"types":{"type":"array","items":{"type":"string"},"description":"A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when \u003cspan pulumi-lang-nodejs=\"`mailEnabled`\" pulumi-lang-dotnet=\"`MailEnabled`\" pulumi-lang-go=\"`mailEnabled`\" pulumi-lang-python=\"`mail_enabled`\" pulumi-lang-yaml=\"`mailEnabled`\" pulumi-lang-java=\"`mailEnabled`\"\u003e`mailEnabled`\u003c/span\u003e is true. Changing this forces a new resource to be created.\n\n\u003e **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.\n","willReplaceOnChanges":true},"visibility":{"type":"string","description":"The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.\n\n\u003e **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the \u003cspan pulumi-lang-nodejs=\"`preventDuplicateNames`\" pulumi-lang-dotnet=\"`PreventDuplicateNames`\" pulumi-lang-go=\"`preventDuplicateNames`\" pulumi-lang-python=\"`prevent_duplicate_names`\" pulumi-lang-yaml=\"`preventDuplicateNames`\" pulumi-lang-java=\"`preventDuplicateNames`\"\u003e`preventDuplicateNames`\u003c/span\u003e argument to check for existing groups if you want to avoid name collisions.\n"},"writebackEnabled":{"type":"boolean","description":"Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.\n"}},"type":"object"}},"azuread:index/invitation:Invitation":{"description":"Manages an invitation of a guest user within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `User.Invite.All`, `User.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Guest Inviter`, `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Invitation(\"example\", {\n    userEmailAddress: \"jdoe@example.com\",\n    redirectUrl: \"https://portal.azure.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Invitation(\"example\",\n    user_email_address=\"jdoe@example.com\",\n    redirect_url=\"https://portal.azure.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Invitation(\"example\", new()\n    {\n        UserEmailAddress = \"jdoe@example.com\",\n        RedirectUrl = \"https://portal.azure.com\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewInvitation(ctx, \"example\", \u0026azuread.InvitationArgs{\n\t\t\tUserEmailAddress: pulumi.String(\"jdoe@example.com\"),\n\t\t\tRedirectUrl:      pulumi.String(\"https://portal.azure.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Invitation;\nimport com.pulumi.azuread.InvitationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Invitation(\"example\", InvitationArgs.builder()\n            .userEmailAddress(\"jdoe@example.com\")\n            .redirectUrl(\"https://portal.azure.com\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Invitation\n    properties:\n      userEmailAddress: jdoe@example.com\n      redirectUrl: https://portal.azure.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Invitation with standard message*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Invitation(\"example\", {\n    userEmailAddress: \"jdoe@example.com\",\n    redirectUrl: \"https://portal.azure.com\",\n    message: {\n        language: \"en-US\",\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Invitation(\"example\",\n    user_email_address=\"jdoe@example.com\",\n    redirect_url=\"https://portal.azure.com\",\n    message={\n        \"language\": \"en-US\",\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Invitation(\"example\", new()\n    {\n        UserEmailAddress = \"jdoe@example.com\",\n        RedirectUrl = \"https://portal.azure.com\",\n        Message = new AzureAD.Inputs.InvitationMessageArgs\n        {\n            Language = \"en-US\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewInvitation(ctx, \"example\", \u0026azuread.InvitationArgs{\n\t\t\tUserEmailAddress: pulumi.String(\"jdoe@example.com\"),\n\t\t\tRedirectUrl:      pulumi.String(\"https://portal.azure.com\"),\n\t\t\tMessage: \u0026azuread.InvitationMessageArgs{\n\t\t\t\tLanguage: pulumi.String(\"en-US\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Invitation;\nimport com.pulumi.azuread.InvitationArgs;\nimport com.pulumi.azuread.inputs.InvitationMessageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Invitation(\"example\", InvitationArgs.builder()\n            .userEmailAddress(\"jdoe@example.com\")\n            .redirectUrl(\"https://portal.azure.com\")\n            .message(InvitationMessageArgs.builder()\n                .language(\"en-US\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Invitation\n    properties:\n      userEmailAddress: jdoe@example.com\n      redirectUrl: https://portal.azure.com\n      message:\n        language: en-US\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Invitation with custom message body and an additional recipient*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Invitation(\"example\", {\n    userDisplayName: \"Bob Bobson\",\n    userEmailAddress: \"bbobson@example.com\",\n    redirectUrl: \"https://portal.azure.com\",\n    message: {\n        additionalRecipients: \"aaliceberg@example.com\",\n        body: \"Hello there! You are invited to join my Azure tenant!\",\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Invitation(\"example\",\n    user_display_name=\"Bob Bobson\",\n    user_email_address=\"bbobson@example.com\",\n    redirect_url=\"https://portal.azure.com\",\n    message={\n        \"additional_recipients\": \"aaliceberg@example.com\",\n        \"body\": \"Hello there! You are invited to join my Azure tenant!\",\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Invitation(\"example\", new()\n    {\n        UserDisplayName = \"Bob Bobson\",\n        UserEmailAddress = \"bbobson@example.com\",\n        RedirectUrl = \"https://portal.azure.com\",\n        Message = new AzureAD.Inputs.InvitationMessageArgs\n        {\n            AdditionalRecipients = \"aaliceberg@example.com\",\n            Body = \"Hello there! You are invited to join my Azure tenant!\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewInvitation(ctx, \"example\", \u0026azuread.InvitationArgs{\n\t\t\tUserDisplayName:  pulumi.String(\"Bob Bobson\"),\n\t\t\tUserEmailAddress: pulumi.String(\"bbobson@example.com\"),\n\t\t\tRedirectUrl:      pulumi.String(\"https://portal.azure.com\"),\n\t\t\tMessage: \u0026azuread.InvitationMessageArgs{\n\t\t\t\tAdditionalRecipients: pulumi.String(\"aaliceberg@example.com\"),\n\t\t\t\tBody:                 pulumi.String(\"Hello there! You are invited to join my Azure tenant!\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Invitation;\nimport com.pulumi.azuread.InvitationArgs;\nimport com.pulumi.azuread.inputs.InvitationMessageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Invitation(\"example\", InvitationArgs.builder()\n            .userDisplayName(\"Bob Bobson\")\n            .userEmailAddress(\"bbobson@example.com\")\n            .redirectUrl(\"https://portal.azure.com\")\n            .message(InvitationMessageArgs.builder()\n                .additionalRecipients(\"aaliceberg@example.com\")\n                .body(\"Hello there! You are invited to join my Azure tenant!\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Invitation\n    properties:\n      userDisplayName: Bob Bobson\n      userEmailAddress: bbobson@example.com\n      redirectUrl: https://portal.azure.com\n      message:\n        additionalRecipients: aaliceberg@example.com\n        body: Hello there! You are invited to join my Azure tenant!\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n","properties":{"message":{"$ref":"#/types/azuread:index/InvitationMessage:InvitationMessage","description":"A \u003cspan pulumi-lang-nodejs=\"`message`\" pulumi-lang-dotnet=\"`Message`\" pulumi-lang-go=\"`message`\" pulumi-lang-python=\"`message`\" pulumi-lang-yaml=\"`message`\" pulumi-lang-java=\"`message`\"\u003e`message`\u003c/span\u003e block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent.\n"},"redeemUrl":{"type":"string","description":"The URL the user can use to redeem their invitation.\n"},"redirectUrl":{"type":"string","description":"The URL that the user should be redirected to once the invitation is redeemed.\n"},"userDisplayName":{"type":"string","description":"The display name of the user being invited.\n"},"userEmailAddress":{"type":"string","description":"The email address of the user being invited.\n"},"userId":{"type":"string","description":"Object ID of the invited user.\n"},"userType":{"type":"string","description":"The user type of the user being invited. Must be one of `Guest` or `Member`. Only Global Administrators can invite users as members. Defaults to `Guest`.\n"}},"required":["redeemUrl","redirectUrl","userEmailAddress","userId"],"inputProperties":{"message":{"$ref":"#/types/azuread:index/InvitationMessage:InvitationMessage","description":"A \u003cspan pulumi-lang-nodejs=\"`message`\" pulumi-lang-dotnet=\"`Message`\" pulumi-lang-go=\"`message`\" pulumi-lang-python=\"`message`\" pulumi-lang-yaml=\"`message`\" pulumi-lang-java=\"`message`\"\u003e`message`\u003c/span\u003e block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent.\n","willReplaceOnChanges":true},"redirectUrl":{"type":"string","description":"The URL that the user should be redirected to once the invitation is redeemed.\n","willReplaceOnChanges":true},"userDisplayName":{"type":"string","description":"The display name of the user being invited.\n","willReplaceOnChanges":true},"userEmailAddress":{"type":"string","description":"The email address of the user being invited.\n","willReplaceOnChanges":true},"userType":{"type":"string","description":"The user type of the user being invited. Must be one of `Guest` or `Member`. Only Global Administrators can invite users as members. Defaults to `Guest`.\n","willReplaceOnChanges":true}},"requiredInputs":["redirectUrl","userEmailAddress"],"stateInputs":{"description":"Input properties used for looking up and filtering Invitation resources.\n","properties":{"message":{"$ref":"#/types/azuread:index/InvitationMessage:InvitationMessage","description":"A \u003cspan pulumi-lang-nodejs=\"`message`\" pulumi-lang-dotnet=\"`Message`\" pulumi-lang-go=\"`message`\" pulumi-lang-python=\"`message`\" pulumi-lang-yaml=\"`message`\" pulumi-lang-java=\"`message`\"\u003e`message`\u003c/span\u003e block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent.\n","willReplaceOnChanges":true},"redeemUrl":{"type":"string","description":"The URL the user can use to redeem their invitation.\n"},"redirectUrl":{"type":"string","description":"The URL that the user should be redirected to once the invitation is redeemed.\n","willReplaceOnChanges":true},"userDisplayName":{"type":"string","description":"The display name of the user being invited.\n","willReplaceOnChanges":true},"userEmailAddress":{"type":"string","description":"The email address of the user being invited.\n","willReplaceOnChanges":true},"userId":{"type":"string","description":"Object ID of the invited user.\n"},"userType":{"type":"string","description":"The user type of the user being invited. Must be one of `Guest` or `Member`. Only Global Administrators can invite users as members. Defaults to `Guest`.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/namedLocation:NamedLocation":{"description":"Manages a Named Location within Azure Active Directory.\n\n\u003e **API Limits** This resource is subject to a restrictive API request limit of 1 request/second. Whilst Terraform will automatically back-off and retry throttled requests, if you have a large number of resource changes to make, you may wish to reduce parallelism or specify extended custom resource timeouts.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example_ip = new azuread.NamedLocation(\"example-ip\", {\n    displayName: \"IP Named Location\",\n    ip: {\n        ipRanges: [\n            \"1.1.1.1/32\",\n            \"2.2.2.2/32\",\n        ],\n        trusted: true,\n    },\n});\nconst example_country = new azuread.NamedLocation(\"example-country\", {\n    displayName: \"Country Named Location\",\n    country: {\n        countriesAndRegions: [\n            \"GB\",\n            \"US\",\n        ],\n        includeUnknownCountriesAndRegions: false,\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample_ip = azuread.NamedLocation(\"example-ip\",\n    display_name=\"IP Named Location\",\n    ip={\n        \"ip_ranges\": [\n            \"1.1.1.1/32\",\n            \"2.2.2.2/32\",\n        ],\n        \"trusted\": True,\n    })\nexample_country = azuread.NamedLocation(\"example-country\",\n    display_name=\"Country Named Location\",\n    country={\n        \"countries_and_regions\": [\n            \"GB\",\n            \"US\",\n        ],\n        \"include_unknown_countries_and_regions\": False,\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example_ip = new AzureAD.Index.NamedLocation(\"example-ip\", new()\n    {\n        DisplayName = \"IP Named Location\",\n        Ip = new AzureAD.Inputs.NamedLocationIpArgs\n        {\n            IpRanges = new[]\n            {\n                \"1.1.1.1/32\",\n                \"2.2.2.2/32\",\n            },\n            Trusted = true,\n        },\n    });\n\n    var example_country = new AzureAD.Index.NamedLocation(\"example-country\", new()\n    {\n        DisplayName = \"Country Named Location\",\n        Country = new AzureAD.Inputs.NamedLocationCountryArgs\n        {\n            CountriesAndRegions = new[]\n            {\n                \"GB\",\n                \"US\",\n            },\n            IncludeUnknownCountriesAndRegions = false,\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewNamedLocation(ctx, \"example-ip\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"IP Named Location\"),\n\t\t\tIp: \u0026azuread.NamedLocationIpArgs{\n\t\t\t\tIpRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"1.1.1.1/32\"),\n\t\t\t\t\tpulumi.String(\"2.2.2.2/32\"),\n\t\t\t\t},\n\t\t\t\tTrusted: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewNamedLocation(ctx, \"example-country\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"Country Named Location\"),\n\t\t\tCountry: \u0026azuread.NamedLocationCountryArgs{\n\t\t\t\tCountriesAndRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t},\n\t\t\t\tIncludeUnknownCountriesAndRegions: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.NamedLocation;\nimport com.pulumi.azuread.NamedLocationArgs;\nimport com.pulumi.azuread.inputs.NamedLocationIpArgs;\nimport com.pulumi.azuread.inputs.NamedLocationCountryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example_ip = new NamedLocation(\"example-ip\", NamedLocationArgs.builder()\n            .displayName(\"IP Named Location\")\n            .ip(NamedLocationIpArgs.builder()\n                .ipRanges(                \n                    \"1.1.1.1/32\",\n                    \"2.2.2.2/32\")\n                .trusted(true)\n                .build())\n            .build());\n\n        var example_country = new NamedLocation(\"example-country\", NamedLocationArgs.builder()\n            .displayName(\"Country Named Location\")\n            .country(NamedLocationCountryArgs.builder()\n                .countriesAndRegions(                \n                    \"GB\",\n                    \"US\")\n                .includeUnknownCountriesAndRegions(false)\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example-ip:\n    type: azuread:NamedLocation\n    properties:\n      displayName: IP Named Location\n      ip:\n        ipRanges:\n          - 1.1.1.1/32\n          - 2.2.2.2/32\n        trusted: true\n  example-country:\n    type: azuread:NamedLocation\n    properties:\n      displayName: Country Named Location\n      country:\n        countriesAndRegions:\n          - GB\n          - US\n        includeUnknownCountriesAndRegions: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNamed Locations can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/namedLocation:NamedLocation my_location /identity/conditionalAccess/namedLocations/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"country":{"$ref":"#/types/azuread:index/NamedLocationCountry:NamedLocationCountry","description":"A \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e block as documented below, which configures a country-based named location.\n"},"displayName":{"type":"string","description":"The friendly name for this named location.\n"},"ip":{"$ref":"#/types/azuread:index/NamedLocationIp:NamedLocationIp","description":"An \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e must be specified. Changing between these forces a new resource to be created.\n"},"objectId":{"type":"string","description":"The object ID of the named location.\n"}},"required":["displayName","objectId"],"inputProperties":{"country":{"$ref":"#/types/azuread:index/NamedLocationCountry:NamedLocationCountry","description":"A \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e block as documented below, which configures a country-based named location.\n","willReplaceOnChanges":true},"displayName":{"type":"string","description":"The friendly name for this named location.\n"},"ip":{"$ref":"#/types/azuread:index/NamedLocationIp:NamedLocationIp","description":"An \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e must be specified. Changing between these forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering NamedLocation resources.\n","properties":{"country":{"$ref":"#/types/azuread:index/NamedLocationCountry:NamedLocationCountry","description":"A \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e block as documented below, which configures a country-based named location.\n","willReplaceOnChanges":true},"displayName":{"type":"string","description":"The friendly name for this named location.\n"},"ip":{"$ref":"#/types/azuread:index/NamedLocationIp:NamedLocationIp","description":"An \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e must be specified. Changing between these forces a new resource to be created.\n","willReplaceOnChanges":true},"objectId":{"type":"string","description":"The object ID of the named location.\n"}},"type":"object"}},"azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule":{"description":"Manages an active assignment to a privileged access group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n    displayName: \"group-name\",\n    securityEnabled: true,\n});\nconst member = new azuread.User(\"member\", {\n    userPrincipalName: \"jdoe@example.com\",\n    displayName: \"J. Doe\",\n    mailNickname: \"jdoe\",\n    password: \"SecretP@sswd99!\",\n});\nconst examplePrivilegedAccessGroupAssignmentSchedule = new azuread.PrivilegedAccessGroupAssignmentSchedule(\"example\", {\n    groupId: pim.id,\n    principalId: member.id,\n    assignmentType: \"member\",\n    duration: \"P30D\",\n    justification: \"as requested\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n    display_name=\"group-name\",\n    security_enabled=True)\nmember = azuread.User(\"member\",\n    user_principal_name=\"jdoe@example.com\",\n    display_name=\"J. Doe\",\n    mail_nickname=\"jdoe\",\n    password=\"SecretP@sswd99!\")\nexample_privileged_access_group_assignment_schedule = azuread.PrivilegedAccessGroupAssignmentSchedule(\"example\",\n    group_id=pim[\"id\"],\n    principal_id=member.id,\n    assignment_type=\"member\",\n    duration=\"P30D\",\n    justification=\"as requested\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"group-name\",\n        SecurityEnabled = true,\n    });\n\n    var member = new AzureAD.Index.User(\"member\", new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n        DisplayName = \"J. Doe\",\n        MailNickname = \"jdoe\",\n        Password = \"SecretP@sswd99!\",\n    });\n\n    var examplePrivilegedAccessGroupAssignmentSchedule = new AzureAD.Index.PrivilegedAccessGroupAssignmentSchedule(\"example\", new()\n    {\n        GroupId = pim.Id,\n        PrincipalId = member.Id,\n        AssignmentType = \"member\",\n        Duration = \"P30D\",\n        Justification = \"as requested\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmember, err := azuread.NewUser(ctx, \"member\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName:       pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname:      pulumi.String(\"jdoe\"),\n\t\t\tPassword:          pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewPrivilegedAccessGroupAssignmentSchedule(ctx, \"example\", \u0026azuread.PrivilegedAccessGroupAssignmentScheduleArgs{\n\t\t\tGroupId:        pulumi.Any(pim.Id),\n\t\t\tPrincipalId:    member.ID(),\n\t\t\tAssignmentType: pulumi.String(\"member\"),\n\t\t\tDuration:       pulumi.String(\"P30D\"),\n\t\t\tJustification:  pulumi.String(\"as requested\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.PrivilegedAccessGroupAssignmentSchedule;\nimport com.pulumi.azuread.PrivilegedAccessGroupAssignmentScheduleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"group-name\")\n            .securityEnabled(true)\n            .build());\n\n        var member = new User(\"member\", UserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .displayName(\"J. Doe\")\n            .mailNickname(\"jdoe\")\n            .password(\"SecretP@sswd99!\")\n            .build());\n\n        var examplePrivilegedAccessGroupAssignmentSchedule = new PrivilegedAccessGroupAssignmentSchedule(\"examplePrivilegedAccessGroupAssignmentSchedule\", PrivilegedAccessGroupAssignmentScheduleArgs.builder()\n            .groupId(pim.id())\n            .principalId(member.id())\n            .assignmentType(\"member\")\n            .duration(\"P30D\")\n            .justification(\"as requested\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: group-name\n      securityEnabled: true\n  member:\n    type: azuread:User\n    properties:\n      userPrincipalName: jdoe@example.com\n      displayName: J. Doe\n      mailNickname: jdoe\n      password: SecretP@sswd99!\n  examplePrivilegedAccessGroupAssignmentSchedule:\n    type: azuread:PrivilegedAccessGroupAssignmentSchedule\n    name: example\n    properties:\n      groupId: ${pim.id}\n      principalId: ${member.id}\n      assignmentType: member\n      duration: P30D\n      justification: as requested\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAn assignment schedule can be imported using the schedule ID, e.g.\n\n```sh\n$ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"assignmentType":{"type":"string","description":"The type of assignment to the group. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n"},"duration":{"type":"string","description":"The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n"},"groupId":{"type":"string","description":"The Object ID of the Azure AD group to which the principal will be assigned.\n"},"justification":{"type":"string","description":"The justification for this assignment. May be required by the role policy.\n"},"permanentAssignment":{"type":"boolean","description":"Is this assigment permanently valid.\n\nAt least one of \u003cspan pulumi-lang-nodejs=\"`expirationDate`\" pulumi-lang-dotnet=\"`ExpirationDate`\" pulumi-lang-go=\"`expirationDate`\" pulumi-lang-python=\"`expiration_date`\" pulumi-lang-yaml=\"`expirationDate`\" pulumi-lang-java=\"`expirationDate`\"\u003e`expirationDate`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`duration`\" pulumi-lang-dotnet=\"`Duration`\" pulumi-lang-go=\"`duration`\" pulumi-lang-python=\"`duration`\" pulumi-lang-yaml=\"`duration`\" pulumi-lang-java=\"`duration`\"\u003e`duration`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`permanentAssignment`\" pulumi-lang-dotnet=\"`PermanentAssignment`\" pulumi-lang-go=\"`permanentAssignment`\" pulumi-lang-python=\"`permanent_assignment`\" pulumi-lang-yaml=\"`permanentAssignment`\" pulumi-lang-java=\"`permanentAssignment`\"\u003e`permanentAssignment`\u003c/span\u003e must be supplied. The role policy may limit the maximum duration which can be supplied.\n"},"principalId":{"type":"string","description":"The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n"},"startDate":{"type":"string","description":"The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n"},"status":{"type":"string","description":"(String) The provisioning status of this request.\n"},"ticketNumber":{"type":"string","description":"The ticket number in the ticket system approving this assignment. May be required by the role policy.\n"},"ticketSystem":{"type":"string","description":"The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n"}},"required":["assignmentType","expirationDate","groupId","permanentAssignment","principalId","startDate","status"],"inputProperties":{"assignmentType":{"type":"string","description":"The type of assignment to the group. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n","willReplaceOnChanges":true},"duration":{"type":"string","description":"The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n"},"groupId":{"type":"string","description":"The Object ID of the Azure AD group to which the principal will be assigned.\n","willReplaceOnChanges":true},"justification":{"type":"string","description":"The justification for this assignment. May be required by the role policy.\n"},"permanentAssignment":{"type":"boolean","description":"Is this assigment permanently valid.\n\nAt least one of \u003cspan pulumi-lang-nodejs=\"`expirationDate`\" pulumi-lang-dotnet=\"`ExpirationDate`\" pulumi-lang-go=\"`expirationDate`\" pulumi-lang-python=\"`expiration_date`\" pulumi-lang-yaml=\"`expirationDate`\" pulumi-lang-java=\"`expirationDate`\"\u003e`expirationDate`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`duration`\" pulumi-lang-dotnet=\"`Duration`\" pulumi-lang-go=\"`duration`\" pulumi-lang-python=\"`duration`\" pulumi-lang-yaml=\"`duration`\" pulumi-lang-java=\"`duration`\"\u003e`duration`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`permanentAssignment`\" pulumi-lang-dotnet=\"`PermanentAssignment`\" pulumi-lang-go=\"`permanentAssignment`\" pulumi-lang-python=\"`permanent_assignment`\" pulumi-lang-yaml=\"`permanentAssignment`\" pulumi-lang-java=\"`permanentAssignment`\"\u003e`permanentAssignment`\u003c/span\u003e must be supplied. The role policy may limit the maximum duration which can be supplied.\n"},"principalId":{"type":"string","description":"The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n"},"ticketNumber":{"type":"string","description":"The ticket number in the ticket system approving this assignment. May be required by the role policy.\n"},"ticketSystem":{"type":"string","description":"The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n"}},"requiredInputs":["assignmentType","groupId","principalId"],"stateInputs":{"description":"Input properties used for looking up and filtering PrivilegedAccessGroupAssignmentSchedule resources.\n","properties":{"assignmentType":{"type":"string","description":"The type of assignment to the group. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n","willReplaceOnChanges":true},"duration":{"type":"string","description":"The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n"},"groupId":{"type":"string","description":"The Object ID of the Azure AD group to which the principal will be assigned.\n","willReplaceOnChanges":true},"justification":{"type":"string","description":"The justification for this assignment. May be required by the role policy.\n"},"permanentAssignment":{"type":"boolean","description":"Is this assigment permanently valid.\n\nAt least one of \u003cspan pulumi-lang-nodejs=\"`expirationDate`\" pulumi-lang-dotnet=\"`ExpirationDate`\" pulumi-lang-go=\"`expirationDate`\" pulumi-lang-python=\"`expiration_date`\" pulumi-lang-yaml=\"`expirationDate`\" pulumi-lang-java=\"`expirationDate`\"\u003e`expirationDate`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`duration`\" pulumi-lang-dotnet=\"`Duration`\" pulumi-lang-go=\"`duration`\" pulumi-lang-python=\"`duration`\" pulumi-lang-yaml=\"`duration`\" pulumi-lang-java=\"`duration`\"\u003e`duration`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`permanentAssignment`\" pulumi-lang-dotnet=\"`PermanentAssignment`\" pulumi-lang-go=\"`permanentAssignment`\" pulumi-lang-python=\"`permanent_assignment`\" pulumi-lang-yaml=\"`permanentAssignment`\" pulumi-lang-java=\"`permanentAssignment`\"\u003e`permanentAssignment`\u003c/span\u003e must be supplied. The role policy may limit the maximum duration which can be supplied.\n"},"principalId":{"type":"string","description":"The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n"},"status":{"type":"string","description":"(String) The provisioning status of this request.\n"},"ticketNumber":{"type":"string","description":"The ticket number in the ticket system approving this assignment. May be required by the role policy.\n"},"ticketSystem":{"type":"string","description":"The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n"}},"type":"object"}},"azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule":{"description":"Manages an eligible assignment to a privileged access group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n    displayName: \"group-name\",\n    securityEnabled: true,\n});\nconst member = new azuread.User(\"member\", {\n    userPrincipalName: \"jdoe@example.com\",\n    displayName: \"J. Doe\",\n    mailNickname: \"jdoe\",\n    password: \"SecretP@sswd99!\",\n});\nconst examplePrivilegedAccessGroupEligibilitySchedule = new azuread.PrivilegedAccessGroupEligibilitySchedule(\"example\", {\n    groupId: pim.id,\n    principalId: member.id,\n    assignmentType: \"member\",\n    duration: \"P30D\",\n    justification: \"as requested\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n    display_name=\"group-name\",\n    security_enabled=True)\nmember = azuread.User(\"member\",\n    user_principal_name=\"jdoe@example.com\",\n    display_name=\"J. Doe\",\n    mail_nickname=\"jdoe\",\n    password=\"SecretP@sswd99!\")\nexample_privileged_access_group_eligibility_schedule = azuread.PrivilegedAccessGroupEligibilitySchedule(\"example\",\n    group_id=pim[\"id\"],\n    principal_id=member.id,\n    assignment_type=\"member\",\n    duration=\"P30D\",\n    justification=\"as requested\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"group-name\",\n        SecurityEnabled = true,\n    });\n\n    var member = new AzureAD.Index.User(\"member\", new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n        DisplayName = \"J. Doe\",\n        MailNickname = \"jdoe\",\n        Password = \"SecretP@sswd99!\",\n    });\n\n    var examplePrivilegedAccessGroupEligibilitySchedule = new AzureAD.Index.PrivilegedAccessGroupEligibilitySchedule(\"example\", new()\n    {\n        GroupId = pim.Id,\n        PrincipalId = member.Id,\n        AssignmentType = \"member\",\n        Duration = \"P30D\",\n        Justification = \"as requested\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmember, err := azuread.NewUser(ctx, \"member\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName:       pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname:      pulumi.String(\"jdoe\"),\n\t\t\tPassword:          pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewPrivilegedAccessGroupEligibilitySchedule(ctx, \"example\", \u0026azuread.PrivilegedAccessGroupEligibilityScheduleArgs{\n\t\t\tGroupId:        pulumi.Any(pim.Id),\n\t\t\tPrincipalId:    member.ID(),\n\t\t\tAssignmentType: pulumi.String(\"member\"),\n\t\t\tDuration:       pulumi.String(\"P30D\"),\n\t\t\tJustification:  pulumi.String(\"as requested\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.PrivilegedAccessGroupEligibilitySchedule;\nimport com.pulumi.azuread.PrivilegedAccessGroupEligibilityScheduleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"group-name\")\n            .securityEnabled(true)\n            .build());\n\n        var member = new User(\"member\", UserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .displayName(\"J. Doe\")\n            .mailNickname(\"jdoe\")\n            .password(\"SecretP@sswd99!\")\n            .build());\n\n        var examplePrivilegedAccessGroupEligibilitySchedule = new PrivilegedAccessGroupEligibilitySchedule(\"examplePrivilegedAccessGroupEligibilitySchedule\", PrivilegedAccessGroupEligibilityScheduleArgs.builder()\n            .groupId(pim.id())\n            .principalId(member.id())\n            .assignmentType(\"member\")\n            .duration(\"P30D\")\n            .justification(\"as requested\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: group-name\n      securityEnabled: true\n  member:\n    type: azuread:User\n    properties:\n      userPrincipalName: jdoe@example.com\n      displayName: J. Doe\n      mailNickname: jdoe\n      password: SecretP@sswd99!\n  examplePrivilegedAccessGroupEligibilitySchedule:\n    type: azuread:PrivilegedAccessGroupEligibilitySchedule\n    name: example\n    properties:\n      groupId: ${pim.id}\n      principalId: ${member.id}\n      assignmentType: member\n      duration: P30D\n      justification: as requested\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAn assignment schedule can be imported using the schedule ID, e.g.\n\n```sh\n$ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"assignmentType":{"type":"string","description":"The type of assignment to the group. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n"},"duration":{"type":"string","description":"The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n"},"groupId":{"type":"string","description":"The Object ID of the Azure AD group to which the principal will be assigned.\n"},"justification":{"type":"string","description":"The justification for this assignment. May be required by the role policy.\n"},"permanentAssignment":{"type":"boolean","description":"Is this assigment permanently valid.\n\nAt least one of \u003cspan pulumi-lang-nodejs=\"`expirationDate`\" pulumi-lang-dotnet=\"`ExpirationDate`\" pulumi-lang-go=\"`expirationDate`\" pulumi-lang-python=\"`expiration_date`\" pulumi-lang-yaml=\"`expirationDate`\" pulumi-lang-java=\"`expirationDate`\"\u003e`expirationDate`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`duration`\" pulumi-lang-dotnet=\"`Duration`\" pulumi-lang-go=\"`duration`\" pulumi-lang-python=\"`duration`\" pulumi-lang-yaml=\"`duration`\" pulumi-lang-java=\"`duration`\"\u003e`duration`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`permanentAssignment`\" pulumi-lang-dotnet=\"`PermanentAssignment`\" pulumi-lang-go=\"`permanentAssignment`\" pulumi-lang-python=\"`permanent_assignment`\" pulumi-lang-yaml=\"`permanentAssignment`\" pulumi-lang-java=\"`permanentAssignment`\"\u003e`permanentAssignment`\u003c/span\u003e must be supplied. The role policy may limit the maximum duration which can be supplied.\n"},"principalId":{"type":"string","description":"The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n"},"startDate":{"type":"string","description":"The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n"},"status":{"type":"string","description":"(String) The provisioning status of this request.\n"},"ticketNumber":{"type":"string","description":"The ticket number in the ticket system approving this assignment. May be required by the role policy.\n"},"ticketSystem":{"type":"string","description":"The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n"}},"required":["assignmentType","expirationDate","groupId","permanentAssignment","principalId","startDate","status"],"inputProperties":{"assignmentType":{"type":"string","description":"The type of assignment to the group. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n","willReplaceOnChanges":true},"duration":{"type":"string","description":"The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n"},"groupId":{"type":"string","description":"The Object ID of the Azure AD group to which the principal will be assigned.\n","willReplaceOnChanges":true},"justification":{"type":"string","description":"The justification for this assignment. May be required by the role policy.\n"},"permanentAssignment":{"type":"boolean","description":"Is this assigment permanently valid.\n\nAt least one of \u003cspan pulumi-lang-nodejs=\"`expirationDate`\" pulumi-lang-dotnet=\"`ExpirationDate`\" pulumi-lang-go=\"`expirationDate`\" pulumi-lang-python=\"`expiration_date`\" pulumi-lang-yaml=\"`expirationDate`\" pulumi-lang-java=\"`expirationDate`\"\u003e`expirationDate`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`duration`\" pulumi-lang-dotnet=\"`Duration`\" pulumi-lang-go=\"`duration`\" pulumi-lang-python=\"`duration`\" pulumi-lang-yaml=\"`duration`\" pulumi-lang-java=\"`duration`\"\u003e`duration`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`permanentAssignment`\" pulumi-lang-dotnet=\"`PermanentAssignment`\" pulumi-lang-go=\"`permanentAssignment`\" pulumi-lang-python=\"`permanent_assignment`\" pulumi-lang-yaml=\"`permanentAssignment`\" pulumi-lang-java=\"`permanentAssignment`\"\u003e`permanentAssignment`\u003c/span\u003e must be supplied. The role policy may limit the maximum duration which can be supplied.\n"},"principalId":{"type":"string","description":"The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n"},"ticketNumber":{"type":"string","description":"The ticket number in the ticket system approving this assignment. May be required by the role policy.\n"},"ticketSystem":{"type":"string","description":"The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n"}},"requiredInputs":["assignmentType","groupId","principalId"],"stateInputs":{"description":"Input properties used for looking up and filtering PrivilegedAccessGroupEligibilitySchedule resources.\n","properties":{"assignmentType":{"type":"string","description":"The type of assignment to the group. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n","willReplaceOnChanges":true},"duration":{"type":"string","description":"The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n"},"expirationDate":{"type":"string","description":"The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n"},"groupId":{"type":"string","description":"The Object ID of the Azure AD group to which the principal will be assigned.\n","willReplaceOnChanges":true},"justification":{"type":"string","description":"The justification for this assignment. May be required by the role policy.\n"},"permanentAssignment":{"type":"boolean","description":"Is this assigment permanently valid.\n\nAt least one of \u003cspan pulumi-lang-nodejs=\"`expirationDate`\" pulumi-lang-dotnet=\"`ExpirationDate`\" pulumi-lang-go=\"`expirationDate`\" pulumi-lang-python=\"`expiration_date`\" pulumi-lang-yaml=\"`expirationDate`\" pulumi-lang-java=\"`expirationDate`\"\u003e`expirationDate`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`duration`\" pulumi-lang-dotnet=\"`Duration`\" pulumi-lang-go=\"`duration`\" pulumi-lang-python=\"`duration`\" pulumi-lang-yaml=\"`duration`\" pulumi-lang-java=\"`duration`\"\u003e`duration`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`permanentAssignment`\" pulumi-lang-dotnet=\"`PermanentAssignment`\" pulumi-lang-go=\"`permanentAssignment`\" pulumi-lang-python=\"`permanent_assignment`\" pulumi-lang-yaml=\"`permanentAssignment`\" pulumi-lang-java=\"`permanentAssignment`\"\u003e`permanentAssignment`\u003c/span\u003e must be supplied. The role policy may limit the maximum duration which can be supplied.\n"},"principalId":{"type":"string","description":"The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n"},"status":{"type":"string","description":"(String) The provisioning status of this request.\n"},"ticketNumber":{"type":"string","description":"The ticket number in the ticket system approving this assignment. May be required by the role policy.\n"},"ticketSystem":{"type":"string","description":"The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n"}},"type":"object"}},"azuread:index/servicePrincipal:ServicePrincipal":{"description":"Manages a service principal associated with an application within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of _both_ the linked application registration, _and_ the service principal being managed.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Create a service principal for an application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    owners: [current.then(current =\u003e current.objectId)],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n    clientId: example.clientId,\n    appRoleAssignmentRequired: false,\n    owners: [current.then(current =\u003e current.objectId)],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    owners=[current.object_id])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n    client_id=example.client_id,\n    app_role_assignment_required=False,\n    owners=[current.object_id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n        AppRoleAssignmentRequired = false,\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:                  example.ClientId,\n\t\t\tAppRoleAssignmentRequired: pulumi.Bool(false),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .owners(current.objectId())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .appRoleAssignmentRequired(false)\n            .owners(current.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      owners:\n        - ${current.objectId}\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n      appRoleAssignmentRequired: false\n      owners:\n        - ${current.objectId}\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create a service principal for an enterprise application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    owners: [current.then(current =\u003e current.objectId)],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n    clientId: example.clientId,\n    appRoleAssignmentRequired: false,\n    owners: [current.then(current =\u003e current.objectId)],\n    featureTags: [{\n        enterprise: true,\n        gallery: true,\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    owners=[current.object_id])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n    client_id=example.client_id,\n    app_role_assignment_required=False,\n    owners=[current.object_id],\n    feature_tags=[{\n        \"enterprise\": True,\n        \"gallery\": True,\n    }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n        AppRoleAssignmentRequired = false,\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        FeatureTags = new[]\n        {\n            new AzureAD.Inputs.ServicePrincipalFeatureTagArgs\n            {\n                Enterprise = true,\n                Gallery = true,\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:                  example.ClientId,\n\t\t\tAppRoleAssignmentRequired: pulumi.Bool(false),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tFeatureTags: azuread.ServicePrincipalFeatureTagArray{\n\t\t\t\t\u0026azuread.ServicePrincipalFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery:    pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ServicePrincipalFeatureTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .owners(current.objectId())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .appRoleAssignmentRequired(false)\n            .owners(current.objectId())\n            .featureTags(ServicePrincipalFeatureTagArgs.builder()\n                .enterprise(true)\n                .gallery(true)\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      owners:\n        - ${current.objectId}\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n      appRoleAssignmentRequired: false\n      owners:\n        - ${current.objectId}\n      featureTags:\n        - enterprise: true\n          gallery: true\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Manage a service principal for a first-party Microsoft application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n    clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n    useExisting: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n    client_id=well_known.result[\"microsoftGraph\"],\n    use_existing=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var wellKnown = AzureAD.Index.GetApplicationPublishedAppIds.Invoke();\n\n    var msgraph = new AzureAD.Index.ServicePrincipal(\"msgraph\", new()\n    {\n        ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n        UseExisting = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:    pulumi.String(pulumi.String(wellKnown.Result.MicrosoftGraph)),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n            .clientId(wellKnown.result().microsoftGraph())\n            .useExisting(true)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  msgraph:\n    type: azuread:ServicePrincipal\n    properties:\n      clientId: ${wellKnown.result.microsoftGraph}\n      useExisting: true\nvariables:\n  wellKnown:\n    fn::invoke:\n      function: azuread:getApplicationPublishedAppIds\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Create a service principal for an application created from a gallery template*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n    displayName: \"Marketo\",\n});\nconst exampleApplication = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n    clientId: exampleApplication.clientId,\n    useExisting: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Marketo\")\nexample_application = azuread.Application(\"example\",\n    display_name=\"example\",\n    template_id=example.template_id)\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n    client_id=example_application.client_id,\n    use_existing=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetApplicationTemplate.Invoke(new()\n    {\n        DisplayName = \"Marketo\",\n    });\n\n    var exampleApplication = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = exampleApplication.ClientId,\n        UseExisting = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Marketo\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId:  pulumi.String(pulumi.String(example.TemplateId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:    exampleApplication.ClientId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n            .displayName(\"Marketo\")\n            .build());\n\n        var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .templateId(example.templateId())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(exampleApplication.clientId())\n            .useExisting(true)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleApplication:\n    type: azuread:Application\n    name: example\n    properties:\n      displayName: example\n      templateId: ${example.templateId}\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${exampleApplication.clientId}\n      useExisting: true\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getApplicationTemplate\n      arguments:\n        displayName: Marketo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nService principals can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"accountEnabled":{"type":"boolean","description":"Whether or not the service principal account is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"alternativeNames":{"type":"array","items":{"type":"string"},"description":"A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.\n"},"appRoleAssignmentRequired":{"type":"boolean","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"appRoleIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.\n"},"appRoles":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalAppRole:ServicePrincipalAppRole"},"description":"A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).\n"},"applicationTenantId":{"type":"string","description":"The tenant ID where the associated application is registered.\n"},"clientId":{"type":"string","description":"The client ID of the application for which to create a service principal.\n"},"description":{"type":"string","description":"A description of the service principal provided for internal end-users.\n"},"displayName":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences.\n"},"featureTags":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalFeatureTag:ServicePrincipalFeatureTag"},"description":"A \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block as described below. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property.\n\n\u003e **Features and Tags** Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property instead. Any tags configured for the linked application will propagate to this service principal.\n"},"features":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalFeature:ServicePrincipalFeature"},"description":"Block of features to configure for this service principal using tags","deprecationMessage":"This block has been renamed to \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and will be removed in version 3.0 of the provider"},"homepageUrl":{"type":"string","description":"Home page or landing page of the associated application.\n"},"loginUrl":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.\n"},"logoutUrl":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.\n"},"notes":{"type":"string","description":"A free text field to capture information about the service principal, typically used for operational purposes.\n"},"notificationEmailAddresses":{"type":"array","items":{"type":"string"},"description":"A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.\n"},"oauth2PermissionScopeIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.\n"},"oauth2PermissionScopes":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalOauth2PermissionScope:ServicePrincipalOauth2PermissionScope"},"description":"A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.\n"},"objectId":{"type":"string","description":"The object ID of the service principal.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned.\n\n\u003e **Ownership of Service Principals** It's recommended to always specify one or more service principal owners, including the principal being used to execute Terraform, such as in the example above.\n"},"preferredSingleSignOnMode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are \u003cspan pulumi-lang-nodejs=\"`oidc`\" pulumi-lang-dotnet=\"`Oidc`\" pulumi-lang-go=\"`oidc`\" pulumi-lang-python=\"`oidc`\" pulumi-lang-yaml=\"`oidc`\" pulumi-lang-java=\"`oidc`\"\u003e`oidc`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e or `notSupported`. Omit this property or specify a blank string to unset.\n"},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.\n"},"samlMetadataUrl":{"type":"string","description":"The URL where the service exposes SAML metadata for federation.\n"},"samlSingleSignOn":{"$ref":"#/types/azuread:index/ServicePrincipalSamlSingleSignOn:ServicePrincipalSamlSingleSignOn","description":"A \u003cspan pulumi-lang-nodejs=\"`samlSingleSignOn`\" pulumi-lang-dotnet=\"`SamlSingleSignOn`\" pulumi-lang-go=\"`samlSingleSignOn`\" pulumi-lang-python=\"`saml_single_sign_on`\" pulumi-lang-yaml=\"`samlSingleSignOn`\" pulumi-lang-java=\"`samlSingleSignOn`\"\u003e`samlSingleSignOn`\u003c/span\u003e block as documented below.\n"},"servicePrincipalNames":{"type":"array","items":{"type":"string"},"description":"A list of identifier URI(s), copied over from the associated application.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.\n"},"tags":{"type":"array","items":{"type":"string"},"description":"A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block.\n\n\u003e **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property or with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block. If you need to set any custom tag values not supported by the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block, it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property. Tag values set for the linked application will also propagate to this service principal.\n"},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.\n"},"useExisting":{"type":"boolean","description":"When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal.\n\n\u003e **Caveats of \u003cspan pulumi-lang-nodejs=\"`useExisting`\" pulumi-lang-dotnet=\"`UseExisting`\" pulumi-lang-go=\"`useExisting`\" pulumi-lang-python=\"`use_existing`\" pulumi-lang-yaml=\"`useExisting`\" pulumi-lang-java=\"`useExisting`\"\u003e`useExisting`\u003c/span\u003e** Enabling this behaviour is useful for managing existing service principals that may already be installed in your tenant for Microsoft-published APIs, as it allows you to make changes where permitted, and then also reference them in your Terraform configuration. However, the behaviour of delete operations is also affected - when \u003cspan pulumi-lang-nodejs=\"`useExisting`\" pulumi-lang-dotnet=\"`UseExisting`\" pulumi-lang-go=\"`useExisting`\" pulumi-lang-python=\"`use_existing`\" pulumi-lang-yaml=\"`useExisting`\" pulumi-lang-java=\"`useExisting`\"\u003e`useExisting`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Terraform will still attempt to delete the service principal on destroy, although it will not raise an error if the deletion fails (as it often the case for first-party Microsoft applications).\n"}},"required":["appRoleIds","appRoles","applicationTenantId","clientId","displayName","featureTags","features","homepageUrl","logoutUrl","oauth2PermissionScopeIds","oauth2PermissionScopes","objectId","redirectUris","samlMetadataUrl","servicePrincipalNames","signInAudience","tags","type"],"inputProperties":{"accountEnabled":{"type":"boolean","description":"Whether or not the service principal account is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"alternativeNames":{"type":"array","items":{"type":"string"},"description":"A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.\n"},"appRoleAssignmentRequired":{"type":"boolean","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"clientId":{"type":"string","description":"The client ID of the application for which to create a service principal.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"A description of the service principal provided for internal end-users.\n"},"featureTags":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalFeatureTag:ServicePrincipalFeatureTag"},"description":"A \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block as described below. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property.\n\n\u003e **Features and Tags** Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property instead. Any tags configured for the linked application will propagate to this service principal.\n"},"features":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalFeature:ServicePrincipalFeature"},"description":"Block of features to configure for this service principal using tags","deprecationMessage":"This block has been renamed to \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and will be removed in version 3.0 of the provider"},"loginUrl":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.\n"},"notes":{"type":"string","description":"A free text field to capture information about the service principal, typically used for operational purposes.\n"},"notificationEmailAddresses":{"type":"array","items":{"type":"string"},"description":"A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned.\n\n\u003e **Ownership of Service Principals** It's recommended to always specify one or more service principal owners, including the principal being used to execute Terraform, such as in the example above.\n"},"preferredSingleSignOnMode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are \u003cspan pulumi-lang-nodejs=\"`oidc`\" pulumi-lang-dotnet=\"`Oidc`\" pulumi-lang-go=\"`oidc`\" pulumi-lang-python=\"`oidc`\" pulumi-lang-yaml=\"`oidc`\" pulumi-lang-java=\"`oidc`\"\u003e`oidc`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e or `notSupported`. Omit this property or specify a blank string to unset.\n"},"samlSingleSignOn":{"$ref":"#/types/azuread:index/ServicePrincipalSamlSingleSignOn:ServicePrincipalSamlSingleSignOn","description":"A \u003cspan pulumi-lang-nodejs=\"`samlSingleSignOn`\" pulumi-lang-dotnet=\"`SamlSingleSignOn`\" pulumi-lang-go=\"`samlSingleSignOn`\" pulumi-lang-python=\"`saml_single_sign_on`\" pulumi-lang-yaml=\"`samlSingleSignOn`\" pulumi-lang-java=\"`samlSingleSignOn`\"\u003e`samlSingleSignOn`\u003c/span\u003e block as documented below.\n"},"tags":{"type":"array","items":{"type":"string"},"description":"A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block.\n\n\u003e **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property or with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block. If you need to set any custom tag values not supported by the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block, it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property. Tag values set for the linked application will also propagate to this service principal.\n"},"useExisting":{"type":"boolean","description":"When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal.\n\n\u003e **Caveats of \u003cspan pulumi-lang-nodejs=\"`useExisting`\" pulumi-lang-dotnet=\"`UseExisting`\" pulumi-lang-go=\"`useExisting`\" pulumi-lang-python=\"`use_existing`\" pulumi-lang-yaml=\"`useExisting`\" pulumi-lang-java=\"`useExisting`\"\u003e`useExisting`\u003c/span\u003e** Enabling this behaviour is useful for managing existing service principals that may already be installed in your tenant for Microsoft-published APIs, as it allows you to make changes where permitted, and then also reference them in your Terraform configuration. However, the behaviour of delete operations is also affected - when \u003cspan pulumi-lang-nodejs=\"`useExisting`\" pulumi-lang-dotnet=\"`UseExisting`\" pulumi-lang-go=\"`useExisting`\" pulumi-lang-python=\"`use_existing`\" pulumi-lang-yaml=\"`useExisting`\" pulumi-lang-java=\"`useExisting`\"\u003e`useExisting`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Terraform will still attempt to delete the service principal on destroy, although it will not raise an error if the deletion fails (as it often the case for first-party Microsoft applications).\n"}},"requiredInputs":["clientId"],"stateInputs":{"description":"Input properties used for looking up and filtering ServicePrincipal resources.\n","properties":{"accountEnabled":{"type":"boolean","description":"Whether or not the service principal account is enabled. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"alternativeNames":{"type":"array","items":{"type":"string"},"description":"A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.\n"},"appRoleAssignmentRequired":{"type":"boolean","description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"appRoleIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.\n"},"appRoles":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalAppRole:ServicePrincipalAppRole"},"description":"A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).\n"},"applicationTenantId":{"type":"string","description":"The tenant ID where the associated application is registered.\n"},"clientId":{"type":"string","description":"The client ID of the application for which to create a service principal.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"A description of the service principal provided for internal end-users.\n"},"displayName":{"type":"string","description":"Display name for the app role that appears during app role assignment and in consent experiences.\n"},"featureTags":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalFeatureTag:ServicePrincipalFeatureTag"},"description":"A \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block as described below. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property.\n\n\u003e **Features and Tags** Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property instead. Any tags configured for the linked application will propagate to this service principal.\n"},"features":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalFeature:ServicePrincipalFeature"},"description":"Block of features to configure for this service principal using tags","deprecationMessage":"This block has been renamed to \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and will be removed in version 3.0 of the provider"},"homepageUrl":{"type":"string","description":"Home page or landing page of the associated application.\n"},"loginUrl":{"type":"string","description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.\n"},"logoutUrl":{"type":"string","description":"The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.\n"},"notes":{"type":"string","description":"A free text field to capture information about the service principal, typically used for operational purposes.\n"},"notificationEmailAddresses":{"type":"array","items":{"type":"string"},"description":"A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.\n"},"oauth2PermissionScopeIds":{"type":"object","additionalProperties":{"type":"string"},"description":"A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.\n"},"oauth2PermissionScopes":{"type":"array","items":{"$ref":"#/types/azuread:index/ServicePrincipalOauth2PermissionScope:ServicePrincipalOauth2PermissionScope"},"description":"A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.\n"},"objectId":{"type":"string","description":"The object ID of the service principal.\n"},"owners":{"type":"array","items":{"type":"string"},"description":"A set of object IDs of principals that will be granted ownership of the service principal. Supported object types are users or service principals. By default, no owners are assigned.\n\n\u003e **Ownership of Service Principals** It's recommended to always specify one or more service principal owners, including the principal being used to execute Terraform, such as in the example above.\n"},"preferredSingleSignOnMode":{"type":"string","description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are \u003cspan pulumi-lang-nodejs=\"`oidc`\" pulumi-lang-dotnet=\"`Oidc`\" pulumi-lang-go=\"`oidc`\" pulumi-lang-python=\"`oidc`\" pulumi-lang-yaml=\"`oidc`\" pulumi-lang-java=\"`oidc`\"\u003e`oidc`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`saml`\" pulumi-lang-dotnet=\"`Saml`\" pulumi-lang-go=\"`saml`\" pulumi-lang-python=\"`saml`\" pulumi-lang-yaml=\"`saml`\" pulumi-lang-java=\"`saml`\"\u003e`saml`\u003c/span\u003e or `notSupported`. Omit this property or specify a blank string to unset.\n"},"redirectUris":{"type":"array","items":{"type":"string"},"description":"A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.\n"},"samlMetadataUrl":{"type":"string","description":"The URL where the service exposes SAML metadata for federation.\n"},"samlSingleSignOn":{"$ref":"#/types/azuread:index/ServicePrincipalSamlSingleSignOn:ServicePrincipalSamlSingleSignOn","description":"A \u003cspan pulumi-lang-nodejs=\"`samlSingleSignOn`\" pulumi-lang-dotnet=\"`SamlSingleSignOn`\" pulumi-lang-go=\"`samlSingleSignOn`\" pulumi-lang-python=\"`saml_single_sign_on`\" pulumi-lang-yaml=\"`samlSingleSignOn`\" pulumi-lang-java=\"`samlSingleSignOn`\"\u003e`samlSingleSignOn`\u003c/span\u003e block as documented below.\n"},"servicePrincipalNames":{"type":"array","items":{"type":"string"},"description":"A list of identifier URI(s), copied over from the associated application.\n"},"signInAudience":{"type":"string","description":"The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.\n"},"tags":{"type":"array","items":{"type":"string"},"description":"A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block.\n\n\u003e **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property or with the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block. If you need to set any custom tag values not supported by the \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e block, it's recommended to use the \u003cspan pulumi-lang-nodejs=\"`tags`\" pulumi-lang-dotnet=\"`Tags`\" pulumi-lang-go=\"`tags`\" pulumi-lang-python=\"`tags`\" pulumi-lang-yaml=\"`tags`\" pulumi-lang-java=\"`tags`\"\u003e`tags`\u003c/span\u003e property. Tag values set for the linked application will also propagate to this service principal.\n"},"type":{"type":"string","description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.\n"},"useExisting":{"type":"boolean","description":"When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal.\n\n\u003e **Caveats of \u003cspan pulumi-lang-nodejs=\"`useExisting`\" pulumi-lang-dotnet=\"`UseExisting`\" pulumi-lang-go=\"`useExisting`\" pulumi-lang-python=\"`use_existing`\" pulumi-lang-yaml=\"`useExisting`\" pulumi-lang-java=\"`useExisting`\"\u003e`useExisting`\u003c/span\u003e** Enabling this behaviour is useful for managing existing service principals that may already be installed in your tenant for Microsoft-published APIs, as it allows you to make changes where permitted, and then also reference them in your Terraform configuration. However, the behaviour of delete operations is also affected - when \u003cspan pulumi-lang-nodejs=\"`useExisting`\" pulumi-lang-dotnet=\"`UseExisting`\" pulumi-lang-go=\"`useExisting`\" pulumi-lang-python=\"`use_existing`\" pulumi-lang-yaml=\"`useExisting`\" pulumi-lang-java=\"`useExisting`\"\u003e`useExisting`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, Terraform will still attempt to delete the service principal on destroy, although it will not raise an error if the deletion fails (as it often the case for first-party Microsoft applications).\n"}},"type":"object"}},"azuread:index/servicePrincipalCertificate:ServicePrincipalCertificate":{"description":"Manages a certificate associated with a service principal within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of _both_ the linked application registration, _and_ the service principal being managed.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Using a PEM certificate*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleServicePrincipalCertificate = new azuread.ServicePrincipalCertificate(\"example\", {\n    servicePrincipalId: exampleServicePrincipal.id,\n    type: \"AsymmetricX509Cert\",\n    value: std.file({\n        input: \"cert.pem\",\n    }).then(invoke =\u003e invoke.result),\n    endDate: \"2021-05-01T01:02:03Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_std as std\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_service_principal_certificate = azuread.ServicePrincipalCertificate(\"example\",\n    service_principal_id=example_service_principal.id,\n    type=\"AsymmetricX509Cert\",\n    value=std.file(input=\"cert.pem\").result,\n    end_date=\"2021-05-01T01:02:03Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleServicePrincipalCertificate = new AzureAD.Index.ServicePrincipalCertificate(\"example\", new()\n    {\n        ServicePrincipalId = exampleServicePrincipal.Id,\n        Type = \"AsymmetricX509Cert\",\n        Value = Std.Index.File.Invoke(new()\n        {\n            Input = \"cert.pem\",\n        }).Apply(invoke =\u003e invoke.Result),\n        EndDate = \"2021-05-01T01:02:03Z\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalCertificate(ctx, \"example\", \u0026azuread.ServicePrincipalCertificateArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tType:               pulumi.String(\"AsymmetricX509Cert\"),\n\t\t\tValue:              pulumi.String(invokeFile.Result),\n\t\t\tEndDate:            pulumi.String(\"2021-05-01T01:02:03Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.ServicePrincipalCertificate;\nimport com.pulumi.azuread.ServicePrincipalCertificateArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleServicePrincipalCertificate = new ServicePrincipalCertificate(\"exampleServicePrincipalCertificate\", ServicePrincipalCertificateArgs.builder()\n            .servicePrincipalId(exampleServicePrincipal.id())\n            .type(\"AsymmetricX509Cert\")\n            .value(StdFunctions.file(FileArgs.builder()\n                .input(\"cert.pem\")\n                .build()).result())\n            .endDate(\"2021-05-01T01:02:03Z\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleServicePrincipalCertificate:\n    type: azuread:ServicePrincipalCertificate\n    name: example\n    properties:\n      servicePrincipalId: ${exampleServicePrincipal.id}\n      type: AsymmetricX509Cert\n      value:\n        fn::invoke:\n          function: std:file\n          arguments:\n            input: cert.pem\n          return: result\n      endDate: 2021-05-01T01:02:03Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Using a DER certificate*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as std from \"@pulumi/std\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleServicePrincipalCertificate = new azuread.ServicePrincipalCertificate(\"example\", {\n    servicePrincipalId: exampleServicePrincipal.id,\n    type: \"AsymmetricX509Cert\",\n    encoding: \"base64\",\n    value: std.file({\n        input: \"cert.der\",\n    }).then(invoke =\u003e std.base64encode({\n        input: invoke.result,\n    })).then(invoke =\u003e invoke.result),\n    endDate: \"2021-05-01T01:02:03Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumi_std as std\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_service_principal_certificate = azuread.ServicePrincipalCertificate(\"example\",\n    service_principal_id=example_service_principal.id,\n    type=\"AsymmetricX509Cert\",\n    encoding=\"base64\",\n    value=std.base64encode(input=std.file(input=\"cert.der\").result).result,\n    end_date=\"2021-05-01T01:02:03Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleServicePrincipalCertificate = new AzureAD.Index.ServicePrincipalCertificate(\"example\", new()\n    {\n        ServicePrincipalId = exampleServicePrincipal.Id,\n        Type = \"AsymmetricX509Cert\",\n        Encoding = \"base64\",\n        Value = Std.Index.File.Invoke(new()\n        {\n            Input = \"cert.der\",\n        }).Apply(invoke =\u003e Std.Index.Base64encode.Invoke(new()\n        {\n            Input = invoke.Result,\n        })).Apply(invoke =\u003e invoke.Result),\n        EndDate = \"2021-05-01T01:02:03Z\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeBase64encode, err := std.Base64encode(ctx, \u0026std.Base64encodeArgs{\n\t\t\tInput: std.File(ctx, \u0026std.FileArgs{\n\t\t\t\tInput: \"cert.der\",\n\t\t\t}, nil).Result,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalCertificate(ctx, \"example\", \u0026azuread.ServicePrincipalCertificateArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tType:               pulumi.String(\"AsymmetricX509Cert\"),\n\t\t\tEncoding:           pulumi.String(\"base64\"),\n\t\t\tValue:              pulumi.String(invokeBase64encode.Result),\n\t\t\tEndDate:            pulumi.String(\"2021-05-01T01:02:03Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.ServicePrincipalCertificate;\nimport com.pulumi.azuread.ServicePrincipalCertificateArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport com.pulumi.std.inputs.Base64encodeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleServicePrincipalCertificate = new ServicePrincipalCertificate(\"exampleServicePrincipalCertificate\", ServicePrincipalCertificateArgs.builder()\n            .servicePrincipalId(exampleServicePrincipal.id())\n            .type(\"AsymmetricX509Cert\")\n            .encoding(\"base64\")\n            .value(StdFunctions.base64encode(Base64encodeArgs.builder()\n                .input(StdFunctions.file(FileArgs.builder()\n                    .input(\"cert.der\")\n                    .build()).result())\n                .build()).result())\n            .endDate(\"2021-05-01T01:02:03Z\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleServicePrincipalCertificate:\n    type: azuread:ServicePrincipalCertificate\n    name: example\n    properties:\n      servicePrincipalId: ${exampleServicePrincipal.id}\n      type: AsymmetricX509Cert\n      encoding: base64\n      value:\n        fn::invoke:\n          function: std:base64encode\n          arguments:\n            input:\n              fn::invoke:\n                function: std:file\n                arguments:\n                  input: cert.der\n                return: result\n          return: result\n      endDate: 2021-05-01T01:02:03Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nCertificates can be imported using the object ID of the associated service principal and the key ID of the certificate credential, e.g.\n\n```sh\n$ pulumi import azuread:index/servicePrincipalCertificate:ServicePrincipalCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the service principal's object ID, the string \"certificate\" and the certificate's key ID in the format `{ServicePrincipalObjectId}/certificate/{CertificateKeyId}`.\n\n","properties":{"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data. Must be one of \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`base64`\" pulumi-lang-dotnet=\"`Base64`\" pulumi-lang-go=\"`base64`\" pulumi-lang-python=\"`base64`\" pulumi-lang-yaml=\"`base64`\" pulumi-lang-java=\"`base64`\"\u003e`base64`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e.\n\n\u003e **Tip for Azure Key Vault** The \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e encoding option is useful for consuming certificate data from the\u003cspan pulumi-lang-nodejs=\" azurermKeyVaultCertificate \" pulumi-lang-dotnet=\" AzurermKeyVaultCertificate \" pulumi-lang-go=\" azurermKeyVaultCertificate \" pulumi-lang-python=\" azurerm_key_vault_certificate \" pulumi-lang-yaml=\" azurermKeyVaultCertificate \" pulumi-lang-java=\" azurermKeyVaultCertificate \"\u003e azurermKeyVaultCertificate \u003c/span\u003eresource.\n"},"endDate":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n"},"endDateRelative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". Changing this field forces a new resource to be created.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e must be set. The maximum duration is determined by Azure AD.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property."},"keyId":{"type":"string","description":"A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.\n"},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.\n"},"type":{"type":"string","description":"The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.\n"},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the \u003cspan pulumi-lang-nodejs=\"`encoding`\" pulumi-lang-dotnet=\"`Encoding`\" pulumi-lang-go=\"`encoding`\" pulumi-lang-python=\"`encoding`\" pulumi-lang-yaml=\"`encoding`\" pulumi-lang-java=\"`encoding`\"\u003e`encoding`\u003c/span\u003e argument.\n","secret":true}},"required":["endDate","keyId","servicePrincipalId","startDate","value"],"inputProperties":{"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data. Must be one of \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`base64`\" pulumi-lang-dotnet=\"`Base64`\" pulumi-lang-go=\"`base64`\" pulumi-lang-python=\"`base64`\" pulumi-lang-yaml=\"`base64`\" pulumi-lang-java=\"`base64`\"\u003e`base64`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e.\n\n\u003e **Tip for Azure Key Vault** The \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e encoding option is useful for consuming certificate data from the\u003cspan pulumi-lang-nodejs=\" azurermKeyVaultCertificate \" pulumi-lang-dotnet=\" AzurermKeyVaultCertificate \" pulumi-lang-go=\" azurermKeyVaultCertificate \" pulumi-lang-python=\" azurerm_key_vault_certificate \" pulumi-lang-yaml=\" azurermKeyVaultCertificate \" pulumi-lang-java=\" azurermKeyVaultCertificate \"\u003e azurermKeyVaultCertificate \u003c/span\u003eresource.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". Changing this field forces a new resource to be created.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e must be set. The maximum duration is determined by Azure AD.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"keyId":{"type":"string","description":"A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"type":{"type":"string","description":"The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the \u003cspan pulumi-lang-nodejs=\"`encoding`\" pulumi-lang-dotnet=\"`Encoding`\" pulumi-lang-go=\"`encoding`\" pulumi-lang-python=\"`encoding`\" pulumi-lang-yaml=\"`encoding`\" pulumi-lang-java=\"`encoding`\"\u003e`encoding`\u003c/span\u003e argument.\n","secret":true,"willReplaceOnChanges":true}},"requiredInputs":["servicePrincipalId","value"],"stateInputs":{"description":"Input properties used for looking up and filtering ServicePrincipalCertificate resources.\n","properties":{"encoding":{"type":"string","description":"Specifies the encoding used for the supplied certificate data. Must be one of \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`base64`\" pulumi-lang-dotnet=\"`Base64`\" pulumi-lang-go=\"`base64`\" pulumi-lang-python=\"`base64`\" pulumi-lang-yaml=\"`base64`\" pulumi-lang-java=\"`base64`\"\u003e`base64`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`pem`\" pulumi-lang-dotnet=\"`Pem`\" pulumi-lang-go=\"`pem`\" pulumi-lang-python=\"`pem`\" pulumi-lang-yaml=\"`pem`\" pulumi-lang-java=\"`pem`\"\u003e`pem`\u003c/span\u003e.\n\n\u003e **Tip for Azure Key Vault** The \u003cspan pulumi-lang-nodejs=\"`hex`\" pulumi-lang-dotnet=\"`Hex`\" pulumi-lang-go=\"`hex`\" pulumi-lang-python=\"`hex`\" pulumi-lang-yaml=\"`hex`\" pulumi-lang-java=\"`hex`\"\u003e`hex`\u003c/span\u003e encoding option is useful for consuming certificate data from the\u003cspan pulumi-lang-nodejs=\" azurermKeyVaultCertificate \" pulumi-lang-dotnet=\" AzurermKeyVaultCertificate \" pulumi-lang-go=\" azurermKeyVaultCertificate \" pulumi-lang-python=\" azurerm_key_vault_certificate \" pulumi-lang-yaml=\" azurermKeyVaultCertificate \" pulumi-lang-java=\" azurermKeyVaultCertificate \"\u003e azurermKeyVaultCertificate \u003c/span\u003eresource.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the certificate is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". Changing this field forces a new resource to be created.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e must be set. The maximum duration is determined by Azure AD.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"keyId":{"type":"string","description":"A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"type":{"type":"string","description":"The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the \u003cspan pulumi-lang-nodejs=\"`encoding`\" pulumi-lang-dotnet=\"`Encoding`\" pulumi-lang-go=\"`encoding`\" pulumi-lang-python=\"`encoding`\" pulumi-lang-yaml=\"`encoding`\" pulumi-lang-java=\"`encoding`\"\u003e`encoding`\u003c/span\u003e argument.\n","secret":true,"willReplaceOnChanges":true}},"type":"object"}},"azuread:index/servicePrincipalClaimsMappingPolicyAssignment:ServicePrincipalClaimsMappingPolicyAssignment":{"description":"Manages a Claims Mapping Policy Assignment within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ApplicationConfiguration` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst app = new azuread.ServicePrincipalClaimsMappingPolicyAssignment(\"app\", {\n    claimsMappingPolicyId: myPolicy.id,\n    servicePrincipalId: myPrincipal.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\napp = azuread.ServicePrincipalClaimsMappingPolicyAssignment(\"app\",\n    claims_mapping_policy_id=my_policy[\"id\"],\n    service_principal_id=my_principal[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var app = new AzureAD.Index.ServicePrincipalClaimsMappingPolicyAssignment(\"app\", new()\n    {\n        ClaimsMappingPolicyId = myPolicy.Id,\n        ServicePrincipalId = myPrincipal.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewServicePrincipalClaimsMappingPolicyAssignment(ctx, \"app\", \u0026azuread.ServicePrincipalClaimsMappingPolicyAssignmentArgs{\n\t\t\tClaimsMappingPolicyId: pulumi.Any(myPolicy.Id),\n\t\t\tServicePrincipalId:    pulumi.Any(myPrincipal.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.ServicePrincipalClaimsMappingPolicyAssignment;\nimport com.pulumi.azuread.ServicePrincipalClaimsMappingPolicyAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var app = new ServicePrincipalClaimsMappingPolicyAssignment(\"app\", ServicePrincipalClaimsMappingPolicyAssignmentArgs.builder()\n            .claimsMappingPolicyId(myPolicy.id())\n            .servicePrincipalId(myPrincipal.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  app:\n    type: azuread:ServicePrincipalClaimsMappingPolicyAssignment\n    properties:\n      claimsMappingPolicyId: ${myPolicy.id}\n      servicePrincipalId: ${myPrincipal.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClaims Mapping Policy Assignments can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, in the form `/servicePrincipals/{servicePrincipalId}/claimsMappingPolicies/{claimsMappingPolicyId}`, e.g:\n\n```sh\n$ pulumi import azuread:index/servicePrincipalClaimsMappingPolicyAssignment:ServicePrincipalClaimsMappingPolicyAssignment app /servicePrincipals/00000000-0000-0000-0000-000000000000/claimsMappingPolicies/11111111-0000-0000-0000-000000000000\n```\n\n","properties":{"claimsMappingPolicyId":{"type":"string","description":"The ID of the claims mapping policy to assign.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for the policy assignment.\n"}},"required":["claimsMappingPolicyId","servicePrincipalId"],"inputProperties":{"claimsMappingPolicyId":{"type":"string","description":"The ID of the claims mapping policy to assign.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for the policy assignment.\n","willReplaceOnChanges":true}},"requiredInputs":["claimsMappingPolicyId","servicePrincipalId"],"stateInputs":{"description":"Input properties used for looking up and filtering ServicePrincipalClaimsMappingPolicyAssignment resources.\n","properties":{"claimsMappingPolicyId":{"type":"string","description":"The ID of the claims mapping policy to assign.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for the policy assignment.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/servicePrincipalDelegatedPermissionGrant:ServicePrincipalDelegatedPermissionGrant":{"description":"Manages a delegated permission grant for a service principal, on behalf of a single user, or all users.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application role: `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one the following directory role: `Global Administrator`\n\n## Example Usage\n\n*Delegated permission grant for all users*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n    clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n    useExisting: true,\n});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    requiredResourceAccesses: [{\n        resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n        resourceAccesses: [\n            {\n                id: msgraph.oauth2PermissionScopeIds.openid,\n                type: \"Scope\",\n            },\n            {\n                id: msgraph.oauth2PermissionScopeIds[\"User.Read\"],\n                type: \"Scope\",\n            },\n        ],\n    }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleServicePrincipalDelegatedPermissionGrant = new azuread.ServicePrincipalDelegatedPermissionGrant(\"example\", {\n    servicePrincipalObjectId: exampleServicePrincipal.objectId,\n    resourceServicePrincipalObjectId: msgraph.objectId,\n    claimValues: [\n        \"openid\",\n        \"User.Read.All\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n    client_id=well_known.result[\"microsoftGraph\"],\n    use_existing=True)\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    required_resource_accesses=[{\n        \"resource_app_id\": well_known.result[\"microsoftGraph\"],\n        \"resource_accesses\": [\n            {\n                \"id\": msgraph.oauth2_permission_scope_ids[\"openid\"],\n                \"type\": \"Scope\",\n            },\n            {\n                \"id\": msgraph.oauth2_permission_scope_ids[\"User.Read\"],\n                \"type\": \"Scope\",\n            },\n        ],\n    }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_service_principal_delegated_permission_grant = azuread.ServicePrincipalDelegatedPermissionGrant(\"example\",\n    service_principal_object_id=example_service_principal.object_id,\n    resource_service_principal_object_id=msgraph.object_id,\n    claim_values=[\n        \"openid\",\n        \"User.Read.All\",\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var wellKnown = AzureAD.Index.GetApplicationPublishedAppIds.Invoke();\n\n    var msgraph = new AzureAD.Index.ServicePrincipal(\"msgraph\", new()\n    {\n        ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n        UseExisting = true,\n    });\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        RequiredResourceAccesses = new[]\n        {\n            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n            {\n                ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n                ResourceAccesses = new[]\n                {\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.Openid),\n                        Type = \"Scope\",\n                    },\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_Read),\n                        Type = \"Scope\",\n                    },\n                },\n            },\n        },\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleServicePrincipalDelegatedPermissionGrant = new AzureAD.Index.ServicePrincipalDelegatedPermissionGrant(\"example\", new()\n    {\n        ServicePrincipalObjectId = exampleServicePrincipal.ObjectId,\n        ResourceServicePrincipalObjectId = msgraph.ObjectId,\n        ClaimValues = new[]\n        {\n            \"openid\",\n            \"User.Read.All\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:    pulumi.String(pulumi.String(wellKnown.Result.MicrosoftGraph)),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.Openid, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.Read, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalDelegatedPermissionGrant(ctx, \"example\", \u0026azuread.ServicePrincipalDelegatedPermissionGrantArgs{\n\t\t\tServicePrincipalObjectId:         exampleServicePrincipal.ObjectId,\n\t\t\tResourceServicePrincipalObjectId: msgraph.ObjectId,\n\t\t\tClaimValues: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"openid\"),\n\t\t\t\tpulumi.String(\"User.Read.All\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.ServicePrincipalDelegatedPermissionGrant;\nimport com.pulumi.azuread.ServicePrincipalDelegatedPermissionGrantArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n            .clientId(wellKnown.result().microsoftGraph())\n            .useExisting(true)\n            .build());\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n                .resourceAppId(wellKnown.result().microsoftGraph())\n                .resourceAccesses(                \n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.oauth2PermissionScopeIds().applyValue(_oauth2PermissionScopeIds -\u003e _oauth2PermissionScopeIds.openid()))\n                        .type(\"Scope\")\n                        .build(),\n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.oauth2PermissionScopeIds().applyValue(_oauth2PermissionScopeIds -\u003e _oauth2PermissionScopeIds.User.Read()))\n                        .type(\"Scope\")\n                        .build())\n                .build())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleServicePrincipalDelegatedPermissionGrant = new ServicePrincipalDelegatedPermissionGrant(\"exampleServicePrincipalDelegatedPermissionGrant\", ServicePrincipalDelegatedPermissionGrantArgs.builder()\n            .servicePrincipalObjectId(exampleServicePrincipal.objectId())\n            .resourceServicePrincipalObjectId(msgraph.objectId())\n            .claimValues(            \n                \"openid\",\n                \"User.Read.All\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  msgraph:\n    type: azuread:ServicePrincipal\n    properties:\n      clientId: ${wellKnown.result.microsoftGraph}\n      useExisting: true\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      requiredResourceAccesses:\n        - resourceAppId: ${wellKnown.result.microsoftGraph}\n          resourceAccesses:\n            - id: ${msgraph.oauth2PermissionScopeIds.openid}\n              type: Scope\n            - id: ${msgraph.oauth2PermissionScopeIds\"User.Read\"[%!s(MISSING)]}\n              type: Scope\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleServicePrincipalDelegatedPermissionGrant:\n    type: azuread:ServicePrincipalDelegatedPermissionGrant\n    name: example\n    properties:\n      servicePrincipalObjectId: ${exampleServicePrincipal.objectId}\n      resourceServicePrincipalObjectId: ${msgraph.objectId}\n      claimValues:\n        - openid\n        - User.Read.All\nvariables:\n  wellKnown:\n    fn::invoke:\n      function: azuread:getApplicationPublishedAppIds\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Delegated permission grant for a single user*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n    clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n    useExisting: true,\n});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    requiredResourceAccesses: [{\n        resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.microsoftGraph),\n        resourceAccesses: [\n            {\n                id: msgraph.oauth2PermissionScopeIds.openid,\n                type: \"Scope\",\n            },\n            {\n                id: msgraph.oauth2PermissionScopeIds[\"User.Read\"],\n                type: \"Scope\",\n            },\n        ],\n    }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleUser = new azuread.User(\"example\", {\n    displayName: \"J. Doe\",\n    userPrincipalName: \"jdoe@example.com\",\n    mailNickname: \"jdoe\",\n    password: \"SecretP@sswd99!\",\n});\nconst exampleServicePrincipalDelegatedPermissionGrant = new azuread.ServicePrincipalDelegatedPermissionGrant(\"example\", {\n    servicePrincipalObjectId: exampleServicePrincipal.objectId,\n    resourceServicePrincipalObjectId: msgraph.objectId,\n    claimValues: [\n        \"openid\",\n        \"User.Read.All\",\n    ],\n    userObjectId: exampleUser.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n    client_id=well_known.result[\"microsoftGraph\"],\n    use_existing=True)\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    required_resource_accesses=[{\n        \"resource_app_id\": well_known.result[\"microsoftGraph\"],\n        \"resource_accesses\": [\n            {\n                \"id\": msgraph.oauth2_permission_scope_ids[\"openid\"],\n                \"type\": \"Scope\",\n            },\n            {\n                \"id\": msgraph.oauth2_permission_scope_ids[\"User.Read\"],\n                \"type\": \"Scope\",\n            },\n        ],\n    }])\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_user = azuread.User(\"example\",\n    display_name=\"J. Doe\",\n    user_principal_name=\"jdoe@example.com\",\n    mail_nickname=\"jdoe\",\n    password=\"SecretP@sswd99!\")\nexample_service_principal_delegated_permission_grant = azuread.ServicePrincipalDelegatedPermissionGrant(\"example\",\n    service_principal_object_id=example_service_principal.object_id,\n    resource_service_principal_object_id=msgraph.object_id,\n    claim_values=[\n        \"openid\",\n        \"User.Read.All\",\n    ],\n    user_object_id=example_user.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var wellKnown = AzureAD.Index.GetApplicationPublishedAppIds.Invoke();\n\n    var msgraph = new AzureAD.Index.ServicePrincipal(\"msgraph\", new()\n    {\n        ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n        UseExisting = true,\n    });\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        RequiredResourceAccesses = new[]\n        {\n            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n            {\n                ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n                ResourceAccesses = new[]\n                {\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.Openid),\n                        Type = \"Scope\",\n                    },\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_Read),\n                        Type = \"Scope\",\n                    },\n                },\n            },\n        },\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleUser = new AzureAD.Index.User(\"example\", new()\n    {\n        DisplayName = \"J. Doe\",\n        UserPrincipalName = \"jdoe@example.com\",\n        MailNickname = \"jdoe\",\n        Password = \"SecretP@sswd99!\",\n    });\n\n    var exampleServicePrincipalDelegatedPermissionGrant = new AzureAD.Index.ServicePrincipalDelegatedPermissionGrant(\"example\", new()\n    {\n        ServicePrincipalObjectId = exampleServicePrincipal.ObjectId,\n        ResourceServicePrincipalObjectId = msgraph.ObjectId,\n        ClaimValues = new[]\n        {\n            \"openid\",\n            \"User.Read.All\",\n        },\n        UserObjectId = exampleUser.ObjectId,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:    pulumi.String(pulumi.String(wellKnown.Result.MicrosoftGraph)),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.Openid, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.Read, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUser, err := azuread.NewUser(ctx, \"example\", \u0026azuread.UserArgs{\n\t\t\tDisplayName:       pulumi.String(\"J. Doe\"),\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tMailNickname:      pulumi.String(\"jdoe\"),\n\t\t\tPassword:          pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalDelegatedPermissionGrant(ctx, \"example\", \u0026azuread.ServicePrincipalDelegatedPermissionGrantArgs{\n\t\t\tServicePrincipalObjectId:         exampleServicePrincipal.ObjectId,\n\t\t\tResourceServicePrincipalObjectId: msgraph.ObjectId,\n\t\t\tClaimValues: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"openid\"),\n\t\t\t\tpulumi.String(\"User.Read.All\"),\n\t\t\t},\n\t\t\tUserObjectId: exampleUser.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.ServicePrincipalDelegatedPermissionGrant;\nimport com.pulumi.azuread.ServicePrincipalDelegatedPermissionGrantArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n            .clientId(wellKnown.result().microsoftGraph())\n            .useExisting(true)\n            .build());\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n                .resourceAppId(wellKnown.result().microsoftGraph())\n                .resourceAccesses(                \n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.oauth2PermissionScopeIds().applyValue(_oauth2PermissionScopeIds -\u003e _oauth2PermissionScopeIds.openid()))\n                        .type(\"Scope\")\n                        .build(),\n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.oauth2PermissionScopeIds().applyValue(_oauth2PermissionScopeIds -\u003e _oauth2PermissionScopeIds.User.Read()))\n                        .type(\"Scope\")\n                        .build())\n                .build())\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleUser = new User(\"exampleUser\", UserArgs.builder()\n            .displayName(\"J. Doe\")\n            .userPrincipalName(\"jdoe@example.com\")\n            .mailNickname(\"jdoe\")\n            .password(\"SecretP@sswd99!\")\n            .build());\n\n        var exampleServicePrincipalDelegatedPermissionGrant = new ServicePrincipalDelegatedPermissionGrant(\"exampleServicePrincipalDelegatedPermissionGrant\", ServicePrincipalDelegatedPermissionGrantArgs.builder()\n            .servicePrincipalObjectId(exampleServicePrincipal.objectId())\n            .resourceServicePrincipalObjectId(msgraph.objectId())\n            .claimValues(            \n                \"openid\",\n                \"User.Read.All\")\n            .userObjectId(exampleUser.objectId())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  msgraph:\n    type: azuread:ServicePrincipal\n    properties:\n      clientId: ${wellKnown.result.microsoftGraph}\n      useExisting: true\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      requiredResourceAccesses:\n        - resourceAppId: ${wellKnown.result.microsoftGraph}\n          resourceAccesses:\n            - id: ${msgraph.oauth2PermissionScopeIds.openid}\n              type: Scope\n            - id: ${msgraph.oauth2PermissionScopeIds\"User.Read\"[%!s(MISSING)]}\n              type: Scope\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleUser:\n    type: azuread:User\n    name: example\n    properties:\n      displayName: J. Doe\n      userPrincipalName: jdoe@example.com\n      mailNickname: jdoe\n      password: SecretP@sswd99!\n  exampleServicePrincipalDelegatedPermissionGrant:\n    type: azuread:ServicePrincipalDelegatedPermissionGrant\n    name: example\n    properties:\n      servicePrincipalObjectId: ${exampleServicePrincipal.objectId}\n      resourceServicePrincipalObjectId: ${msgraph.objectId}\n      claimValues:\n        - openid\n        - User.Read.All\n      userObjectId: ${exampleUser.objectId}\nvariables:\n  wellKnown:\n    fn::invoke:\n      function: azuread:getApplicationPublishedAppIds\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDelegated permission grants can be imported using their ID, e.g.\n\n```sh\n$ pulumi import azuread:index/servicePrincipalDelegatedPermissionGrant:ServicePrincipalDelegatedPermissionGrant example /oauth2PermissionGrants/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz\n```\n\n","properties":{"claimValues":{"type":"array","items":{"type":"string"},"description":"A set of claim values for delegated permission scopes which should be included in access tokens for the resource.\n"},"resourceServicePrincipalObjectId":{"type":"string","description":"The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created.\n"},"servicePrincipalObjectId":{"type":"string","description":"The object ID of the service principal for which this delegated permission grant should be created. Changing this forces a new resource to be created.\n"},"userObjectId":{"type":"string","description":"The object ID of the user on behalf of whom the service principal is authorized to access the resource. When omitted, the delegated permission grant will be consented for all users. Changing this forces a new resource to be created.\n\n\u003e **Granting Admin Consent** To grant admin consent for the service principal to impersonate all users, just omit the \u003cspan pulumi-lang-nodejs=\"`userObjectId`\" pulumi-lang-dotnet=\"`UserObjectId`\" pulumi-lang-go=\"`userObjectId`\" pulumi-lang-python=\"`user_object_id`\" pulumi-lang-yaml=\"`userObjectId`\" pulumi-lang-java=\"`userObjectId`\"\u003e`userObjectId`\u003c/span\u003e property.\n"}},"required":["claimValues","resourceServicePrincipalObjectId","servicePrincipalObjectId"],"inputProperties":{"claimValues":{"type":"array","items":{"type":"string"},"description":"A set of claim values for delegated permission scopes which should be included in access tokens for the resource.\n"},"resourceServicePrincipalObjectId":{"type":"string","description":"The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"servicePrincipalObjectId":{"type":"string","description":"The object ID of the service principal for which this delegated permission grant should be created. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"userObjectId":{"type":"string","description":"The object ID of the user on behalf of whom the service principal is authorized to access the resource. When omitted, the delegated permission grant will be consented for all users. Changing this forces a new resource to be created.\n\n\u003e **Granting Admin Consent** To grant admin consent for the service principal to impersonate all users, just omit the \u003cspan pulumi-lang-nodejs=\"`userObjectId`\" pulumi-lang-dotnet=\"`UserObjectId`\" pulumi-lang-go=\"`userObjectId`\" pulumi-lang-python=\"`user_object_id`\" pulumi-lang-yaml=\"`userObjectId`\" pulumi-lang-java=\"`userObjectId`\"\u003e`userObjectId`\u003c/span\u003e property.\n","willReplaceOnChanges":true}},"requiredInputs":["claimValues","resourceServicePrincipalObjectId","servicePrincipalObjectId"],"stateInputs":{"description":"Input properties used for looking up and filtering ServicePrincipalDelegatedPermissionGrant resources.\n","properties":{"claimValues":{"type":"array","items":{"type":"string"},"description":"A set of claim values for delegated permission scopes which should be included in access tokens for the resource.\n"},"resourceServicePrincipalObjectId":{"type":"string","description":"The object ID of the service principal representing the resource to be accessed. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"servicePrincipalObjectId":{"type":"string","description":"The object ID of the service principal for which this delegated permission grant should be created. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"userObjectId":{"type":"string","description":"The object ID of the user on behalf of whom the service principal is authorized to access the resource. When omitted, the delegated permission grant will be consented for all users. Changing this forces a new resource to be created.\n\n\u003e **Granting Admin Consent** To grant admin consent for the service principal to impersonate all users, just omit the \u003cspan pulumi-lang-nodejs=\"`userObjectId`\" pulumi-lang-dotnet=\"`UserObjectId`\" pulumi-lang-go=\"`userObjectId`\" pulumi-lang-python=\"`user_object_id`\" pulumi-lang-yaml=\"`userObjectId`\" pulumi-lang-java=\"`userObjectId`\"\u003e`userObjectId`\u003c/span\u003e property.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/servicePrincipalPassword:ServicePrincipalPassword":{"description":"Manages a password credential associated with a service principal within Azure Active Directory. See also the\u003cspan pulumi-lang-nodejs=\" azuread.ApplicationPassword \" pulumi-lang-dotnet=\" azuread.ApplicationPassword \" pulumi-lang-go=\" ApplicationPassword \" pulumi-lang-python=\" ApplicationPassword \" pulumi-lang-yaml=\" azuread.ApplicationPassword \" pulumi-lang-java=\" azuread.ApplicationPassword \"\u003e azuread.ApplicationPassword \u003c/span\u003eresource.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of _both_ the linked application registration, _and_ the service principal being managed.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleServicePrincipalPassword = new azuread.ServicePrincipalPassword(\"example\", {servicePrincipalId: exampleServicePrincipal.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_service_principal_password = azuread.ServicePrincipalPassword(\"example\", service_principal_id=example_service_principal.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleServicePrincipalPassword = new AzureAD.Index.ServicePrincipalPassword(\"example\", new()\n    {\n        ServicePrincipalId = exampleServicePrincipal.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalPassword(ctx, \"example\", \u0026azuread.ServicePrincipalPasswordArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.ServicePrincipalPassword;\nimport com.pulumi.azuread.ServicePrincipalPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleServicePrincipalPassword = new ServicePrincipalPassword(\"exampleServicePrincipalPassword\", ServicePrincipalPasswordArgs.builder()\n            .servicePrincipalId(exampleServicePrincipal.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleServicePrincipalPassword:\n    type: azuread:ServicePrincipalPassword\n    name: example\n    properties:\n      servicePrincipalId: ${exampleServicePrincipal.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Time-based rotation*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\nimport * as time from \"@pulumiverse/time\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleRotating = new time.Rotating(\"example\", {rotationDays: 7});\nconst exampleServicePrincipalPassword = new azuread.ServicePrincipalPassword(\"example\", {\n    servicePrincipalId: exampleServicePrincipal.id,\n    rotateWhenChanged: {\n        rotation: exampleRotating.id,\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\nimport pulumiverse_time as time\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_rotating = time.Rotating(\"example\", rotation_days=7)\nexample_service_principal_password = azuread.ServicePrincipalPassword(\"example\",\n    service_principal_id=example_service_principal.id,\n    rotate_when_changed={\n        \"rotation\": example_rotating.id,\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\nusing Time = Pulumiverse.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleRotating = new Time.Index.Rotating(\"example\", new()\n    {\n        RotationDays = 7,\n    });\n\n    var exampleServicePrincipalPassword = new AzureAD.Index.ServicePrincipalPassword(\"example\", new()\n    {\n        ServicePrincipalId = exampleServicePrincipal.Id,\n        RotateWhenChanged = \n        {\n            { \"rotation\", exampleRotating.Id },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-time/sdk/go/time\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRotating, err := time.NewRotating(ctx, \"example\", \u0026time.RotatingArgs{\n\t\t\tRotationDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalPassword(ctx, \"example\", \u0026azuread.ServicePrincipalPasswordArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tRotateWhenChanged: pulumi.StringMap{\n\t\t\t\t\"rotation\": exampleRotating.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumiverse.time.Rotating;\nimport com.pulumiverse.time.RotatingArgs;\nimport com.pulumi.azuread.ServicePrincipalPassword;\nimport com.pulumi.azuread.ServicePrincipalPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleRotating = new Rotating(\"exampleRotating\", RotatingArgs.builder()\n            .rotationDays(7)\n            .build());\n\n        var exampleServicePrincipalPassword = new ServicePrincipalPassword(\"exampleServicePrincipalPassword\", ServicePrincipalPasswordArgs.builder()\n            .servicePrincipalId(exampleServicePrincipal.id())\n            .rotateWhenChanged(Map.of(\"rotation\", exampleRotating.id()))\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleRotating:\n    type: time:Rotating\n    name: example\n    properties:\n      rotationDays: 7\n  exampleServicePrincipalPassword:\n    type: azuread:ServicePrincipalPassword\n    name: example\n    properties:\n      servicePrincipalId: ${exampleServicePrincipal.id}\n      rotateWhenChanged:\n        rotation: ${exampleRotating.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n","properties":{"displayName":{"type":"string","description":"A display name for the password.\n"},"endDate":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n"},"endDateRelative":{"type":"string","description":"A relative duration for which the password is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property."},"keyId":{"type":"string","description":"A UUID used to uniquely identify this password credential.\n"},"rotateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.\n"},"startDate":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.\n"},"value":{"type":"string","description":"The password for this service principal, which is generated by Azure Active Directory.\n","secret":true}},"required":["displayName","endDate","keyId","servicePrincipalId","startDate","value"],"inputProperties":{"displayName":{"type":"string","description":"A display name for the password.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the password is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"rotateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["servicePrincipalId"],"stateInputs":{"description":"Input properties used for looking up and filtering ServicePrincipalPassword resources.\n","properties":{"displayName":{"type":"string","description":"A display name for the password.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"endDateRelative":{"type":"string","description":"A relative duration for which the password is valid until, for example \u003cspan pulumi-lang-nodejs=\"`240h`\" pulumi-lang-dotnet=\"`240h`\" pulumi-lang-go=\"`240h`\" pulumi-lang-python=\"`240h`\" pulumi-lang-yaml=\"`240h`\" pulumi-lang-java=\"`240h`\"\u003e`240h`\u003c/span\u003e (10 days) or \u003cspan pulumi-lang-nodejs=\"`2400h30m`\" pulumi-lang-dotnet=\"`2400h30m`\" pulumi-lang-go=\"`2400h30m`\" pulumi-lang-python=\"`2400h30m`\" pulumi-lang-yaml=\"`2400h30m`\" pulumi-lang-java=\"`2400h30m`\"\u003e`2400h30m`\u003c/span\u003e. Changing this field forces a new resource to be created.\n","deprecationMessage":"The \u003cspan pulumi-lang-nodejs=\"`endDateRelative`\" pulumi-lang-dotnet=\"`EndDateRelative`\" pulumi-lang-go=\"`endDateRelative`\" pulumi-lang-python=\"`end_date_relative`\" pulumi-lang-yaml=\"`endDateRelative`\" pulumi-lang-java=\"`endDateRelative`\"\u003e`endDateRelative`\u003c/span\u003e property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the \u003cspan pulumi-lang-nodejs=\"`endDate`\" pulumi-lang-dotnet=\"`EndDate`\" pulumi-lang-go=\"`endDate`\" pulumi-lang-python=\"`end_date`\" pulumi-lang-yaml=\"`endDate`\" pulumi-lang-java=\"`endDate`\"\u003e`endDate`\u003c/span\u003e property.","willReplaceOnChanges":true},"keyId":{"type":"string","description":"A UUID used to uniquely identify this password credential.\n"},"rotateWhenChanged":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of arbitrary key/value pairs that will force recreation of the password when they change, enabling password rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this password should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the password is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the current date is used.  Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"value":{"type":"string","description":"The password for this service principal, which is generated by Azure Active Directory.\n","secret":true}},"type":"object"}},"azuread:index/servicePrincipalTokenSigningCertificate:ServicePrincipalTokenSigningCertificate":{"description":"Manages a token signing certificate associated with a service principal within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`\n\n\u003e When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of _both_ the linked application registration, _and_ the service principal being managed.\n\nWhen authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Using default settings*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleServicePrincipalTokenSigningCertificate = new azuread.ServicePrincipalTokenSigningCertificate(\"example\", {servicePrincipalId: exampleServicePrincipal.id});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_service_principal_token_signing_certificate = azuread.ServicePrincipalTokenSigningCertificate(\"example\", service_principal_id=example_service_principal.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleServicePrincipalTokenSigningCertificate = new AzureAD.Index.ServicePrincipalTokenSigningCertificate(\"example\", new()\n    {\n        ServicePrincipalId = exampleServicePrincipal.Id,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalTokenSigningCertificate(ctx, \"example\", \u0026azuread.ServicePrincipalTokenSigningCertificateArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.ServicePrincipalTokenSigningCertificate;\nimport com.pulumi.azuread.ServicePrincipalTokenSigningCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleServicePrincipalTokenSigningCertificate = new ServicePrincipalTokenSigningCertificate(\"exampleServicePrincipalTokenSigningCertificate\", ServicePrincipalTokenSigningCertificateArgs.builder()\n            .servicePrincipalId(exampleServicePrincipal.id())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleServicePrincipalTokenSigningCertificate:\n    type: azuread:ServicePrincipalTokenSigningCertificate\n    name: example\n    properties:\n      servicePrincipalId: ${exampleServicePrincipal.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Using custom settings*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Application(\"example\", {displayName: \"example\"});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {clientId: example.clientId});\nconst exampleServicePrincipalTokenSigningCertificate = new azuread.ServicePrincipalTokenSigningCertificate(\"example\", {\n    servicePrincipalId: exampleServicePrincipal.id,\n    displayName: \"CN=example.com\",\n    endDate: \"2023-05-01T01:02:03Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Application(\"example\", display_name=\"example\")\nexample_service_principal = azuread.ServicePrincipal(\"example\", client_id=example.client_id)\nexample_service_principal_token_signing_certificate = azuread.ServicePrincipalTokenSigningCertificate(\"example\",\n    service_principal_id=example_service_principal.id,\n    display_name=\"CN=example.com\",\n    end_date=\"2023-05-01T01:02:03Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n    });\n\n    var exampleServicePrincipal = new AzureAD.Index.ServicePrincipal(\"example\", new()\n    {\n        ClientId = example.ClientId,\n    });\n\n    var exampleServicePrincipalTokenSigningCertificate = new AzureAD.Index.ServicePrincipalTokenSigningCertificate(\"example\", new()\n    {\n        ServicePrincipalId = exampleServicePrincipal.Id,\n        DisplayName = \"CN=example.com\",\n        EndDate = \"2023-05-01T01:02:03Z\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: example.ClientId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewServicePrincipalTokenSigningCertificate(ctx, \"example\", \u0026azuread.ServicePrincipalTokenSigningCertificateArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tDisplayName:        pulumi.String(\"CN=example.com\"),\n\t\t\tEndDate:            pulumi.String(\"2023-05-01T01:02:03Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.ServicePrincipalTokenSigningCertificate;\nimport com.pulumi.azuread.ServicePrincipalTokenSigningCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .build());\n\n        var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder()\n            .clientId(example.clientId())\n            .build());\n\n        var exampleServicePrincipalTokenSigningCertificate = new ServicePrincipalTokenSigningCertificate(\"exampleServicePrincipalTokenSigningCertificate\", ServicePrincipalTokenSigningCertificateArgs.builder()\n            .servicePrincipalId(exampleServicePrincipal.id())\n            .displayName(\"CN=example.com\")\n            .endDate(\"2023-05-01T01:02:03Z\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n  exampleServicePrincipal:\n    type: azuread:ServicePrincipal\n    name: example\n    properties:\n      clientId: ${example.clientId}\n  exampleServicePrincipalTokenSigningCertificate:\n    type: azuread:ServicePrincipalTokenSigningCertificate\n    name: example\n    properties:\n      servicePrincipalId: ${exampleServicePrincipal.id}\n      displayName: CN=example.com\n      endDate: 2023-05-01T01:02:03Z\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nToken signing certificates can be imported using the object ID of the associated service principal and the key ID of the verify certificate credential, e.g.\n\n```sh\n$ pulumi import azuread:index/servicePrincipalTokenSigningCertificate:ServicePrincipalTokenSigningCertificate example 00000000-0000-0000-0000-000000000000/tokenSigningCertificate/11111111-1111-1111-1111-111111111111\n```\n\n\u003e This ID format is unique to Terraform and is composed of the service principal's object ID, the string \"tokenSigningCertificate\" and the verify certificate's key ID in the format `{ServicePrincipalObjectId}/tokenSigningCertificate/{CertificateKeyId}`.\n\n","properties":{"displayName":{"type":"string","description":"Specifies a friendly name for the certificate. Must start with `CN=`. Changing this field forces a new resource to be created.\n\n\u003e If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.\n"},"endDate":{"type":"string","description":"The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n"},"keyId":{"type":"string","description":"A UUID used to uniquely identify the verify certificate.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.\n"},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n"},"thumbprint":{"type":"string","description":"A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.\n"},"value":{"type":"string","description":"The certificate data, which is PEM encoded but does not include the header `-----BEGIN CERTIFICATE-----\\n` or the footer `\\n-----END CERTIFICATE-----`.\n","secret":true}},"required":["displayName","endDate","keyId","servicePrincipalId","startDate","thumbprint","value"],"inputProperties":{"displayName":{"type":"string","description":"Specifies a friendly name for the certificate. Must start with `CN=`. Changing this field forces a new resource to be created.\n\n\u003e If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["servicePrincipalId"],"stateInputs":{"description":"Input properties used for looking up and filtering ServicePrincipalTokenSigningCertificate resources.\n","properties":{"displayName":{"type":"string","description":"Specifies a friendly name for the certificate. Must start with `CN=`. Changing this field forces a new resource to be created.\n\n\u003e If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.\n","willReplaceOnChanges":true},"endDate":{"type":"string","description":"The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"keyId":{"type":"string","description":"A UUID used to uniquely identify the verify certificate.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"startDate":{"type":"string","description":"The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n"},"thumbprint":{"type":"string","description":"A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.\n"},"value":{"type":"string","description":"The certificate data, which is PEM encoded but does not include the header `-----BEGIN CERTIFICATE-----\\n` or the footer `\\n-----END CERTIFICATE-----`.\n","secret":true}},"type":"object"}},"azuread:index/synchronizationJob:SynchronizationJob":{"description":"Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n    displayName: \"Azure Databricks SCIM Provisioning Connector\",\n});\nconst exampleApplicationFromTemplate = new azuread.ApplicationFromTemplate(\"example\", {\n    displayName: \"example\",\n    templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleGetServicePrincipal = azuread.getServicePrincipalOutput({\n    objectId: exampleApplicationFromTemplate.servicePrincipalObjectId,\n});\nconst exampleSynchronizationSecret = new azuread.SynchronizationSecret(\"example\", {\n    servicePrincipalId: exampleGetServicePrincipal.apply(exampleGetServicePrincipal =\u003e exampleGetServicePrincipal.id),\n    credentials: [\n        {\n            key: \"BaseAddress\",\n            value: \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n        },\n        {\n            key: \"SecretToken\",\n            value: \"some-token\",\n        },\n    ],\n});\nconst exampleSynchronizationJob = new azuread.SynchronizationJob(\"example\", {\n    servicePrincipalId: exampleGetServicePrincipal.apply(exampleGetServicePrincipal =\u003e exampleGetServicePrincipal.id),\n    templateId: \"dataBricks\",\n    enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Azure Databricks SCIM Provisioning Connector\")\nexample_application_from_template = azuread.ApplicationFromTemplate(\"example\",\n    display_name=\"example\",\n    template_id=example.template_id)\nexample_get_service_principal = azuread.get_service_principal_output(object_id=example_application_from_template.service_principal_object_id)\nexample_synchronization_secret = azuread.SynchronizationSecret(\"example\",\n    service_principal_id=example_get_service_principal.id,\n    credentials=[\n        {\n            \"key\": \"BaseAddress\",\n            \"value\": \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n        },\n        {\n            \"key\": \"SecretToken\",\n            \"value\": \"some-token\",\n        },\n    ])\nexample_synchronization_job = azuread.SynchronizationJob(\"example\",\n    service_principal_id=example_get_service_principal.id,\n    template_id=\"dataBricks\",\n    enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetApplicationTemplate.Invoke(new()\n    {\n        DisplayName = \"Azure Databricks SCIM Provisioning Connector\",\n    });\n\n    var exampleApplicationFromTemplate = new AzureAD.Index.ApplicationFromTemplate(\"example\", new()\n    {\n        DisplayName = \"example\",\n        TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n    });\n\n    var exampleGetServicePrincipal = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        ObjectId = exampleApplicationFromTemplate.ServicePrincipalObjectId,\n    });\n\n    var exampleSynchronizationSecret = new AzureAD.Index.SynchronizationSecret(\"example\", new()\n    {\n        ServicePrincipalId = exampleGetServicePrincipal.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.Id),\n        Credentials = new[]\n        {\n            new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n            {\n                Key = \"BaseAddress\",\n                Value = \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n            },\n            new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n            {\n                Key = \"SecretToken\",\n                Value = \"some-token\",\n            },\n        },\n    });\n\n    var exampleSynchronizationJob = new AzureAD.Index.SynchronizationJob(\"example\", new()\n    {\n        ServicePrincipalId = exampleGetServicePrincipal.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.Id),\n        TemplateId = \"dataBricks\",\n        Enabled = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Azure Databricks SCIM Provisioning Connector\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplicationFromTemplate, err := azuread.NewApplicationFromTemplate(ctx, \"example\", \u0026azuread.ApplicationFromTemplateArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId:  pulumi.String(pulumi.String(example.TemplateId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGetServicePrincipal := azuread.GetServicePrincipalOutput(ctx, azuread.GetServicePrincipalOutputArgs{\n\t\t\tObjectId: exampleApplicationFromTemplate.ServicePrincipalObjectId,\n\t\t}, nil)\n\t\t_, err = azuread.NewSynchronizationSecret(ctx, \"example\", \u0026azuread.SynchronizationSecretArgs{\n\t\t\tServicePrincipalId: pulumi.String(exampleGetServicePrincipal.ApplyT(func(exampleGetServicePrincipal azuread.GetServicePrincipalResult) (*string, error) {\n\t\t\t\treturn \u0026exampleGetServicePrincipal.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tCredentials: azuread.SynchronizationSecretCredentialArray{\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey:   pulumi.String(\"BaseAddress\"),\n\t\t\t\t\tValue: pulumi.String(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\"),\n\t\t\t\t},\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey:   pulumi.String(\"SecretToken\"),\n\t\t\t\t\tValue: pulumi.String(\"some-token\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationJob(ctx, \"example\", \u0026azuread.SynchronizationJobArgs{\n\t\t\tServicePrincipalId: pulumi.String(exampleGetServicePrincipal.ApplyT(func(exampleGetServicePrincipal azuread.GetServicePrincipalResult) (*string, error) {\n\t\t\t\treturn \u0026exampleGetServicePrincipal.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tTemplateId: pulumi.String(\"dataBricks\"),\n\t\t\tEnabled:    pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.ApplicationFromTemplate;\nimport com.pulumi.azuread.ApplicationFromTemplateArgs;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport com.pulumi.azuread.SynchronizationSecret;\nimport com.pulumi.azuread.SynchronizationSecretArgs;\nimport com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;\nimport com.pulumi.azuread.SynchronizationJob;\nimport com.pulumi.azuread.SynchronizationJobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n            .displayName(\"Azure Databricks SCIM Provisioning Connector\")\n            .build());\n\n        var exampleApplicationFromTemplate = new ApplicationFromTemplate(\"exampleApplicationFromTemplate\", ApplicationFromTemplateArgs.builder()\n            .displayName(\"example\")\n            .templateId(example.templateId())\n            .build());\n\n        final var exampleGetServicePrincipal = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .objectId(exampleApplicationFromTemplate.servicePrincipalObjectId())\n            .build());\n\n        var exampleSynchronizationSecret = new SynchronizationSecret(\"exampleSynchronizationSecret\", SynchronizationSecretArgs.builder()\n            .servicePrincipalId(exampleGetServicePrincipal.applyValue(_exampleGetServicePrincipal -\u003e _exampleGetServicePrincipal.id()))\n            .credentials(            \n                SynchronizationSecretCredentialArgs.builder()\n                    .key(\"BaseAddress\")\n                    .value(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\")\n                    .build(),\n                SynchronizationSecretCredentialArgs.builder()\n                    .key(\"SecretToken\")\n                    .value(\"some-token\")\n                    .build())\n            .build());\n\n        var exampleSynchronizationJob = new SynchronizationJob(\"exampleSynchronizationJob\", SynchronizationJobArgs.builder()\n            .servicePrincipalId(exampleGetServicePrincipal.applyValue(_exampleGetServicePrincipal -\u003e _exampleGetServicePrincipal.id()))\n            .templateId(\"dataBricks\")\n            .enabled(true)\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleApplicationFromTemplate:\n    type: azuread:ApplicationFromTemplate\n    name: example\n    properties:\n      displayName: example\n      templateId: ${example.templateId}\n  exampleSynchronizationSecret:\n    type: azuread:SynchronizationSecret\n    name: example\n    properties:\n      servicePrincipalId: ${exampleGetServicePrincipal.id}\n      credentials:\n        - key: BaseAddress\n          value: https://adb-example.azuredatabricks.net/api/2.0/preview/scim\n        - key: SecretToken\n          value: some-token\n  exampleSynchronizationJob:\n    type: azuread:SynchronizationJob\n    name: example\n    properties:\n      servicePrincipalId: ${exampleGetServicePrincipal.id}\n      templateId: dataBricks\n      enabled: true\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getApplicationTemplate\n      arguments:\n        displayName: Azure Databricks SCIM Provisioning Connector\n  exampleGetServicePrincipal:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        objectId: ${exampleApplicationFromTemplate.servicePrincipalObjectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSynchronization jobs can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/synchronizationJob:SynchronizationJob example /servicePrincipals/00000000-0000-0000-0000-000000000000/synchronization/jobs/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5\n```\n\n\u003e This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `/servicePrincipals/{servicePrincipalId}/synchronization/jobs/{synchronizationJobId}`.\n\n","properties":{"enabled":{"type":"boolean","description":"Whether the provisioning job is enabled. Default state is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"schedules":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationJobSchedule:SynchronizationJobSchedule"},"description":"A \u003cspan pulumi-lang-nodejs=\"`schedule`\" pulumi-lang-dotnet=\"`Schedule`\" pulumi-lang-go=\"`schedule`\" pulumi-lang-python=\"`schedule`\" pulumi-lang-yaml=\"`schedule`\" pulumi-lang-java=\"`schedule`\"\u003e`schedule`\u003c/span\u003e list as documented below.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.\n"},"templateId":{"type":"string","description":"Identifier of the synchronization template this job is based on.\n"}},"required":["schedules","servicePrincipalId","templateId"],"inputProperties":{"enabled":{"type":"boolean","description":"Whether the provisioning job is enabled. Default state is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"templateId":{"type":"string","description":"Identifier of the synchronization template this job is based on.\n","willReplaceOnChanges":true}},"requiredInputs":["servicePrincipalId","templateId"],"stateInputs":{"description":"Input properties used for looking up and filtering SynchronizationJob resources.\n","properties":{"enabled":{"type":"boolean","description":"Whether the provisioning job is enabled. Default state is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"schedules":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationJobSchedule:SynchronizationJobSchedule"},"description":"A \u003cspan pulumi-lang-nodejs=\"`schedule`\" pulumi-lang-dotnet=\"`Schedule`\" pulumi-lang-go=\"`schedule`\" pulumi-lang-python=\"`schedule`\" pulumi-lang-yaml=\"`schedule`\" pulumi-lang-java=\"`schedule`\"\u003e`schedule`\u003c/span\u003e list as documented below.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true},"templateId":{"type":"string","description":"Identifier of the synchronization template this job is based on.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand":{"description":"Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst exampleGroup = new azuread.Group(\"example\", {\n    displayName: \"example\",\n    owners: [current.then(current =\u003e current.objectId)],\n    securityEnabled: true,\n});\nconst example = azuread.getApplicationTemplate({\n    displayName: \"Azure Databricks SCIM Provisioning Connector\",\n});\nconst exampleApplicationFromTemplate = new azuread.ApplicationFromTemplate(\"example\", {\n    displayName: \"example\",\n    templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleGetServicePrincipal = azuread.getServicePrincipalOutput({\n    objectId: exampleApplicationFromTemplate.servicePrincipalObjectId,\n});\nconst exampleSynchronizationSecret = new azuread.SynchronizationSecret(\"example\", {\n    servicePrincipalId: exampleGetServicePrincipal.apply(exampleGetServicePrincipal =\u003e exampleGetServicePrincipal.id),\n    credentials: [\n        {\n            key: \"BaseAddress\",\n            value: \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n        },\n        {\n            key: \"SecretToken\",\n            value: \"some-token\",\n        },\n    ],\n});\nconst exampleSynchronizationJob = new azuread.SynchronizationJob(\"example\", {\n    servicePrincipalId: exampleGetServicePrincipal.apply(exampleGetServicePrincipal =\u003e exampleGetServicePrincipal.id),\n    templateId: \"dataBricks\",\n    enabled: true,\n});\nconst exampleSynchronizationJobProvisionOnDemand = new azuread.SynchronizationJobProvisionOnDemand(\"example\", {\n    servicePrincipalId: exampleSynchronizationJob.servicePrincipalId,\n    synchronizationJobId: exampleSynchronizationJob.id,\n    parameters: [{\n        ruleId: \"\",\n        subjects: [{\n            objectId: exampleGroup.objectId,\n            objectTypeName: \"Group\",\n        }],\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample_group = azuread.Group(\"example\",\n    display_name=\"example\",\n    owners=[current.object_id],\n    security_enabled=True)\nexample = azuread.get_application_template(display_name=\"Azure Databricks SCIM Provisioning Connector\")\nexample_application_from_template = azuread.ApplicationFromTemplate(\"example\",\n    display_name=\"example\",\n    template_id=example.template_id)\nexample_get_service_principal = azuread.get_service_principal_output(object_id=example_application_from_template.service_principal_object_id)\nexample_synchronization_secret = azuread.SynchronizationSecret(\"example\",\n    service_principal_id=example_get_service_principal.id,\n    credentials=[\n        {\n            \"key\": \"BaseAddress\",\n            \"value\": \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n        },\n        {\n            \"key\": \"SecretToken\",\n            \"value\": \"some-token\",\n        },\n    ])\nexample_synchronization_job = azuread.SynchronizationJob(\"example\",\n    service_principal_id=example_get_service_principal.id,\n    template_id=\"dataBricks\",\n    enabled=True)\nexample_synchronization_job_provision_on_demand = azuread.SynchronizationJobProvisionOnDemand(\"example\",\n    service_principal_id=example_synchronization_job.service_principal_id,\n    synchronization_job_id=example_synchronization_job.id,\n    parameters=[{\n        \"rule_id\": \"\",\n        \"subjects\": [{\n            \"object_id\": example_group.object_id,\n            \"object_type_name\": \"Group\",\n        }],\n    }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    var exampleGroup = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"example\",\n        Owners = new[]\n        {\n            current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n        },\n        SecurityEnabled = true,\n    });\n\n    var example = AzureAD.Index.GetApplicationTemplate.Invoke(new()\n    {\n        DisplayName = \"Azure Databricks SCIM Provisioning Connector\",\n    });\n\n    var exampleApplicationFromTemplate = new AzureAD.Index.ApplicationFromTemplate(\"example\", new()\n    {\n        DisplayName = \"example\",\n        TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n    });\n\n    var exampleGetServicePrincipal = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        ObjectId = exampleApplicationFromTemplate.ServicePrincipalObjectId,\n    });\n\n    var exampleSynchronizationSecret = new AzureAD.Index.SynchronizationSecret(\"example\", new()\n    {\n        ServicePrincipalId = exampleGetServicePrincipal.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.Id),\n        Credentials = new[]\n        {\n            new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n            {\n                Key = \"BaseAddress\",\n                Value = \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n            },\n            new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n            {\n                Key = \"SecretToken\",\n                Value = \"some-token\",\n            },\n        },\n    });\n\n    var exampleSynchronizationJob = new AzureAD.Index.SynchronizationJob(\"example\", new()\n    {\n        ServicePrincipalId = exampleGetServicePrincipal.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.Id),\n        TemplateId = \"dataBricks\",\n        Enabled = true,\n    });\n\n    var exampleSynchronizationJobProvisionOnDemand = new AzureAD.Index.SynchronizationJobProvisionOnDemand(\"example\", new()\n    {\n        ServicePrincipalId = exampleSynchronizationJob.ServicePrincipalId,\n        SynchronizationJobId = exampleSynchronizationJob.Id,\n        Parameters = new[]\n        {\n            new AzureAD.Inputs.SynchronizationJobProvisionOnDemandParameterArgs\n            {\n                RuleId = \"\",\n                Subjects = new[]\n                {\n                    new AzureAD.Inputs.SynchronizationJobProvisionOnDemandParameterSubjectArgs\n                    {\n                        ObjectId = exampleGroup.ObjectId,\n                        ObjectTypeName = \"Group\",\n                    },\n                },\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(pulumi.String(current.ObjectId)),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Azure Databricks SCIM Provisioning Connector\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplicationFromTemplate, err := azuread.NewApplicationFromTemplate(ctx, \"example\", \u0026azuread.ApplicationFromTemplateArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId:  pulumi.String(pulumi.String(example.TemplateId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGetServicePrincipal := azuread.GetServicePrincipalOutput(ctx, azuread.GetServicePrincipalOutputArgs{\n\t\t\tObjectId: exampleApplicationFromTemplate.ServicePrincipalObjectId,\n\t\t}, nil)\n\t\t_, err = azuread.NewSynchronizationSecret(ctx, \"example\", \u0026azuread.SynchronizationSecretArgs{\n\t\t\tServicePrincipalId: pulumi.String(exampleGetServicePrincipal.ApplyT(func(exampleGetServicePrincipal azuread.GetServicePrincipalResult) (*string, error) {\n\t\t\t\treturn \u0026exampleGetServicePrincipal.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tCredentials: azuread.SynchronizationSecretCredentialArray{\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey:   pulumi.String(\"BaseAddress\"),\n\t\t\t\t\tValue: pulumi.String(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\"),\n\t\t\t\t},\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey:   pulumi.String(\"SecretToken\"),\n\t\t\t\t\tValue: pulumi.String(\"some-token\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSynchronizationJob, err := azuread.NewSynchronizationJob(ctx, \"example\", \u0026azuread.SynchronizationJobArgs{\n\t\t\tServicePrincipalId: pulumi.String(exampleGetServicePrincipal.ApplyT(func(exampleGetServicePrincipal azuread.GetServicePrincipalResult) (*string, error) {\n\t\t\t\treturn \u0026exampleGetServicePrincipal.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tTemplateId: pulumi.String(\"dataBricks\"),\n\t\t\tEnabled:    pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationJobProvisionOnDemand(ctx, \"example\", \u0026azuread.SynchronizationJobProvisionOnDemandArgs{\n\t\t\tServicePrincipalId:   exampleSynchronizationJob.ServicePrincipalId,\n\t\t\tSynchronizationJobId: exampleSynchronizationJob.ID(),\n\t\t\tParameters: azuread.SynchronizationJobProvisionOnDemandParameterArray{\n\t\t\t\t\u0026azuread.SynchronizationJobProvisionOnDemandParameterArgs{\n\t\t\t\t\tRuleId: pulumi.String(\"\"),\n\t\t\t\t\tSubjects: azuread.SynchronizationJobProvisionOnDemandParameterSubjectArray{\n\t\t\t\t\t\t\u0026azuread.SynchronizationJobProvisionOnDemandParameterSubjectArgs{\n\t\t\t\t\t\t\tObjectId:       exampleGroup.ObjectId,\n\t\t\t\t\t\t\tObjectTypeName: pulumi.String(\"Group\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.ApplicationFromTemplate;\nimport com.pulumi.azuread.ApplicationFromTemplateArgs;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport com.pulumi.azuread.SynchronizationSecret;\nimport com.pulumi.azuread.SynchronizationSecretArgs;\nimport com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;\nimport com.pulumi.azuread.SynchronizationJob;\nimport com.pulumi.azuread.SynchronizationJobArgs;\nimport com.pulumi.azuread.SynchronizationJobProvisionOnDemand;\nimport com.pulumi.azuread.SynchronizationJobProvisionOnDemandArgs;\nimport com.pulumi.azuread.inputs.SynchronizationJobProvisionOnDemandParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder()\n            .displayName(\"example\")\n            .owners(current.objectId())\n            .securityEnabled(true)\n            .build());\n\n        final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n            .displayName(\"Azure Databricks SCIM Provisioning Connector\")\n            .build());\n\n        var exampleApplicationFromTemplate = new ApplicationFromTemplate(\"exampleApplicationFromTemplate\", ApplicationFromTemplateArgs.builder()\n            .displayName(\"example\")\n            .templateId(example.templateId())\n            .build());\n\n        final var exampleGetServicePrincipal = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .objectId(exampleApplicationFromTemplate.servicePrincipalObjectId())\n            .build());\n\n        var exampleSynchronizationSecret = new SynchronizationSecret(\"exampleSynchronizationSecret\", SynchronizationSecretArgs.builder()\n            .servicePrincipalId(exampleGetServicePrincipal.applyValue(_exampleGetServicePrincipal -\u003e _exampleGetServicePrincipal.id()))\n            .credentials(            \n                SynchronizationSecretCredentialArgs.builder()\n                    .key(\"BaseAddress\")\n                    .value(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\")\n                    .build(),\n                SynchronizationSecretCredentialArgs.builder()\n                    .key(\"SecretToken\")\n                    .value(\"some-token\")\n                    .build())\n            .build());\n\n        var exampleSynchronizationJob = new SynchronizationJob(\"exampleSynchronizationJob\", SynchronizationJobArgs.builder()\n            .servicePrincipalId(exampleGetServicePrincipal.applyValue(_exampleGetServicePrincipal -\u003e _exampleGetServicePrincipal.id()))\n            .templateId(\"dataBricks\")\n            .enabled(true)\n            .build());\n\n        var exampleSynchronizationJobProvisionOnDemand = new SynchronizationJobProvisionOnDemand(\"exampleSynchronizationJobProvisionOnDemand\", SynchronizationJobProvisionOnDemandArgs.builder()\n            .servicePrincipalId(exampleSynchronizationJob.servicePrincipalId())\n            .synchronizationJobId(exampleSynchronizationJob.id())\n            .parameters(SynchronizationJobProvisionOnDemandParameterArgs.builder()\n                .ruleId(\"\")\n                .subjects(SynchronizationJobProvisionOnDemandParameterSubjectArgs.builder()\n                    .objectId(exampleGroup.objectId())\n                    .objectTypeName(\"Group\")\n                    .build())\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleGroup:\n    type: azuread:Group\n    name: example\n    properties:\n      displayName: example\n      owners:\n        - ${current.objectId}\n      securityEnabled: true\n  exampleApplicationFromTemplate:\n    type: azuread:ApplicationFromTemplate\n    name: example\n    properties:\n      displayName: example\n      templateId: ${example.templateId}\n  exampleSynchronizationSecret:\n    type: azuread:SynchronizationSecret\n    name: example\n    properties:\n      servicePrincipalId: ${exampleGetServicePrincipal.id}\n      credentials:\n        - key: BaseAddress\n          value: https://adb-example.azuredatabricks.net/api/2.0/preview/scim\n        - key: SecretToken\n          value: some-token\n  exampleSynchronizationJob:\n    type: azuread:SynchronizationJob\n    name: example\n    properties:\n      servicePrincipalId: ${exampleGetServicePrincipal.id}\n      templateId: dataBricks\n      enabled: true\n  exampleSynchronizationJobProvisionOnDemand:\n    type: azuread:SynchronizationJobProvisionOnDemand\n    name: example\n    properties:\n      servicePrincipalId: ${exampleSynchronizationJob.servicePrincipalId}\n      synchronizationJobId: ${exampleSynchronizationJob.id}\n      parameters:\n        - ruleId: \"\"\n          subjects:\n            - objectId: ${exampleGroup.objectId}\n              objectTypeName: Group\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\n  example:\n    fn::invoke:\n      function: azuread:getApplicationTemplate\n      arguments:\n        displayName: Azure Databricks SCIM Provisioning Connector\n  exampleGetServicePrincipal:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        objectId: ${exampleApplicationFromTemplate.servicePrincipalObjectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n","properties":{"parameters":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`parameter`\" pulumi-lang-dotnet=\"`Parameter`\" pulumi-lang-go=\"`parameter`\" pulumi-lang-python=\"`parameter`\" pulumi-lang-yaml=\"`parameter`\" pulumi-lang-java=\"`parameter`\"\u003e`parameter`\u003c/span\u003e blocks as documented below.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for the synchronization job.\n"},"synchronizationJobId":{"type":"string","description":"The ID of the synchronization job.\n"},"triggers":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of arbitrary keys and values that, when changed, will trigger a re-invocation. To force a re-invocation without changing these keys/values, use the `terraform taint` command.\n"}},"required":["parameters","servicePrincipalId","synchronizationJobId"],"inputProperties":{"parameters":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`parameter`\" pulumi-lang-dotnet=\"`Parameter`\" pulumi-lang-go=\"`parameter`\" pulumi-lang-python=\"`parameter`\" pulumi-lang-yaml=\"`parameter`\" pulumi-lang-java=\"`parameter`\"\u003e`parameter`\u003c/span\u003e blocks as documented below.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for the synchronization job.\n","willReplaceOnChanges":true},"synchronizationJobId":{"type":"string","description":"The ID of the synchronization job.\n","willReplaceOnChanges":true},"triggers":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of arbitrary keys and values that, when changed, will trigger a re-invocation. To force a re-invocation without changing these keys/values, use the `terraform taint` command.\n","willReplaceOnChanges":true}},"requiredInputs":["parameters","servicePrincipalId","synchronizationJobId"],"stateInputs":{"description":"Input properties used for looking up and filtering SynchronizationJobProvisionOnDemand resources.\n","properties":{"parameters":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`parameter`\" pulumi-lang-dotnet=\"`Parameter`\" pulumi-lang-go=\"`parameter`\" pulumi-lang-python=\"`parameter`\" pulumi-lang-yaml=\"`parameter`\" pulumi-lang-java=\"`parameter`\"\u003e`parameter`\u003c/span\u003e blocks as documented below.\n","willReplaceOnChanges":true},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for the synchronization job.\n","willReplaceOnChanges":true},"synchronizationJobId":{"type":"string","description":"The ID of the synchronization job.\n","willReplaceOnChanges":true},"triggers":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of arbitrary keys and values that, when changed, will trigger a re-invocation. To force a re-invocation without changing these keys/values, use the `terraform taint` command.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/synchronizationSecret:SynchronizationSecret":{"description":"Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n    displayName: \"Azure Databricks SCIM Provisioning Connector\",\n});\nconst exampleApplicationFromTemplate = new azuread.ApplicationFromTemplate(\"example\", {\n    displayName: \"example\",\n    templateId: example.then(example =\u003e example.templateId),\n});\nconst exampleGetServicePrincipal = azuread.getServicePrincipalOutput({\n    objectId: exampleApplicationFromTemplate.servicePrincipalObjectId,\n});\nconst exampleSynchronizationSecret = new azuread.SynchronizationSecret(\"example\", {\n    servicePrincipalId: exampleGetServicePrincipal.apply(exampleGetServicePrincipal =\u003e exampleGetServicePrincipal.id),\n    credentials: [\n        {\n            key: \"BaseAddress\",\n            value: \"abc\",\n        },\n        {\n            key: \"SecretToken\",\n            value: \"some-token\",\n        },\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Azure Databricks SCIM Provisioning Connector\")\nexample_application_from_template = azuread.ApplicationFromTemplate(\"example\",\n    display_name=\"example\",\n    template_id=example.template_id)\nexample_get_service_principal = azuread.get_service_principal_output(object_id=example_application_from_template.service_principal_object_id)\nexample_synchronization_secret = azuread.SynchronizationSecret(\"example\",\n    service_principal_id=example_get_service_principal.id,\n    credentials=[\n        {\n            \"key\": \"BaseAddress\",\n            \"value\": \"abc\",\n        },\n        {\n            \"key\": \"SecretToken\",\n            \"value\": \"some-token\",\n        },\n    ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetApplicationTemplate.Invoke(new()\n    {\n        DisplayName = \"Azure Databricks SCIM Provisioning Connector\",\n    });\n\n    var exampleApplicationFromTemplate = new AzureAD.Index.ApplicationFromTemplate(\"example\", new()\n    {\n        DisplayName = \"example\",\n        TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n    });\n\n    var exampleGetServicePrincipal = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        ObjectId = exampleApplicationFromTemplate.ServicePrincipalObjectId,\n    });\n\n    var exampleSynchronizationSecret = new AzureAD.Index.SynchronizationSecret(\"example\", new()\n    {\n        ServicePrincipalId = exampleGetServicePrincipal.Apply(getServicePrincipalResult =\u003e getServicePrincipalResult.Id),\n        Credentials = new[]\n        {\n            new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n            {\n                Key = \"BaseAddress\",\n                Value = \"abc\",\n            },\n            new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n            {\n                Key = \"SecretToken\",\n                Value = \"some-token\",\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Azure Databricks SCIM Provisioning Connector\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplicationFromTemplate, err := azuread.NewApplicationFromTemplate(ctx, \"example\", \u0026azuread.ApplicationFromTemplateArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId:  pulumi.String(pulumi.String(example.TemplateId)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGetServicePrincipal := azuread.GetServicePrincipalOutput(ctx, azuread.GetServicePrincipalOutputArgs{\n\t\t\tObjectId: exampleApplicationFromTemplate.ServicePrincipalObjectId,\n\t\t}, nil)\n\t\t_, err = azuread.NewSynchronizationSecret(ctx, \"example\", \u0026azuread.SynchronizationSecretArgs{\n\t\t\tServicePrincipalId: pulumi.String(exampleGetServicePrincipal.ApplyT(func(exampleGetServicePrincipal azuread.GetServicePrincipalResult) (*string, error) {\n\t\t\t\treturn \u0026exampleGetServicePrincipal.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tCredentials: azuread.SynchronizationSecretCredentialArray{\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey:   pulumi.String(\"BaseAddress\"),\n\t\t\t\t\tValue: pulumi.String(\"abc\"),\n\t\t\t\t},\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey:   pulumi.String(\"SecretToken\"),\n\t\t\t\t\tValue: pulumi.String(\"some-token\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.ApplicationFromTemplate;\nimport com.pulumi.azuread.ApplicationFromTemplateArgs;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport com.pulumi.azuread.SynchronizationSecret;\nimport com.pulumi.azuread.SynchronizationSecretArgs;\nimport com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n            .displayName(\"Azure Databricks SCIM Provisioning Connector\")\n            .build());\n\n        var exampleApplicationFromTemplate = new ApplicationFromTemplate(\"exampleApplicationFromTemplate\", ApplicationFromTemplateArgs.builder()\n            .displayName(\"example\")\n            .templateId(example.templateId())\n            .build());\n\n        final var exampleGetServicePrincipal = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .objectId(exampleApplicationFromTemplate.servicePrincipalObjectId())\n            .build());\n\n        var exampleSynchronizationSecret = new SynchronizationSecret(\"exampleSynchronizationSecret\", SynchronizationSecretArgs.builder()\n            .servicePrincipalId(exampleGetServicePrincipal.applyValue(_exampleGetServicePrincipal -\u003e _exampleGetServicePrincipal.id()))\n            .credentials(            \n                SynchronizationSecretCredentialArgs.builder()\n                    .key(\"BaseAddress\")\n                    .value(\"abc\")\n                    .build(),\n                SynchronizationSecretCredentialArgs.builder()\n                    .key(\"SecretToken\")\n                    .value(\"some-token\")\n                    .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  exampleApplicationFromTemplate:\n    type: azuread:ApplicationFromTemplate\n    name: example\n    properties:\n      displayName: example\n      templateId: ${example.templateId}\n  exampleSynchronizationSecret:\n    type: azuread:SynchronizationSecret\n    name: example\n    properties:\n      servicePrincipalId: ${exampleGetServicePrincipal.id}\n      credentials:\n        - key: BaseAddress\n          value: abc\n        - key: SecretToken\n          value: some-token\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getApplicationTemplate\n      arguments:\n        displayName: Azure Databricks SCIM Provisioning Connector\n  exampleGetServicePrincipal:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        objectId: ${exampleApplicationFromTemplate.servicePrincipalObjectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n","properties":{"credentials":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`credential`\" pulumi-lang-dotnet=\"`Credential`\" pulumi-lang-go=\"`credential`\" pulumi-lang-python=\"`credential`\" pulumi-lang-yaml=\"`credential`\" pulumi-lang-java=\"`credential`\"\u003e`credential`\u003c/span\u003e blocks as documented below.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.\n"}},"required":["servicePrincipalId"],"inputProperties":{"credentials":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`credential`\" pulumi-lang-dotnet=\"`Credential`\" pulumi-lang-go=\"`credential`\" pulumi-lang-python=\"`credential`\" pulumi-lang-yaml=\"`credential`\" pulumi-lang-java=\"`credential`\"\u003e`credential`\u003c/span\u003e blocks as documented below.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["servicePrincipalId"],"stateInputs":{"description":"Input properties used for looking up and filtering SynchronizationSecret resources.\n","properties":{"credentials":{"type":"array","items":{"$ref":"#/types/azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential"},"description":"One or more \u003cspan pulumi-lang-nodejs=\"`credential`\" pulumi-lang-dotnet=\"`Credential`\" pulumi-lang-go=\"`credential`\" pulumi-lang-python=\"`credential`\" pulumi-lang-yaml=\"`credential`\" pulumi-lang-java=\"`credential`\"\u003e`credential`\u003c/span\u003e blocks as documented below.\n"},"servicePrincipalId":{"type":"string","description":"The ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}},"azuread:index/user:User":{"description":"Manages a user within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `User.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.User(\"example\", {\n    userPrincipalName: \"jdoe@example.com\",\n    displayName: \"J. Doe\",\n    mailNickname: \"jdoe\",\n    password: \"SecretP@sswd99!\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.User(\"example\",\n    user_principal_name=\"jdoe@example.com\",\n    display_name=\"J. Doe\",\n    mail_nickname=\"jdoe\",\n    password=\"SecretP@sswd99!\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.User(\"example\", new()\n    {\n        UserPrincipalName = \"jdoe@example.com\",\n        DisplayName = \"J. Doe\",\n        MailNickname = \"jdoe\",\n        Password = \"SecretP@sswd99!\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewUser(ctx, \"example\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName:       pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname:      pulumi.String(\"jdoe\"),\n\t\t\tPassword:          pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new User(\"example\", UserArgs.builder()\n            .userPrincipalName(\"jdoe@example.com\")\n            .displayName(\"J. Doe\")\n            .mailNickname(\"jdoe\")\n            .password(\"SecretP@sswd99!\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:User\n    properties:\n      userPrincipalName: jdoe@example.com\n      displayName: J. Doe\n      mailNickname: jdoe\n      password: SecretP@sswd99!\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsers can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/user:User my_user /users/00000000-0000-0000-0000-000000000000\n```\n\n","properties":{"aboutMe":{"type":"string","description":"A freeform field for the user to describe themselves"},"accountEnabled":{"type":"boolean","description":"Whether or not the account should be enabled.\n"},"ageGroup":{"type":"string","description":"The age group of the user. Supported values are `Adult`, `NotAdult` and `Minor`. Omit this property or specify a blank string to unset.\n"},"businessPhones":{"type":"array","items":{"type":"string"},"description":"A list of telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect.\n"},"city":{"type":"string","description":"The city in which the user is located.\n"},"companyName":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from.\n"},"consentProvidedForMinor":{"type":"string","description":"Whether consent has been obtained for minors. Supported values are `Granted`, `Denied` and `NotRequired`. Omit this property or specify a blank string to unset.\n"},"costCenter":{"type":"string","description":"The cost center associated with the user.\n"},"country":{"type":"string","description":"The country/region in which the user is located. Examples include: `NO`, `JP`, and `GB`.\n"},"creationType":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`).\n"},"department":{"type":"string","description":"The name for the department in which the user works.\n"},"disablePasswordExpiration":{"type":"boolean","description":"Whether the user's password is exempt from expiring. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disableStrongPassword":{"type":"boolean","description":"Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"The name to display in the address book for the user.\n"},"division":{"type":"string","description":"The name of the division in which the user works.\n"},"employeeHireDate":{"type":"string","description":"The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n"},"employeeId":{"type":"string","description":"The employee identifier assigned to the user by the organisation.\n"},"employeeType":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.\n"},"externalUserState":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are `PendingAcceptance` or `Accepted`.\n"},"faxNumber":{"type":"string","description":"The fax number of the user.\n"},"forcePasswordChange":{"type":"boolean","description":"Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"givenName":{"type":"string","description":"The given name (first name) of the user.\n"},"imAddresses":{"type":"array","items":{"type":"string"},"description":"A list of instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user.\n"},"jobTitle":{"type":"string","description":"The user’s job title.\n"},"mail":{"type":"string","description":"The SMTP address for the user. This property cannot be unset once specified.\n"},"mailNickname":{"type":"string","description":"The mail alias for the user. Defaults to the user name part of the user principal name (UPN).\n"},"managerId":{"type":"string","description":"The object ID of the user's manager.\n"},"mobilePhone":{"type":"string","description":"The primary cellular telephone number for the user.\n"},"objectId":{"type":"string","description":"The object ID of the user.\n"},"officeLocation":{"type":"string","description":"The office location in the user's place of business.\n"},"onpremisesDistinguishedName":{"type":"string","description":"The on-premises distinguished name (DN) of the user, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesDomainName":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesImmutableId":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's \u003cspan pulumi-lang-nodejs=\"`userPrincipalName`\" pulumi-lang-dotnet=\"`UserPrincipalName`\" pulumi-lang-go=\"`userPrincipalName`\" pulumi-lang-python=\"`user_principal_name`\" pulumi-lang-yaml=\"`userPrincipalName`\" pulumi-lang-java=\"`userPrincipalName`\"\u003e`userPrincipalName`\u003c/span\u003e property when creating a new user account.\n"},"onpremisesSamAccountName":{"type":"string","description":"The on-premise SAM account name of the user.\n"},"onpremisesSecurityIdentifier":{"type":"string","description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSyncEnabled":{"type":"boolean","description":"Whether this user is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n"},"onpremisesUserPrincipalName":{"type":"string","description":"The on-premise user principal name of the user.\n"},"otherMails":{"type":"array","items":{"type":"string"},"description":"A list of additional email addresses for the user.\n"},"password":{"type":"string","description":"The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user.\n\n\u003e **Passwords and importing users** Passwords can be changed but not cleared. Removing the \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e property for an existing user resource, or setting the password value to a blank string, will not remove the password. When importing a user, Terraform will not reset the password unless the value is subsequently changed in your configuration.\n","secret":true},"postalCode":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.\n"},"preferredLanguage":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation.\n"},"proxyAddresses":{"type":"array","items":{"type":"string"},"description":"List of email addresses for the user that direct to the same mailbox.\n"},"showInAddressList":{"type":"boolean","description":"Whether or not the Outlook global address list should include this user. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"state":{"type":"string","description":"The state or province in the user's address.\n"},"streetAddress":{"type":"string","description":"The street address of the user's place of business.\n"},"surname":{"type":"string","description":"The user's surname (family name or last name).\n"},"usageLocation":{"type":"string","description":"The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set.\n"},"userPrincipalName":{"type":"string","description":"The user principal name (UPN) of the user.\n"},"userType":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`.\n"}},"required":["aboutMe","businessPhones","creationType","displayName","externalUserState","imAddresses","mail","mailNickname","objectId","onpremisesDistinguishedName","onpremisesDomainName","onpremisesImmutableId","onpremisesSamAccountName","onpremisesSecurityIdentifier","onpremisesSyncEnabled","onpremisesUserPrincipalName","password","proxyAddresses","userPrincipalName","userType"],"inputProperties":{"accountEnabled":{"type":"boolean","description":"Whether or not the account should be enabled.\n"},"ageGroup":{"type":"string","description":"The age group of the user. Supported values are `Adult`, `NotAdult` and `Minor`. Omit this property or specify a blank string to unset.\n"},"businessPhones":{"type":"array","items":{"type":"string"},"description":"A list of telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect.\n"},"city":{"type":"string","description":"The city in which the user is located.\n"},"companyName":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from.\n"},"consentProvidedForMinor":{"type":"string","description":"Whether consent has been obtained for minors. Supported values are `Granted`, `Denied` and `NotRequired`. Omit this property or specify a blank string to unset.\n"},"costCenter":{"type":"string","description":"The cost center associated with the user.\n"},"country":{"type":"string","description":"The country/region in which the user is located. Examples include: `NO`, `JP`, and `GB`.\n"},"department":{"type":"string","description":"The name for the department in which the user works.\n"},"disablePasswordExpiration":{"type":"boolean","description":"Whether the user's password is exempt from expiring. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disableStrongPassword":{"type":"boolean","description":"Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"The name to display in the address book for the user.\n"},"division":{"type":"string","description":"The name of the division in which the user works.\n"},"employeeHireDate":{"type":"string","description":"The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n"},"employeeId":{"type":"string","description":"The employee identifier assigned to the user by the organisation.\n"},"employeeType":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.\n"},"faxNumber":{"type":"string","description":"The fax number of the user.\n"},"forcePasswordChange":{"type":"boolean","description":"Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"givenName":{"type":"string","description":"The given name (first name) of the user.\n"},"jobTitle":{"type":"string","description":"The user’s job title.\n"},"mail":{"type":"string","description":"The SMTP address for the user. This property cannot be unset once specified.\n"},"mailNickname":{"type":"string","description":"The mail alias for the user. Defaults to the user name part of the user principal name (UPN).\n"},"managerId":{"type":"string","description":"The object ID of the user's manager.\n"},"mobilePhone":{"type":"string","description":"The primary cellular telephone number for the user.\n"},"officeLocation":{"type":"string","description":"The office location in the user's place of business.\n"},"onpremisesImmutableId":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's \u003cspan pulumi-lang-nodejs=\"`userPrincipalName`\" pulumi-lang-dotnet=\"`UserPrincipalName`\" pulumi-lang-go=\"`userPrincipalName`\" pulumi-lang-python=\"`user_principal_name`\" pulumi-lang-yaml=\"`userPrincipalName`\" pulumi-lang-java=\"`userPrincipalName`\"\u003e`userPrincipalName`\u003c/span\u003e property when creating a new user account.\n"},"otherMails":{"type":"array","items":{"type":"string"},"description":"A list of additional email addresses for the user.\n"},"password":{"type":"string","description":"The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user.\n\n\u003e **Passwords and importing users** Passwords can be changed but not cleared. Removing the \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e property for an existing user resource, or setting the password value to a blank string, will not remove the password. When importing a user, Terraform will not reset the password unless the value is subsequently changed in your configuration.\n","secret":true},"postalCode":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.\n"},"preferredLanguage":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation.\n"},"showInAddressList":{"type":"boolean","description":"Whether or not the Outlook global address list should include this user. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"state":{"type":"string","description":"The state or province in the user's address.\n"},"streetAddress":{"type":"string","description":"The street address of the user's place of business.\n"},"surname":{"type":"string","description":"The user's surname (family name or last name).\n"},"usageLocation":{"type":"string","description":"The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set.\n"},"userPrincipalName":{"type":"string","description":"The user principal name (UPN) of the user.\n"}},"requiredInputs":["displayName","userPrincipalName"],"stateInputs":{"description":"Input properties used for looking up and filtering User resources.\n","properties":{"aboutMe":{"type":"string","description":"A freeform field for the user to describe themselves"},"accountEnabled":{"type":"boolean","description":"Whether or not the account should be enabled.\n"},"ageGroup":{"type":"string","description":"The age group of the user. Supported values are `Adult`, `NotAdult` and `Minor`. Omit this property or specify a blank string to unset.\n"},"businessPhones":{"type":"array","items":{"type":"string"},"description":"A list of telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect.\n"},"city":{"type":"string","description":"The city in which the user is located.\n"},"companyName":{"type":"string","description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from.\n"},"consentProvidedForMinor":{"type":"string","description":"Whether consent has been obtained for minors. Supported values are `Granted`, `Denied` and `NotRequired`. Omit this property or specify a blank string to unset.\n"},"costCenter":{"type":"string","description":"The cost center associated with the user.\n"},"country":{"type":"string","description":"The country/region in which the user is located. Examples include: `NO`, `JP`, and `GB`.\n"},"creationType":{"type":"string","description":"Indicates whether the user account was created as a regular school or work account (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`).\n"},"department":{"type":"string","description":"The name for the department in which the user works.\n"},"disablePasswordExpiration":{"type":"boolean","description":"Whether the user's password is exempt from expiring. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"disableStrongPassword":{"type":"boolean","description":"Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"displayName":{"type":"string","description":"The name to display in the address book for the user.\n"},"division":{"type":"string","description":"The name of the division in which the user works.\n"},"employeeHireDate":{"type":"string","description":"The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n"},"employeeId":{"type":"string","description":"The employee identifier assigned to the user by the organisation.\n"},"employeeType":{"type":"string","description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.\n"},"externalUserState":{"type":"string","description":"For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are `PendingAcceptance` or `Accepted`.\n"},"faxNumber":{"type":"string","description":"The fax number of the user.\n"},"forcePasswordChange":{"type":"boolean","description":"Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"givenName":{"type":"string","description":"The given name (first name) of the user.\n"},"imAddresses":{"type":"array","items":{"type":"string"},"description":"A list of instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user.\n"},"jobTitle":{"type":"string","description":"The user’s job title.\n"},"mail":{"type":"string","description":"The SMTP address for the user. This property cannot be unset once specified.\n"},"mailNickname":{"type":"string","description":"The mail alias for the user. Defaults to the user name part of the user principal name (UPN).\n"},"managerId":{"type":"string","description":"The object ID of the user's manager.\n"},"mobilePhone":{"type":"string","description":"The primary cellular telephone number for the user.\n"},"objectId":{"type":"string","description":"The object ID of the user.\n"},"officeLocation":{"type":"string","description":"The office location in the user's place of business.\n"},"onpremisesDistinguishedName":{"type":"string","description":"The on-premises distinguished name (DN) of the user, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesDomainName":{"type":"string","description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesImmutableId":{"type":"string","description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's \u003cspan pulumi-lang-nodejs=\"`userPrincipalName`\" pulumi-lang-dotnet=\"`UserPrincipalName`\" pulumi-lang-go=\"`userPrincipalName`\" pulumi-lang-python=\"`user_principal_name`\" pulumi-lang-yaml=\"`userPrincipalName`\" pulumi-lang-java=\"`userPrincipalName`\"\u003e`userPrincipalName`\u003c/span\u003e property when creating a new user account.\n"},"onpremisesSamAccountName":{"type":"string","description":"The on-premise SAM account name of the user.\n"},"onpremisesSecurityIdentifier":{"type":"string","description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n"},"onpremisesSyncEnabled":{"type":"boolean","description":"Whether this user is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n"},"onpremisesUserPrincipalName":{"type":"string","description":"The on-premise user principal name of the user.\n"},"otherMails":{"type":"array","items":{"type":"string"},"description":"A list of additional email addresses for the user.\n"},"password":{"type":"string","description":"The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user.\n\n\u003e **Passwords and importing users** Passwords can be changed but not cleared. Removing the \u003cspan pulumi-lang-nodejs=\"`password`\" pulumi-lang-dotnet=\"`Password`\" pulumi-lang-go=\"`password`\" pulumi-lang-python=\"`password`\" pulumi-lang-yaml=\"`password`\" pulumi-lang-java=\"`password`\"\u003e`password`\u003c/span\u003e property for an existing user resource, or setting the password value to a blank string, will not remove the password. When importing a user, Terraform will not reset the password unless the value is subsequently changed in your configuration.\n","secret":true},"postalCode":{"type":"string","description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.\n"},"preferredLanguage":{"type":"string","description":"The user's preferred language, in ISO 639-1 notation.\n"},"proxyAddresses":{"type":"array","items":{"type":"string"},"description":"List of email addresses for the user that direct to the same mailbox.\n"},"showInAddressList":{"type":"boolean","description":"Whether or not the Outlook global address list should include this user. Defaults to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n"},"state":{"type":"string","description":"The state or province in the user's address.\n"},"streetAddress":{"type":"string","description":"The street address of the user's place of business.\n"},"surname":{"type":"string","description":"The user's surname (family name or last name).\n"},"usageLocation":{"type":"string","description":"The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: `NO`, `JP`, and `GB`. Cannot be reset to null once set.\n"},"userPrincipalName":{"type":"string","description":"The user principal name (UPN) of the user.\n"},"userType":{"type":"string","description":"The user type in the directory. Possible values are `Guest` or `Member`.\n"}},"type":"object"}},"azuread:index/userFlowAttribute:UserFlowAttribute":{"description":"Manages user flow attributes in an Azure Active Directory (Azure AD) tenant.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application role: `IdentityUserFlow.ReadWrite.All`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.UserFlowAttribute(\"example\", {\n    displayName: \"Hobby\",\n    description: \"Your hobby\",\n    dataType: \"string\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.UserFlowAttribute(\"example\",\n    display_name=\"Hobby\",\n    description=\"Your hobby\",\n    data_type=\"string\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.UserFlowAttribute(\"example\", new()\n    {\n        DisplayName = \"Hobby\",\n        Description = \"Your hobby\",\n        DataType = \"string\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewUserFlowAttribute(ctx, \"example\", \u0026azuread.UserFlowAttributeArgs{\n\t\t\tDisplayName: pulumi.String(\"Hobby\"),\n\t\t\tDescription: pulumi.String(\"Your hobby\"),\n\t\t\tDataType:    pulumi.String(\"string\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.UserFlowAttribute;\nimport com.pulumi.azuread.UserFlowAttributeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new UserFlowAttribute(\"example\", UserFlowAttributeArgs.builder()\n            .displayName(\"Hobby\")\n            .description(\"Your hobby\")\n            .dataType(\"string\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:UserFlowAttribute\n    properties:\n      displayName: Hobby\n      description: Your hobby\n      dataType: string\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUser flow attributes can be imported using the \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e, e.g.\n\n```sh\n$ pulumi import azuread:index/userFlowAttribute:UserFlowAttribute example extension_ecc9f88db2924942b8a96f44873616fe_Hobbyjkorv\n```\n\n\u003e This ID can be queried using the [User Flow Attributes API](https://learn.microsoft.com/en-us/graph/api/identityuserflowattribute-list?view=graph-rest-1.0\u0026tabs=http).\n\n","properties":{"attributeType":{"type":"string","description":"The type of the user flow attribute. Values include `builtIn`, \u003cspan pulumi-lang-nodejs=\"`custom`\" pulumi-lang-dotnet=\"`Custom`\" pulumi-lang-go=\"`custom`\" pulumi-lang-python=\"`custom`\" pulumi-lang-yaml=\"`custom`\" pulumi-lang-java=\"`custom`\"\u003e`custom`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`required`\" pulumi-lang-dotnet=\"`Required`\" pulumi-lang-go=\"`required`\" pulumi-lang-python=\"`required`\" pulumi-lang-yaml=\"`required`\" pulumi-lang-java=\"`required`\"\u003e`required`\u003c/span\u003e.\n"},"dataType":{"type":"string","description":"The data type of the user flow attribute. Possible values are \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e, `dateTime`, \u003cspan pulumi-lang-nodejs=\"`int64`\" pulumi-lang-dotnet=\"`Int64`\" pulumi-lang-go=\"`int64`\" pulumi-lang-python=\"`int64`\" pulumi-lang-yaml=\"`int64`\" pulumi-lang-java=\"`int64`\"\u003e`int64`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`string`\" pulumi-lang-dotnet=\"`String`\" pulumi-lang-go=\"`string`\" pulumi-lang-python=\"`string`\" pulumi-lang-yaml=\"`string`\" pulumi-lang-java=\"`string`\"\u003e`string`\u003c/span\u003e or `stringCollection`. Changing this forces a new resource to be created.\n"},"description":{"type":"string","description":"The description of the user flow attribute that is shown to the user at the time of sign-up.\n"},"displayName":{"type":"string","description":"The display name of the user flow attribute. Changing this forces a new resource to be created.\n"}},"required":["attributeType","dataType","description","displayName"],"inputProperties":{"dataType":{"type":"string","description":"The data type of the user flow attribute. Possible values are \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e, `dateTime`, \u003cspan pulumi-lang-nodejs=\"`int64`\" pulumi-lang-dotnet=\"`Int64`\" pulumi-lang-go=\"`int64`\" pulumi-lang-python=\"`int64`\" pulumi-lang-yaml=\"`int64`\" pulumi-lang-java=\"`int64`\"\u003e`int64`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`string`\" pulumi-lang-dotnet=\"`String`\" pulumi-lang-go=\"`string`\" pulumi-lang-python=\"`string`\" pulumi-lang-yaml=\"`string`\" pulumi-lang-java=\"`string`\"\u003e`string`\u003c/span\u003e or `stringCollection`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description of the user flow attribute that is shown to the user at the time of sign-up.\n"},"displayName":{"type":"string","description":"The display name of the user flow attribute. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"requiredInputs":["dataType","description","displayName"],"stateInputs":{"description":"Input properties used for looking up and filtering UserFlowAttribute resources.\n","properties":{"attributeType":{"type":"string","description":"The type of the user flow attribute. Values include `builtIn`, \u003cspan pulumi-lang-nodejs=\"`custom`\" pulumi-lang-dotnet=\"`Custom`\" pulumi-lang-go=\"`custom`\" pulumi-lang-python=\"`custom`\" pulumi-lang-yaml=\"`custom`\" pulumi-lang-java=\"`custom`\"\u003e`custom`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`required`\" pulumi-lang-dotnet=\"`Required`\" pulumi-lang-go=\"`required`\" pulumi-lang-python=\"`required`\" pulumi-lang-yaml=\"`required`\" pulumi-lang-java=\"`required`\"\u003e`required`\u003c/span\u003e.\n"},"dataType":{"type":"string","description":"The data type of the user flow attribute. Possible values are \u003cspan pulumi-lang-nodejs=\"`boolean`\" pulumi-lang-dotnet=\"`Boolean`\" pulumi-lang-go=\"`boolean`\" pulumi-lang-python=\"`boolean`\" pulumi-lang-yaml=\"`boolean`\" pulumi-lang-java=\"`boolean`\"\u003e`boolean`\u003c/span\u003e, `dateTime`, \u003cspan pulumi-lang-nodejs=\"`int64`\" pulumi-lang-dotnet=\"`Int64`\" pulumi-lang-go=\"`int64`\" pulumi-lang-python=\"`int64`\" pulumi-lang-yaml=\"`int64`\" pulumi-lang-java=\"`int64`\"\u003e`int64`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`string`\" pulumi-lang-dotnet=\"`String`\" pulumi-lang-go=\"`string`\" pulumi-lang-python=\"`string`\" pulumi-lang-yaml=\"`string`\" pulumi-lang-java=\"`string`\"\u003e`string`\u003c/span\u003e or `stringCollection`. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true},"description":{"type":"string","description":"The description of the user flow attribute that is shown to the user at the time of sign-up.\n"},"displayName":{"type":"string","description":"The display name of the user flow attribute. Changing this forces a new resource to be created.\n","willReplaceOnChanges":true}},"type":"object"}}},"functions":{"azuread:index/getAccessPackage:getAccessPackage":{"description":"Use this data source to retrieve information for an existing access package within Identity Governance in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `EntitlementManagement.Read.All`, or `EntitlementManagement.ReadWrite.All`.\n\nWhen authenticated with a user principal, this data source requires one of the following directory roles: `Catalog owner`, `Catalog reader`, `Access package manager`, `Global Reader`, or `Global Administrator`.\n\n## Example Usage\n\n*Look up by ID*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAccessPackage({\n    objectId: \"00000000-0000-0000-0000-000000000000\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_access_package(object_id=\"00000000-0000-0000-0000-000000000000\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAccessPackage.Invoke(new()\n    {\n        ObjectId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAccessPackage(ctx, \u0026azuread.LookupAccessPackageArgs{\n\t\t\tObjectId: pulumi.StringRef(\"00000000-0000-0000-0000-000000000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAccessPackageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAccessPackage(GetAccessPackageArgs.builder()\n            .objectId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAccessPackage\n      arguments:\n        objectId: 00000000-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by DisplayName*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAccessPackage({\n    catalogId: \"00000000-0000-0000-0000-000000000000\",\n    displayName: \"My access package Catalog\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_access_package(catalog_id=\"00000000-0000-0000-0000-000000000000\",\n    display_name=\"My access package Catalog\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAccessPackage.Invoke(new()\n    {\n        CatalogId = \"00000000-0000-0000-0000-000000000000\",\n        DisplayName = \"My access package Catalog\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAccessPackage(ctx, \u0026azuread.LookupAccessPackageArgs{\n\t\t\tCatalogId:   pulumi.StringRef(\"00000000-0000-0000-0000-000000000000\"),\n\t\t\tDisplayName: pulumi.StringRef(\"My access package Catalog\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAccessPackageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAccessPackage(GetAccessPackageArgs.builder()\n            .catalogId(\"00000000-0000-0000-0000-000000000000\")\n            .displayName(\"My access package Catalog\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAccessPackage\n      arguments:\n        catalogId: 00000000-0000-0000-0000-000000000000\n        displayName: My access package Catalog\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getAccessPackage.\n","properties":{"catalogId":{"type":"string","description":"The ID of the Catalog this access package is in.\n"},"displayName":{"type":"string","description":"The display name of the access package.\n"},"objectId":{"type":"string","description":"The ID of this access package.\n\n\u003e Either \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e, or both \u003cspan pulumi-lang-nodejs=\"`catalogId`\" pulumi-lang-dotnet=\"`CatalogId`\" pulumi-lang-go=\"`catalogId`\" pulumi-lang-python=\"`catalog_id`\" pulumi-lang-yaml=\"`catalogId`\" pulumi-lang-java=\"`catalogId`\"\u003e`catalogId`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e, must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getAccessPackage.\n","properties":{"catalogId":{"type":"string"},"description":{"description":"The description of the access package.\n","type":"string"},"displayName":{"type":"string"},"hidden":{"description":"Whether the access package is hidden from the requestor.\n","type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"objectId":{"type":"string"}},"required":["description","displayName","hidden","objectId","id"],"type":"object"}},"azuread:index/getAccessPackageCatalog:getAccessPackageCatalog":{"description":"i\nUse this resource to retrieve information for an existing access package catalog within Identity Governance in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `EntitlementManagement.Read.All`, or `EntitlementManagement.ReadWrite.All`.\n\nWhen authenticated with a user principal, this data source requires one of the following directory roles: `Catalog owner`, `Catalog reader`, `Global Reader`, or `Global Administrator`.\n\n## Example Usage\n\n*Look up by ID*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAccessPackageCatalog({\n    objectId: \"00000000-0000-0000-0000-000000000000\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_access_package_catalog(object_id=\"00000000-0000-0000-0000-000000000000\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAccessPackageCatalog.Invoke(new()\n    {\n        ObjectId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAccessPackageCatalog(ctx, \u0026azuread.LookupAccessPackageCatalogArgs{\n\t\t\tObjectId: pulumi.StringRef(\"00000000-0000-0000-0000-000000000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAccessPackageCatalogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAccessPackageCatalog(GetAccessPackageCatalogArgs.builder()\n            .objectId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAccessPackageCatalog\n      arguments:\n        objectId: 00000000-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by DisplayName*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAccessPackageCatalog({\n    displayName: \"My access package Catalog\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_access_package_catalog(display_name=\"My access package Catalog\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAccessPackageCatalog.Invoke(new()\n    {\n        DisplayName = \"My access package Catalog\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAccessPackageCatalog(ctx, \u0026azuread.LookupAccessPackageCatalogArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"My access package Catalog\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAccessPackageCatalogArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAccessPackageCatalog(GetAccessPackageCatalogArgs.builder()\n            .displayName(\"My access package Catalog\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAccessPackageCatalog\n      arguments:\n        displayName: My access package Catalog\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getAccessPackageCatalog.\n","properties":{"displayName":{"type":"string","description":"The display name of the access package catalog.\n"},"objectId":{"type":"string","description":"The ID of this access package catalog.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getAccessPackageCatalog.\n","properties":{"description":{"description":"The description of the access package catalog.\n","type":"string"},"displayName":{"type":"string"},"externallyVisible":{"description":"Whether the access packages in this catalog can be requested by users outside the tenant.\n","type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"objectId":{"type":"string"},"published":{"description":"Whether the access packages in this catalog are available for management.\n","type":"boolean"}},"required":["description","displayName","externallyVisible","objectId","published","id"],"type":"object"}},"azuread:index/getAccessPackageCatalogRole:getAccessPackageCatalogRole":{"description":"Gets information about an access package catalog role.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `EntitlementManagement.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n### By Group Display Name)\n\n*Look up by display name*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAccessPackageCatalogRole({\n    displayName: \"Catalog owner\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_access_package_catalog_role(display_name=\"Catalog owner\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAccessPackageCatalogRole.Invoke(new()\n    {\n        DisplayName = \"Catalog owner\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAccessPackageCatalogRole(ctx, \u0026azuread.GetAccessPackageCatalogRoleArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Catalog owner\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAccessPackageCatalogRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAccessPackageCatalogRole(GetAccessPackageCatalogRoleArgs.builder()\n            .displayName(\"Catalog owner\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAccessPackageCatalogRole\n      arguments:\n        displayName: Catalog owner\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by object ID*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAccessPackageCatalogRole({\n    objectId: \"00000000-0000-0000-0000-000000000000\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_access_package_catalog_role(object_id=\"00000000-0000-0000-0000-000000000000\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAccessPackageCatalogRole.Invoke(new()\n    {\n        ObjectId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAccessPackageCatalogRole(ctx, \u0026azuread.GetAccessPackageCatalogRoleArgs{\n\t\t\tObjectId: pulumi.StringRef(\"00000000-0000-0000-0000-000000000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAccessPackageCatalogRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAccessPackageCatalogRole(GetAccessPackageCatalogRoleArgs.builder()\n            .objectId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAccessPackageCatalogRole\n      arguments:\n        objectId: 00000000-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getAccessPackageCatalogRole.\n","properties":{"displayName":{"type":"string","description":"Specifies the display name of the role.\n"},"objectId":{"type":"string","description":"Specifies the object ID of the role.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getAccessPackageCatalogRole.\n","properties":{"description":{"description":"The description of the role.\n","type":"string"},"displayName":{"description":"The display name of the role.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"objectId":{"description":"The object ID of the role.\n","type":"string"},"templateId":{"description":"The object ID of the role.\n","type":"string"}},"required":["description","displayName","objectId","templateId","id"],"type":"object"}},"azuread:index/getAdministrativeUnit:getAdministrativeUnit":{"description":"Gets information about an adminisrative unit in Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `AdministrativeUnit.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n### By Group Display Name)\n\n*Look up by display name*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAdministrativeUnit({\n    displayName: \"Example-AU\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_administrative_unit(display_name=\"Example-AU\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAdministrativeUnit.Invoke(new()\n    {\n        DisplayName = \"Example-AU\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAdministrativeUnit(ctx, \u0026azuread.LookupAdministrativeUnitArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Example-AU\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAdministrativeUnitArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAdministrativeUnit(GetAdministrativeUnitArgs.builder()\n            .displayName(\"Example-AU\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAdministrativeUnit\n      arguments:\n        displayName: Example-AU\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by object ID*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getAdministrativeUnit({\n    objectId: \"00000000-0000-0000-0000-000000000000\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_administrative_unit(object_id=\"00000000-0000-0000-0000-000000000000\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetAdministrativeUnit.Invoke(new()\n    {\n        ObjectId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetAdministrativeUnit(ctx, \u0026azuread.LookupAdministrativeUnitArgs{\n\t\t\tObjectId: pulumi.StringRef(\"00000000-0000-0000-0000-000000000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetAdministrativeUnitArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getAdministrativeUnit(GetAdministrativeUnitArgs.builder()\n            .objectId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getAdministrativeUnit\n      arguments:\n        objectId: 00000000-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getAdministrativeUnit.\n","properties":{"displayName":{"type":"string","description":"Specifies the display name of the administrative unit.\n"},"objectId":{"type":"string","description":"Specifies the object ID of the administrative unit.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getAdministrativeUnit.\n","properties":{"description":{"description":"The description of the administrative unit.\n","type":"string"},"displayName":{"description":"The display name of the administrative unit.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"members":{"description":"A list of object IDs of members who are present in this administrative unit.\n","items":{"type":"string"},"type":"array"},"objectId":{"description":"The object ID of the administrative unit.\n","type":"string"},"visibility":{"description":"Whether the administrative unit _and_ its members are hidden or publicly viewable in the directory. One of: `Hiddenmembership` or `Public`.\n","type":"string"}},"required":["description","displayName","members","objectId","visibility","id"],"type":"object"}},"azuread:index/getApplication:getApplication":{"description":"Use this data source to access information about an existing Application within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Application.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplication({\n    displayName: \"My First AzureAD Application\",\n});\nexport const applicationObjectId = example.then(example =\u003e example.objectId);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application(display_name=\"My First AzureAD Application\")\npulumi.export(\"applicationObjectId\", example.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetApplication.Invoke(new()\n    {\n        DisplayName = \"My First AzureAD Application\",\n    });\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"applicationObjectId\"] = example.Apply(getApplicationResult =\u003e getApplicationResult.ObjectId),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplication(ctx, \u0026azuread.LookupApplicationArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"My First AzureAD Application\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"applicationObjectId\", example.ObjectId)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getApplication(GetApplicationArgs.builder()\n            .displayName(\"My First AzureAD Application\")\n            .build());\n\n        ctx.export(\"applicationObjectId\", example.objectId());\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getApplication\n      arguments:\n        displayName: My First AzureAD Application\noutputs:\n  applicationObjectId: ${example.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getApplication.\n","properties":{"clientId":{"type":"string","description":"Specifies the Client ID of the application.\n"},"displayName":{"type":"string","description":"Specifies the display name of the application.\n"},"identifierUri":{"type":"string","description":"Specifies any identifier URI of the application. See also the \u003cspan pulumi-lang-nodejs=\"`identifierUris`\" pulumi-lang-dotnet=\"`IdentifierUris`\" pulumi-lang-go=\"`identifierUris`\" pulumi-lang-python=\"`identifier_uris`\" pulumi-lang-yaml=\"`identifierUris`\" pulumi-lang-java=\"`identifierUris`\"\u003e`identifierUris`\u003c/span\u003e attribute which contains a list of all identifier URIs for the application.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`clientId`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`identifierUri`\" pulumi-lang-dotnet=\"`IdentifierUri`\" pulumi-lang-go=\"`identifierUri`\" pulumi-lang-python=\"`identifier_uri`\" pulumi-lang-yaml=\"`identifierUri`\" pulumi-lang-java=\"`identifierUri`\"\u003e`identifierUri`\u003c/span\u003e must be specified.\n"},"objectId":{"type":"string","description":"Specifies the Object ID of the application.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getApplication.\n","properties":{"apis":{"description":"An \u003cspan pulumi-lang-nodejs=\"`api`\" pulumi-lang-dotnet=\"`Api`\" pulumi-lang-go=\"`api`\" pulumi-lang-python=\"`api`\" pulumi-lang-yaml=\"`api`\" pulumi-lang-java=\"`api`\"\u003e`api`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getApplicationApi:getApplicationApi"},"type":"array"},"appRoleIds":{"additionalProperties":{"type":"string"},"description":"A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.\n","type":"object"},"appRoles":{"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`appRole`\" pulumi-lang-dotnet=\"`AppRole`\" pulumi-lang-go=\"`appRole`\" pulumi-lang-python=\"`app_role`\" pulumi-lang-yaml=\"`appRole`\" pulumi-lang-java=\"`appRole`\"\u003e`appRole`\u003c/span\u003e blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).\n","items":{"$ref":"#/types/azuread:index/getApplicationAppRole:getApplicationAppRole"},"type":"array"},"clientId":{"description":"The Client ID for the application.\n","type":"string"},"description":{"description":"Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences.\n","type":"string"},"deviceOnlyAuthEnabled":{"description":"Specifies whether this application supports device authentication without a user.\n","type":"boolean"},"disabledByMicrosoft":{"description":"Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`\n","type":"string"},"displayName":{"description":"Display name for the app role that appears during app role assignment and in consent experiences.\n","type":"string"},"fallbackPublicClientEnabled":{"description":"The fallback application type as public client, such as an installed application running on a mobile device.\n","type":"boolean"},"featureTags":{"description":"A \u003cspan pulumi-lang-nodejs=\"`features`\" pulumi-lang-dotnet=\"`Features`\" pulumi-lang-go=\"`features`\" pulumi-lang-python=\"`features`\" pulumi-lang-yaml=\"`features`\" pulumi-lang-java=\"`features`\"\u003e`features`\u003c/span\u003e block as described below.\n","items":{"$ref":"#/types/azuread:index/getApplicationFeatureTag:getApplicationFeatureTag"},"type":"array"},"groupMembershipClaims":{"description":"The \u003cspan pulumi-lang-nodejs=\"`groups`\" pulumi-lang-dotnet=\"`Groups`\" pulumi-lang-go=\"`groups`\" pulumi-lang-python=\"`groups`\" pulumi-lang-yaml=\"`groups`\" pulumi-lang-java=\"`groups`\"\u003e`groups`\u003c/span\u003e claim issued in a user or OAuth 2.0 access token that the app expects.\n","items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"identifierUri":{"type":"string"},"identifierUris":{"description":"A list of user-defined URI(s) that uniquely identify a Web application within it's Azure AD tenant, or within a verified custom domain if the application is multi-tenant.\n","items":{"type":"string"},"type":"array"},"logoUrl":{"description":"CDN URL to the application's logo.\n","type":"string"},"marketingUrl":{"description":"URL of the application's marketing page.\n","type":"string"},"notes":{"description":"User-specified notes relevant for the management of the application.\n","type":"string"},"oauth2PermissionScopeIds":{"additionalProperties":{"type":"string"},"description":"A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.\n","type":"object"},"oauth2PostResponseRequired":{"description":"Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. When \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, only GET requests are allowed.\n","type":"boolean"},"objectId":{"description":"The application's object ID.\n","type":"string"},"optionalClaims":{"description":"An \u003cspan pulumi-lang-nodejs=\"`optionalClaims`\" pulumi-lang-dotnet=\"`OptionalClaims`\" pulumi-lang-go=\"`optionalClaims`\" pulumi-lang-python=\"`optional_claims`\" pulumi-lang-yaml=\"`optionalClaims`\" pulumi-lang-java=\"`optionalClaims`\"\u003e`optionalClaims`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getApplicationOptionalClaim:getApplicationOptionalClaim"},"type":"array"},"owners":{"description":"A list of object IDs of principals that are assigned ownership of the application.\n","items":{"type":"string"},"type":"array"},"privacyStatementUrl":{"description":"URL of the application's privacy statement.\n","type":"string"},"publicClients":{"description":"A \u003cspan pulumi-lang-nodejs=\"`publicClient`\" pulumi-lang-dotnet=\"`PublicClient`\" pulumi-lang-go=\"`publicClient`\" pulumi-lang-python=\"`public_client`\" pulumi-lang-yaml=\"`publicClient`\" pulumi-lang-java=\"`publicClient`\"\u003e`publicClient`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getApplicationPublicClient:getApplicationPublicClient"},"type":"array"},"publisherDomain":{"description":"The verified publisher domain for the application.\n","type":"string"},"requiredResourceAccesses":{"description":"A collection of \u003cspan pulumi-lang-nodejs=\"`requiredResourceAccess`\" pulumi-lang-dotnet=\"`RequiredResourceAccess`\" pulumi-lang-go=\"`requiredResourceAccess`\" pulumi-lang-python=\"`required_resource_access`\" pulumi-lang-yaml=\"`requiredResourceAccess`\" pulumi-lang-java=\"`requiredResourceAccess`\"\u003e`requiredResourceAccess`\u003c/span\u003e blocks as documented below.\n","items":{"$ref":"#/types/azuread:index/getApplicationRequiredResourceAccess:getApplicationRequiredResourceAccess"},"type":"array"},"serviceManagementReference":{"description":"References application context information from a Service or Asset Management database.\n","type":"string"},"signInAudience":{"description":"The Microsoft account types that are supported for the current application. One of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.\n","type":"string"},"singlePageApplications":{"description":"A \u003cspan pulumi-lang-nodejs=\"`singlePageApplication`\" pulumi-lang-dotnet=\"`SinglePageApplication`\" pulumi-lang-go=\"`singlePageApplication`\" pulumi-lang-python=\"`single_page_application`\" pulumi-lang-yaml=\"`singlePageApplication`\" pulumi-lang-java=\"`singlePageApplication`\"\u003e`singlePageApplication`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getApplicationSinglePageApplication:getApplicationSinglePageApplication"},"type":"array"},"supportUrl":{"description":"URL of the application's support page.\n","type":"string"},"tags":{"description":"A list of tags applied to the application.\n","items":{"type":"string"},"type":"array"},"termsOfServiceUrl":{"description":"URL of the application's terms of service statement.\n","type":"string"},"webs":{"description":"A \u003cspan pulumi-lang-nodejs=\"`web`\" pulumi-lang-dotnet=\"`Web`\" pulumi-lang-go=\"`web`\" pulumi-lang-python=\"`web`\" pulumi-lang-yaml=\"`web`\" pulumi-lang-java=\"`web`\"\u003e`web`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getApplicationWeb:getApplicationWeb"},"type":"array"}},"required":["apis","appRoleIds","appRoles","clientId","description","deviceOnlyAuthEnabled","disabledByMicrosoft","displayName","fallbackPublicClientEnabled","featureTags","groupMembershipClaims","identifierUri","identifierUris","logoUrl","marketingUrl","notes","oauth2PermissionScopeIds","oauth2PostResponseRequired","objectId","optionalClaims","owners","privacyStatementUrl","publicClients","publisherDomain","requiredResourceAccesses","serviceManagementReference","signInAudience","singlePageApplications","supportUrl","tags","termsOfServiceUrl","webs","id"],"type":"object"}},"azuread:index/getApplicationPublishedAppIds:getApplicationPublishedAppIds":{"description":"Use this data source to discover application IDs for APIs published by Microsoft.\n\nThis data source uses an [unofficial source of application IDs](https://github.com/hashicorp/go-azure-sdk/blob/main/sdk/environments/application_ids.go), as there is currently no available official indexed source for applications or APIs published by Microsoft.\n\nThe app IDs returned by this data source are sourced from the Azure Global (Public) Cloud, however some of them are known to work in government and national clouds.\n\n## Example Usage\n\n*Listing well-known application IDs*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nexport const publishedAppIds = wellKnown.then(wellKnown =\u003e wellKnown.result);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\npulumi.export(\"publishedAppIds\", well_known.result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var wellKnown = AzureAD.Index.GetApplicationPublishedAppIds.Invoke();\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"publishedAppIds\"] = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"publishedAppIds\", wellKnown.Result)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        ctx.export(\"publishedAppIds\", wellKnown.result());\n    }\n}\n```\n```yaml\nvariables:\n  wellKnown:\n    fn::invoke:\n      function: azuread:getApplicationPublishedAppIds\n      arguments: {}\noutputs:\n  publishedAppIds: ${wellKnown.result}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Granting access to an application*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n    clientId: wellKnown.then(wellKnown =\u003e wellKnown.result?.MicrosoftGraph),\n    useExisting: true,\n});\nconst example = new azuread.Application(\"example\", {\n    displayName: \"example\",\n    requiredResourceAccesses: [{\n        resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.MicrosoftGraph),\n        resourceAccesses: [\n            {\n                id: msgraph.appRoleIds[\"User.Read.All\"],\n                type: \"Role\",\n            },\n            {\n                id: msgraph.oauth2PermissionScopeIds[\"User.ReadWrite\"],\n                type: \"Scope\",\n            },\n        ],\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nwell_known = azuread.get_application_published_app_ids()\nmsgraph = azuread.ServicePrincipal(\"msgraph\",\n    client_id=well_known.result[\"MicrosoftGraph\"],\n    use_existing=True)\nexample = azuread.Application(\"example\",\n    display_name=\"example\",\n    required_resource_accesses=[{\n        \"resource_app_id\": well_known.result[\"MicrosoftGraph\"],\n        \"resource_accesses\": [\n            {\n                \"id\": msgraph.app_role_ids[\"User.Read.All\"],\n                \"type\": \"Role\",\n            },\n            {\n                \"id\": msgraph.oauth2_permission_scope_ids[\"User.ReadWrite\"],\n                \"type\": \"Scope\",\n            },\n        ],\n    }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var wellKnown = AzureAD.Index.GetApplicationPublishedAppIds.Invoke();\n\n    var msgraph = new AzureAD.Index.ServicePrincipal(\"msgraph\", new()\n    {\n        ClientId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n        UseExisting = true,\n    });\n\n    var example = new AzureAD.Index.Application(\"example\", new()\n    {\n        DisplayName = \"example\",\n        RequiredResourceAccesses = new[]\n        {\n            new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n            {\n                ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n                ResourceAccesses = new[]\n                {\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n                        Type = \"Role\",\n                    },\n                    new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n                    {\n                        Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_ReadWrite),\n                        Type = \"Scope\",\n                    },\n                },\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId:    pulumi.String(pulumi.String(wellKnown.Result.MicrosoftGraph)),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: azuread.ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: azuread.ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026azuread.ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.ReadWrite, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder()\n            .clientId(wellKnown.result().MicrosoftGraph())\n            .useExisting(true)\n            .build());\n\n        var example = new Application(\"example\", ApplicationArgs.builder()\n            .displayName(\"example\")\n            .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n                .resourceAppId(wellKnown.result().MicrosoftGraph())\n                .resourceAccesses(                \n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.appRoleIds().applyValue(_appRoleIds -\u003e _appRoleIds.User.Read.All()))\n                        .type(\"Role\")\n                        .build(),\n                    ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n                        .id(msgraph.oauth2PermissionScopeIds().applyValue(_oauth2PermissionScopeIds -\u003e _oauth2PermissionScopeIds.User.ReadWrite()))\n                        .type(\"Scope\")\n                        .build())\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  msgraph:\n    type: azuread:ServicePrincipal\n    properties:\n      clientId: ${wellKnown.result.MicrosoftGraph}\n      useExisting: true\n  example:\n    type: azuread:Application\n    properties:\n      displayName: example\n      requiredResourceAccesses:\n        - resourceAppId: ${wellKnown.result.MicrosoftGraph}\n          resourceAccesses:\n            - id: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n              type: Role\n            - id: ${msgraph.oauth2PermissionScopeIds\"User.ReadWrite\"[%!s(MISSING)]}\n              type: Scope\nvariables:\n  wellKnown:\n    fn::invoke:\n      function: azuread:getApplicationPublishedAppIds\n      arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","outputs":{"description":"A collection of values returned by getApplicationPublishedAppIds.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"result":{"additionalProperties":{"type":"string"},"description":"A map of application names to application IDs.\n","type":"object"}},"required":["result","id"],"type":"object"}},"azuread:index/getApplicationTemplate:getApplicationTemplate":{"description":"Use this data source to access information about an Application Template from the [Azure AD App Gallery](https://azuremarketplace.microsoft.com/en-US/marketplace/apps/category/azure-active-directory-apps).\n\n## API Permissions\n\nThis data source does not require any additional roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n    displayName: \"Marketo\",\n});\nexport const applicationTemplateId = example.then(example =\u003e example.templateId);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Marketo\")\npulumi.export(\"applicationTemplateId\", example.template_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetApplicationTemplate.Invoke(new()\n    {\n        DisplayName = \"Marketo\",\n    });\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"applicationTemplateId\"] = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Marketo\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"applicationTemplateId\", example.TemplateId)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n            .displayName(\"Marketo\")\n            .build());\n\n        ctx.export(\"applicationTemplateId\", example.templateId());\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getApplicationTemplate\n      arguments:\n        displayName: Marketo\noutputs:\n  applicationTemplateId: ${example.templateId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getApplicationTemplate.\n","properties":{"displayName":{"type":"string","description":"Specifies the display name of the templated application.\n"},"templateId":{"type":"string","description":"Specifies the ID of the templated application.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`templateId`\" pulumi-lang-dotnet=\"`TemplateId`\" pulumi-lang-go=\"`templateId`\" pulumi-lang-python=\"`template_id`\" pulumi-lang-yaml=\"`templateId`\" pulumi-lang-java=\"`templateId`\"\u003e`templateId`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getApplicationTemplate.\n","properties":{"categories":{"description":"List of categories for this templated application.\n","items":{"type":"string"},"type":"array"},"displayName":{"description":"The display name for the templated application.\n","type":"string"},"homepageUrl":{"description":"Home page URL of the templated application.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"logoUrl":{"description":"URL to retrieve the logo for this templated application.\n","type":"string"},"publisher":{"description":"Name of the publisher for this templated application.\n","type":"string"},"supportedProvisioningTypes":{"description":"List of provisioning modes supported by this templated application.\n","items":{"type":"string"},"type":"array"},"supportedSingleSignOnModes":{"description":"List of single sign on modes supported by this templated application.\n","items":{"type":"string"},"type":"array"},"templateId":{"description":"The ID of the templated application.\n","type":"string"}},"required":["categories","displayName","homepageUrl","logoUrl","publisher","supportedProvisioningTypes","supportedSingleSignOnModes","templateId","id"],"type":"object"}},"azuread:index/getClientConfig:getClientConfig":{"description":"Use this data source to access the configuration of the AzureAD provider.\n\n## API Permissions\n\nNo additional roles are required to use this data source.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nexport const objectId = current.then(current =\u003e current.objectId);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\npulumi.export(\"objectId\", current.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetClientConfig.Invoke();\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"objectId\"] = current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"objectId\", current.ObjectId)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        ctx.export(\"objectId\", current.objectId());\n    }\n}\n```\n```yaml\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getClientConfig\n      arguments: {}\noutputs:\n  objectId: ${current.objectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","outputs":{"description":"A collection of values returned by getClientConfig.\n","properties":{"clientId":{"description":"The client ID (application ID) linked to the authenticated principal, or the application used for delegated authentication.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"objectId":{"description":"The object ID of the authenticated principal.\n","type":"string"},"tenantId":{"description":"The tenant ID of the authenticated principal.\n","type":"string"}},"required":["clientId","objectId","tenantId","id"],"type":"object"}},"azuread:index/getDirectoryObject:getDirectoryObject":{"description":"Retrieves the OData type for a generic directory object having the provided object ID.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires either `User.Read.All`, `Group.Read.All` or `Directory.Read.All`, depending on the type of object being queried.\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up and output type of object by ID*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getDirectoryObject({\n    objectId: \"00000000-0000-0000-0000-000000000000\",\n});\nexport const objectType = example.then(example =\u003e example.type);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_directory_object(object_id=\"00000000-0000-0000-0000-000000000000\")\npulumi.export(\"objectType\", example.type)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetDirectoryObject.Invoke(new()\n    {\n        ObjectId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"objectType\"] = example.Apply(getDirectoryObjectResult =\u003e getDirectoryObjectResult.Type),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetDirectoryObject(ctx, \u0026azuread.GetDirectoryObjectArgs{\n\t\t\tObjectId: \"00000000-0000-0000-0000-000000000000\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"objectType\", example.Type)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetDirectoryObjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getDirectoryObject(GetDirectoryObjectArgs.builder()\n            .objectId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n        ctx.export(\"objectType\", example.type());\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getDirectoryObject\n      arguments:\n        objectId: 00000000-0000-0000-0000-000000000000\noutputs:\n  objectType: ${example.type}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes Reference \n\nThe following attributes are exported:\n\n* \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e - The object ID of the directory object.\n* \u003cspan pulumi-lang-nodejs=\"`type`\" pulumi-lang-dotnet=\"`Type`\" pulumi-lang-go=\"`type`\" pulumi-lang-python=\"`type`\" pulumi-lang-yaml=\"`type`\" pulumi-lang-java=\"`type`\"\u003e`type`\u003c/span\u003e - The shortened OData type of the directory object. Possible values include: `Group`, `User` or `ServicePrincipal`.\n","inputs":{"description":"A collection of arguments for invoking getDirectoryObject.\n","properties":{"objectId":{"type":"string","description":"Specifies the Object ID of the directory object to look up.\n"}},"type":"object","required":["objectId"]},"outputs":{"description":"A collection of values returned by getDirectoryObject.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"objectId":{"type":"string"},"type":{"type":"string"}},"required":["objectId","type","id"],"type":"object"}},"azuread:index/getDirectoryRoleTemplates:getDirectoryRoleTemplates":{"description":"Use this data source to access information about directory role templates within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `RoleManagement.Read.Directory` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getDirectoryRoleTemplates({});\nexport const roles = current.then(current =\u003e current.objectIds);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_directory_role_templates()\npulumi.export(\"roles\", current.object_ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetDirectoryRoleTemplates.Invoke();\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"roles\"] = current.Apply(getDirectoryRoleTemplatesResult =\u003e getDirectoryRoleTemplatesResult.ObjectIds),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetDirectoryRoleTemplates(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"roles\", current.ObjectIds)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getDirectoryRoleTemplates(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        ctx.export(\"roles\", current.objectIds());\n    }\n}\n```\n```yaml\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getDirectoryRoleTemplates\n      arguments: {}\noutputs:\n  roles: ${current.objectIds}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","outputs":{"description":"A collection of values returned by getDirectoryRoleTemplates.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"objectIds":{"description":"The object IDs of the role templates.\n","items":{"type":"string"},"type":"array"},"roleTemplates":{"description":"A list of role templates. Each \u003cspan pulumi-lang-nodejs=\"`roleTemplate`\" pulumi-lang-dotnet=\"`RoleTemplate`\" pulumi-lang-go=\"`roleTemplate`\" pulumi-lang-python=\"`role_template`\" pulumi-lang-yaml=\"`roleTemplate`\" pulumi-lang-java=\"`roleTemplate`\"\u003e`roleTemplate`\u003c/span\u003e object provides the attributes documented below.\n","items":{"$ref":"#/types/azuread:index/getDirectoryRoleTemplatesRoleTemplate:getDirectoryRoleTemplatesRoleTemplate"},"type":"array"}},"required":["objectIds","roleTemplates","id"],"type":"object"}},"azuread:index/getDirectoryRoles:getDirectoryRoles":{"description":"Use this data source to access information about activated directory roles within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `RoleManagement.Read.Directory` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getDirectoryRoles({});\nexport const roles = current.then(current =\u003e current.objectIds);\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_directory_roles()\npulumi.export(\"roles\", current.object_ids)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var current = AzureAD.Index.GetDirectoryRoles.Invoke();\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"roles\"] = current.Apply(getDirectoryRolesResult =\u003e getDirectoryRolesResult.ObjectIds),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetDirectoryRoles(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"roles\", current.ObjectIds)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var current = AzureadFunctions.getDirectoryRoles(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n        ctx.export(\"roles\", current.objectIds());\n    }\n}\n```\n```yaml\nvariables:\n  current:\n    fn::invoke:\n      function: azuread:getDirectoryRoles\n      arguments: {}\noutputs:\n  roles: ${current.objectIds}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","outputs":{"description":"A collection of values returned by getDirectoryRoles.\n","properties":{"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"objectIds":{"description":"The object IDs of the roles.\n","items":{"type":"string"},"type":"array"},"roles":{"description":"A list of users. Each \u003cspan pulumi-lang-nodejs=\"`role`\" pulumi-lang-dotnet=\"`Role`\" pulumi-lang-go=\"`role`\" pulumi-lang-python=\"`role`\" pulumi-lang-yaml=\"`role`\" pulumi-lang-java=\"`role`\"\u003e`role`\u003c/span\u003e object provides the attributes documented below.\n","items":{"$ref":"#/types/azuread:index/getDirectoryRolesRole:getDirectoryRolesRole"},"type":"array"},"templateIds":{"description":"The template IDs of the roles.\n","items":{"type":"string"},"type":"array"}},"required":["objectIds","roles","templateIds","id"],"type":"object"}},"azuread:index/getDomains:getDomains":{"description":"Use this data source to access information about existing Domains within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Domain.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst aadDomains = azuread.getDomains({});\nexport const domainNames = aadDomains.then(aadDomains =\u003e aadDomains.domains.map(__item =\u003e __item.domainName));\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\naad_domains = azuread.get_domains()\npulumi.export(\"domainNames\", [__item.domain_name for __item in aad_domains.domains])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var aadDomains = AzureAD.Index.GetDomains.Invoke();\n\n    return new Dictionary\u003cstring, object?\u003e\n    {\n        [\"domainNames\"] = aadDomains.Apply(getDomainsResult =\u003e getDomainsResult.Domains).Select(__item =\u003e __item.DomainName).ToList(),\n    };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\naadDomains, err := azuread.GetDomains(ctx, \u0026azuread.GetDomainsArgs{\n}, nil);\nif err != nil {\nreturn err\n}\nctx.Export(\"domainNames\", pulumi.StringArray(%!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:3,11-43)))\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetDomainsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var aadDomains = AzureadFunctions.getDomains(GetDomainsArgs.builder()\n            .build());\n\n        ctx.export(\"domainNames\", aadDomains.domains().stream().map(element -\u003e element.domainName()).collect(toList()));\n    }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getDomains.\n","properties":{"adminManaged":{"type":"boolean","description":"Set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e to only return domains whose DNS is managed by Microsoft 365. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"includeUnverified":{"type":"boolean","description":"Set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e if unverified Azure AD domains should be included. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"onlyDefault":{"type":"boolean","description":"Set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e to only return the default domain.\n"},"onlyInitial":{"type":"boolean","description":"Set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e to only return the initial domain, which is your primary Azure Active Directory tenant domain. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"onlyRoot":{"type":"boolean","description":"Set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e to only return verified root domains. Excludes subdomains and unverified domains.\n"},"supportsServices":{"type":"array","items":{"type":"string"},"description":"A list of supported services that must be supported by a domain. Possible values include `Email`, `Sharepoint`, `EmailInternalRelayOnly`, `OfficeCommunicationsOnline`, `SharePointDefaultDomain`, `FullRedelegation`, `SharePointPublic`, `OrgIdAuthentication`, `Yammer` and `Intune`.\n\n\u003e **Note on filters** If \u003cspan pulumi-lang-nodejs=\"`includeUnverified`\" pulumi-lang-dotnet=\"`IncludeUnverified`\" pulumi-lang-go=\"`includeUnverified`\" pulumi-lang-python=\"`include_unverified`\" pulumi-lang-yaml=\"`includeUnverified`\" pulumi-lang-java=\"`includeUnverified`\"\u003e`includeUnverified`\u003c/span\u003e is set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, you cannot specify \u003cspan pulumi-lang-nodejs=\"`onlyDefault`\" pulumi-lang-dotnet=\"`OnlyDefault`\" pulumi-lang-go=\"`onlyDefault`\" pulumi-lang-python=\"`only_default`\" pulumi-lang-yaml=\"`onlyDefault`\" pulumi-lang-java=\"`onlyDefault`\"\u003e`onlyDefault`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`onlyInitial`\" pulumi-lang-dotnet=\"`OnlyInitial`\" pulumi-lang-go=\"`onlyInitial`\" pulumi-lang-python=\"`only_initial`\" pulumi-lang-yaml=\"`onlyInitial`\" pulumi-lang-java=\"`onlyInitial`\"\u003e`onlyInitial`\u003c/span\u003e. Additionally, you cannot combine \u003cspan pulumi-lang-nodejs=\"`onlyDefault`\" pulumi-lang-dotnet=\"`OnlyDefault`\" pulumi-lang-go=\"`onlyDefault`\" pulumi-lang-python=\"`only_default`\" pulumi-lang-yaml=\"`onlyDefault`\" pulumi-lang-java=\"`onlyDefault`\"\u003e`onlyDefault`\u003c/span\u003e with \u003cspan pulumi-lang-nodejs=\"`onlyInitial`\" pulumi-lang-dotnet=\"`OnlyInitial`\" pulumi-lang-go=\"`onlyInitial`\" pulumi-lang-python=\"`only_initial`\" pulumi-lang-yaml=\"`onlyInitial`\" pulumi-lang-java=\"`onlyInitial`\"\u003e`onlyInitial`\u003c/span\u003e.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getDomains.\n","properties":{"adminManaged":{"description":"Whether the DNS for the domain is managed by Microsoft 365.\n","type":"boolean"},"domains":{"description":"A list of tenant domains. Each \u003cspan pulumi-lang-nodejs=\"`domain`\" pulumi-lang-dotnet=\"`Domain`\" pulumi-lang-go=\"`domain`\" pulumi-lang-python=\"`domain`\" pulumi-lang-yaml=\"`domain`\" pulumi-lang-java=\"`domain`\"\u003e`domain`\u003c/span\u003e object provides the attributes documented below.\n","items":{"$ref":"#/types/azuread:index/getDomainsDomain:getDomainsDomain"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"includeUnverified":{"type":"boolean"},"onlyDefault":{"type":"boolean"},"onlyInitial":{"type":"boolean"},"onlyRoot":{"type":"boolean"},"supportsServices":{"items":{"type":"string"},"type":"array"}},"required":["domains","id"],"type":"object"}},"azuread:index/getGroup:getGroup":{"description":"Gets information about an Azure Active Directory group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Group.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n### By Group Display Name)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getGroup({\n    displayName: \"MyGroupName\",\n    securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_group(display_name=\"MyGroupName\",\n    security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetGroup.Invoke(new()\n    {\n        DisplayName = \"MyGroupName\",\n        SecurityEnabled = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroup(ctx, \u0026azuread.LookupGroupArgs{\n\t\t\tDisplayName:     pulumi.StringRef(\"MyGroupName\"),\n\t\t\tSecurityEnabled: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getGroup(GetGroupArgs.builder()\n            .displayName(\"MyGroupName\")\n            .securityEnabled(true)\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getGroup\n      arguments:\n        displayName: MyGroupName\n        securityEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getGroup.\n","properties":{"displayName":{"type":"string","description":"The display name for the group.\n"},"includeTransitiveMembers":{"type":"boolean","description":"Whether to include transitive members (a flat list of all nested members). Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"mailEnabled":{"type":"boolean","description":"Whether the group is mail-enabled.\n"},"mailNickname":{"type":"string","description":"The mail alias for the group, unique in the organisation.\n"},"objectId":{"type":"string","description":"Specifies the object ID of the group.\n"},"securityEnabled":{"type":"boolean","description":"Whether the group is a security group.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`mailNickname`\" pulumi-lang-dotnet=\"`MailNickname`\" pulumi-lang-go=\"`mailNickname`\" pulumi-lang-python=\"`mail_nickname`\" pulumi-lang-yaml=\"`mailNickname`\" pulumi-lang-java=\"`mailNickname`\"\u003e`mailNickname`\u003c/span\u003e must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getGroup.\n","properties":{"assignableToRole":{"description":"Indicates whether this group can be assigned to an Azure Active Directory role.\n","type":"boolean"},"autoSubscribeNewMembers":{"description":"Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Only set for Unified groups.\n","type":"boolean"},"behaviors":{"description":"A list of behaviors for a Microsoft 365 group, such as `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details.\n","items":{"type":"string"},"type":"array"},"description":{"description":"The optional description of the group.\n","type":"string"},"displayName":{"description":"The display name for the group.\n","type":"string"},"dynamicMemberships":{"description":"A \u003cspan pulumi-lang-nodejs=\"`dynamicMembership`\" pulumi-lang-dotnet=\"`DynamicMembership`\" pulumi-lang-go=\"`dynamicMembership`\" pulumi-lang-python=\"`dynamic_membership`\" pulumi-lang-yaml=\"`dynamicMembership`\" pulumi-lang-java=\"`dynamicMembership`\"\u003e`dynamicMembership`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getGroupDynamicMembership:getGroupDynamicMembership"},"type":"array"},"externalSendersAllowed":{"description":"Indicates whether people external to the organization can send messages to the group. Only set for Unified groups.\n","type":"boolean"},"hideFromAddressLists":{"description":"Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Only set for Unified groups.\n","type":"boolean"},"hideFromOutlookClients":{"description":"Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Only set for Unified groups.\n","type":"boolean"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"includeTransitiveMembers":{"type":"boolean"},"mail":{"description":"The SMTP address for the group.\n","type":"string"},"mailEnabled":{"description":"Whether the group is mail-enabled.\n","type":"boolean"},"mailNickname":{"description":"The mail alias for the group, unique in the organisation.\n","type":"string"},"members":{"description":"List of object IDs of the group members. When \u003cspan pulumi-lang-nodejs=\"`includeTransitiveMembers`\" pulumi-lang-dotnet=\"`IncludeTransitiveMembers`\" pulumi-lang-go=\"`includeTransitiveMembers`\" pulumi-lang-python=\"`include_transitive_members`\" pulumi-lang-yaml=\"`includeTransitiveMembers`\" pulumi-lang-java=\"`includeTransitiveMembers`\"\u003e`includeTransitiveMembers`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, contains a list of object IDs of all transitive group members.\n","items":{"type":"string"},"type":"array"},"objectId":{"description":"The object ID of the group.\n","type":"string"},"onpremisesDomainName":{"description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n","type":"string"},"onpremisesGroupType":{"description":"The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.\n","type":"string"},"onpremisesNetbiosName":{"description":"The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.\n","type":"string"},"onpremisesSamAccountName":{"description":"The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.\n","type":"string"},"onpremisesSecurityIdentifier":{"description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n","type":"string"},"onpremisesSyncEnabled":{"description":"Whether this group is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n","type":"boolean"},"owners":{"description":"List of object IDs of the group owners.\n","items":{"type":"string"},"type":"array"},"preferredLanguage":{"description":"The preferred language for a Microsoft 365 group, in ISO 639-1 notation.\n","type":"string"},"provisioningOptions":{"description":"A list of provisioning options for a Microsoft 365 group, such as `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details.\n","items":{"type":"string"},"type":"array"},"proxyAddresses":{"description":"List of email addresses for the group that direct to the same group mailbox.\n","items":{"type":"string"},"type":"array"},"securityEnabled":{"description":"Whether the group is a security group.\n","type":"boolean"},"theme":{"description":"The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. When no theme is set, the value is \u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e.\n","type":"string"},"types":{"description":"A list of group types configured for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group.\n","items":{"type":"string"},"type":"array"},"visibility":{"description":"The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility.\n","type":"string"},"writebackEnabled":{"description":"Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.\n","type":"boolean"}},"required":["assignableToRole","autoSubscribeNewMembers","behaviors","description","displayName","dynamicMemberships","externalSendersAllowed","hideFromAddressLists","hideFromOutlookClients","mail","mailEnabled","mailNickname","members","objectId","onpremisesDomainName","onpremisesGroupType","onpremisesNetbiosName","onpremisesSamAccountName","onpremisesSecurityIdentifier","onpremisesSyncEnabled","owners","preferredLanguage","provisioningOptions","proxyAddresses","securityEnabled","theme","types","visibility","writebackEnabled","id"],"type":"object"}},"azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy":{"description":"Use this data source to retrieve a role policy for an Azure AD group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n    displayName: \"group-name\",\n    securityEnabled: true,\n});\nconst ownersPolicy = azuread.getGroupRoleManagementPolicyOutput({\n    groupId: example.id,\n    roleId: \"owner\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n    display_name=\"group-name\",\n    security_enabled=True)\nowners_policy = azuread.get_group_role_management_policy_output(group_id=example.id,\n    role_id=\"owner\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new AzureAD.Index.Group(\"example\", new()\n    {\n        DisplayName = \"group-name\",\n        SecurityEnabled = true,\n    });\n\n    var ownersPolicy = AzureAD.Index.GetGroupRoleManagementPolicy.Invoke(new()\n    {\n        GroupId = example.Id,\n        RoleId = \"owner\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName:     pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = azuread.GetGroupRoleManagementPolicyOutput(ctx, azuread.GetGroupRoleManagementPolicyOutputArgs{\n\t\t\tGroupId: example.ID(),\n\t\t\tRoleId:  pulumi.String(\"owner\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new Group(\"example\", GroupArgs.builder()\n            .displayName(\"group-name\")\n            .securityEnabled(true)\n            .build());\n\n        final var ownersPolicy = AzureadFunctions.getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs.builder()\n            .groupId(example.id())\n            .roleId(\"owner\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: azuread:Group\n    properties:\n      displayName: group-name\n      securityEnabled: true\nvariables:\n  ownersPolicy:\n    fn::invoke:\n      function: azuread:getGroupRoleManagementPolicy\n      arguments:\n        groupId: ${example.id}\n        roleId: owner\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getGroupRoleManagementPolicy.\n","properties":{"groupId":{"type":"string","description":"The ID of the Azure AD group for which the policy applies.\n"},"roleId":{"type":"string","description":"The type of assignment this policy coveres. Can be either \u003cspan pulumi-lang-nodejs=\"`member`\" pulumi-lang-dotnet=\"`Member`\" pulumi-lang-go=\"`member`\" pulumi-lang-python=\"`member`\" pulumi-lang-yaml=\"`member`\" pulumi-lang-java=\"`member`\"\u003e`member`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`owner`\" pulumi-lang-dotnet=\"`Owner`\" pulumi-lang-go=\"`owner`\" pulumi-lang-python=\"`owner`\" pulumi-lang-yaml=\"`owner`\" pulumi-lang-java=\"`owner`\"\u003e`owner`\u003c/span\u003e.\n"}},"type":"object","required":["groupId","roleId"]},"outputs":{"description":"A collection of values returned by getGroupRoleManagementPolicy.\n","properties":{"description":{"description":"(String) The description of this policy.\n","type":"string"},"displayName":{"description":"(String) The display name of this policy.\n","type":"string"},"groupId":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"roleId":{"type":"string"}},"required":["description","displayName","groupId","roleId","id"],"type":"object"}},"azuread:index/getGroups:getGroups":{"description":"Gets Object IDs or Display Names for multiple Azure Active Directory groups.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Group.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up by group name*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getGroups({\n    displayNames: [\n        \"group-a\",\n        \"group-b\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_groups(display_names=[\n    \"group-a\",\n    \"group-b\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetGroups.Invoke(new()\n    {\n        DisplayNames = new[]\n        {\n            \"group-a\",\n            \"group-b\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tDisplayNames: []string{\n\t\t\t\t\"group-a\",\n\t\t\t\t\"group-b\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n            .displayNames(            \n                \"group-a\",\n                \"group-b\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getGroups\n      arguments:\n        displayNames:\n          - group-a\n          - group-b\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by display name prefix*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst sales = azuread.getGroups({\n    displayNamePrefix: \"sales-\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nsales = azuread.get_groups(display_name_prefix=\"sales-\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var sales = AzureAD.Index.GetGroups.Invoke(new()\n    {\n        DisplayNamePrefix = \"sales-\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tDisplayNamePrefix: pulumi.StringRef(\"sales-\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var sales = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n            .displayNamePrefix(\"sales-\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  sales:\n    fn::invoke:\n      function: azuread:getGroups\n      arguments:\n        displayNamePrefix: sales-\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up all groups*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst all = azuread.getGroups({\n    returnAll: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nall = azuread.get_groups(return_all=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var all = AzureAD.Index.GetGroups.Invoke(new()\n    {\n        ReturnAll = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tReturnAll: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var all = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n            .returnAll(true)\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  all:\n    fn::invoke:\n      function: azuread:getGroups\n      arguments:\n        returnAll: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up all mail-enabled groups*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst mailEnabled = azuread.getGroups({\n    mailEnabled: true,\n    returnAll: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nmail_enabled = azuread.get_groups(mail_enabled=True,\n    return_all=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var mailEnabled = AzureAD.Index.GetGroups.Invoke(new()\n    {\n        MailEnabled = true,\n        ReturnAll = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tMailEnabled: pulumi.BoolRef(true),\n\t\t\tReturnAll:   pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var mailEnabled = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n            .mailEnabled(true)\n            .returnAll(true)\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  mailEnabled:\n    fn::invoke:\n      function: azuread:getGroups\n      arguments:\n        mailEnabled: true\n        returnAll: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up all security-enabled groups that are not mail-enabled*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst securityOnly = azuread.getGroups({\n    mailEnabled: false,\n    returnAll: true,\n    securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nsecurity_only = azuread.get_groups(mail_enabled=False,\n    return_all=True,\n    security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var securityOnly = AzureAD.Index.GetGroups.Invoke(new()\n    {\n        MailEnabled = false,\n        ReturnAll = true,\n        SecurityEnabled = true,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tMailEnabled:     pulumi.BoolRef(false),\n\t\t\tReturnAll:       pulumi.BoolRef(true),\n\t\t\tSecurityEnabled: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var securityOnly = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n            .mailEnabled(false)\n            .returnAll(true)\n            .securityEnabled(true)\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  securityOnly:\n    fn::invoke:\n      function: azuread:getGroups\n      arguments:\n        mailEnabled: false\n        returnAll: true\n        securityEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getGroups.\n","properties":{"displayNamePrefix":{"type":"string","description":"A common display name prefix to match when returning groups.\n"},"displayNames":{"type":"array","items":{"type":"string"},"description":"The display names of the groups.\n"},"ignoreMissing":{"type":"boolean","description":"Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with \u003cspan pulumi-lang-nodejs=\"`returnAll`\" pulumi-lang-dotnet=\"`ReturnAll`\" pulumi-lang-go=\"`returnAll`\" pulumi-lang-python=\"`return_all`\" pulumi-lang-yaml=\"`returnAll`\" pulumi-lang-java=\"`returnAll`\"\u003e`returnAll`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"mailEnabled":{"type":"boolean","description":"Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e ensures all groups are mail-enabled, and setting to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e ensures that all groups are _not_ mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with \u003cspan pulumi-lang-nodejs=\"`objectIds`\" pulumi-lang-dotnet=\"`ObjectIds`\" pulumi-lang-go=\"`objectIds`\" pulumi-lang-python=\"`object_ids`\" pulumi-lang-yaml=\"`objectIds`\" pulumi-lang-java=\"`objectIds`\"\u003e`objectIds`\u003c/span\u003e.\n"},"objectIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of the groups.\n"},"returnAll":{"type":"boolean","description":"A flag to denote if all groups should be fetched and returned. Cannot be specified wth \u003cspan pulumi-lang-nodejs=\"`ignoreMissing`\" pulumi-lang-dotnet=\"`IgnoreMissing`\" pulumi-lang-go=\"`ignoreMissing`\" pulumi-lang-python=\"`ignore_missing`\" pulumi-lang-yaml=\"`ignoreMissing`\" pulumi-lang-java=\"`ignoreMissing`\"\u003e`ignoreMissing`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"securityEnabled":{"type":"boolean","description":"Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e ensures all groups are security-enabled, and setting to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e ensures that all groups are _not_ security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with \u003cspan pulumi-lang-nodejs=\"`objectIds`\" pulumi-lang-dotnet=\"`ObjectIds`\" pulumi-lang-go=\"`objectIds`\" pulumi-lang-python=\"`object_ids`\" pulumi-lang-yaml=\"`objectIds`\" pulumi-lang-java=\"`objectIds`\"\u003e`objectIds`\u003c/span\u003e.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`displayNames`\" pulumi-lang-dotnet=\"`DisplayNames`\" pulumi-lang-go=\"`displayNames`\" pulumi-lang-python=\"`display_names`\" pulumi-lang-yaml=\"`displayNames`\" pulumi-lang-java=\"`displayNames`\"\u003e`displayNames`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`displayNamePrefix`\" pulumi-lang-dotnet=\"`DisplayNamePrefix`\" pulumi-lang-go=\"`displayNamePrefix`\" pulumi-lang-python=\"`display_name_prefix`\" pulumi-lang-yaml=\"`displayNamePrefix`\" pulumi-lang-java=\"`displayNamePrefix`\"\u003e`displayNamePrefix`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`objectIds`\" pulumi-lang-dotnet=\"`ObjectIds`\" pulumi-lang-go=\"`objectIds`\" pulumi-lang-python=\"`object_ids`\" pulumi-lang-yaml=\"`objectIds`\" pulumi-lang-java=\"`objectIds`\"\u003e`objectIds`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`returnAll`\" pulumi-lang-dotnet=\"`ReturnAll`\" pulumi-lang-go=\"`returnAll`\" pulumi-lang-python=\"`return_all`\" pulumi-lang-yaml=\"`returnAll`\" pulumi-lang-java=\"`returnAll`\"\u003e`returnAll`\u003c/span\u003e should be specified. Either \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`objectIds`\" pulumi-lang-dotnet=\"`ObjectIds`\" pulumi-lang-go=\"`objectIds`\" pulumi-lang-python=\"`object_ids`\" pulumi-lang-yaml=\"`objectIds`\" pulumi-lang-java=\"`objectIds`\"\u003e`objectIds`\u003c/span\u003e _may_ be specified as an empty list, in which case no results will be returned.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getGroups.\n","properties":{"displayNamePrefix":{"type":"string"},"displayNames":{"description":"The display names of the groups.\n","items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"ignoreMissing":{"type":"boolean"},"mailEnabled":{"type":"boolean"},"objectIds":{"description":"The object IDs of the groups.\n","items":{"type":"string"},"type":"array"},"returnAll":{"type":"boolean"},"securityEnabled":{"type":"boolean"}},"required":["displayNamePrefix","displayNames","mailEnabled","objectIds","securityEnabled","id"],"type":"object"}},"azuread:index/getNamedLocation:getNamedLocation":{"description":"Gets information about a Named Location within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Reader`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getNamedLocation({\n    displayName: \"My Named Location\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_named_location(display_name=\"My Named Location\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetNamedLocation.Invoke(new()\n    {\n        DisplayName = \"My Named Location\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetNamedLocation(ctx, \u0026azuread.LookupNamedLocationArgs{\n\t\t\tDisplayName: \"My Named Location\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetNamedLocationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getNamedLocation(GetNamedLocationArgs.builder()\n            .displayName(\"My Named Location\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getNamedLocation\n      arguments:\n        displayName: My Named Location\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Attributes Reference \n\nThe following attributes are exported:\n\n* \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e - A \u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e block as documented below, which describes a country-based named location.\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e - The ID of the named location.\n* \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e - An \u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e block as documented below, which describes an IP-based named location.\n* \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e - The object ID of the named location.\n\n---\n\n\u003cspan pulumi-lang-nodejs=\"`country`\" pulumi-lang-dotnet=\"`Country`\" pulumi-lang-go=\"`country`\" pulumi-lang-python=\"`country`\" pulumi-lang-yaml=\"`country`\" pulumi-lang-java=\"`country`\"\u003e`country`\u003c/span\u003e block exports the following:\n\n* \u003cspan pulumi-lang-nodejs=\"`countriesAndRegions`\" pulumi-lang-dotnet=\"`CountriesAndRegions`\" pulumi-lang-go=\"`countriesAndRegions`\" pulumi-lang-python=\"`countries_and_regions`\" pulumi-lang-yaml=\"`countriesAndRegions`\" pulumi-lang-java=\"`countriesAndRegions`\"\u003e`countriesAndRegions`\u003c/span\u003e - List of countries and/or regions in two-letter format specified by ISO 3166-2.\n* \u003cspan pulumi-lang-nodejs=\"`includeUnknownCountriesAndRegions`\" pulumi-lang-dotnet=\"`IncludeUnknownCountriesAndRegions`\" pulumi-lang-go=\"`includeUnknownCountriesAndRegions`\" pulumi-lang-python=\"`include_unknown_countries_and_regions`\" pulumi-lang-yaml=\"`includeUnknownCountriesAndRegions`\" pulumi-lang-java=\"`includeUnknownCountriesAndRegions`\"\u003e`includeUnknownCountriesAndRegions`\u003c/span\u003e - Whether IP addresses that don't map to a country or region are included in the named location.\n\n---\n\n\u003cspan pulumi-lang-nodejs=\"`ip`\" pulumi-lang-dotnet=\"`Ip`\" pulumi-lang-go=\"`ip`\" pulumi-lang-python=\"`ip`\" pulumi-lang-yaml=\"`ip`\" pulumi-lang-java=\"`ip`\"\u003e`ip`\u003c/span\u003e block exports the following:\n\n* \u003cspan pulumi-lang-nodejs=\"`ipRanges`\" pulumi-lang-dotnet=\"`IpRanges`\" pulumi-lang-go=\"`ipRanges`\" pulumi-lang-python=\"`ip_ranges`\" pulumi-lang-yaml=\"`ipRanges`\" pulumi-lang-java=\"`ipRanges`\"\u003e`ipRanges`\u003c/span\u003e - List of IP address ranges in IPv4 CIDR format (e.g. `1.2.3.4/32`) or any allowable IPv6 format from IETF RFC596.\n* \u003cspan pulumi-lang-nodejs=\"`trusted`\" pulumi-lang-dotnet=\"`Trusted`\" pulumi-lang-go=\"`trusted`\" pulumi-lang-python=\"`trusted`\" pulumi-lang-yaml=\"`trusted`\" pulumi-lang-java=\"`trusted`\"\u003e`trusted`\u003c/span\u003e - Whether the named location is trusted.\n","inputs":{"description":"A collection of arguments for invoking getNamedLocation.\n","properties":{"displayName":{"type":"string","description":"Specifies the display named of the named location to look up.\n"}},"type":"object","required":["displayName"]},"outputs":{"description":"A collection of values returned by getNamedLocation.\n","properties":{"countries":{"items":{"$ref":"#/types/azuread:index/getNamedLocationCountry:getNamedLocationCountry"},"type":"array"},"displayName":{"type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"ips":{"items":{"$ref":"#/types/azuread:index/getNamedLocationIp:getNamedLocationIp"},"type":"array"},"objectId":{"type":"string"}},"required":["countries","displayName","ips","objectId","id"],"type":"object"}},"azuread:index/getServicePrincipal:getServicePrincipal":{"description":"Gets information about an existing service principal associated with an application within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Application.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up by application display name*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipal({\n    displayName: \"my-awesome-application\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principal(display_name=\"my-awesome-application\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        DisplayName = \"my-awesome-application\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipal(ctx, \u0026azuread.LookupServicePrincipalArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"my-awesome-application\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .displayName(\"my-awesome-application\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        displayName: my-awesome-application\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by client ID*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipal({\n    clientId: \"00000000-0000-0000-0000-000000000000\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principal(client_id=\"00000000-0000-0000-0000-000000000000\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        ClientId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipal(ctx, \u0026azuread.LookupServicePrincipalArgs{\n\t\t\tClientId: pulumi.StringRef(\"00000000-0000-0000-0000-000000000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .clientId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        clientId: 00000000-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by service principal object ID*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipal({\n    objectId: \"00000000-0000-0000-0000-000000000000\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principal(object_id=\"00000000-0000-0000-0000-000000000000\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetServicePrincipal.Invoke(new()\n    {\n        ObjectId = \"00000000-0000-0000-0000-000000000000\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipal(ctx, \u0026azuread.LookupServicePrincipalArgs{\n\t\t\tObjectId: pulumi.StringRef(\"00000000-0000-0000-0000-000000000000\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()\n            .objectId(\"00000000-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getServicePrincipal\n      arguments:\n        objectId: 00000000-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getServicePrincipal.\n","properties":{"clientId":{"type":"string","description":"The client ID of the application associated with this service principal.\n"},"displayName":{"type":"string","description":"The display name of the application associated with this service principal.\n"},"objectId":{"type":"string","description":"The object ID of the service principal.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`clientId`\" pulumi-lang-dotnet=\"`ClientId`\" pulumi-lang-go=\"`clientId`\" pulumi-lang-python=\"`client_id`\" pulumi-lang-yaml=\"`clientId`\" pulumi-lang-java=\"`clientId`\"\u003e`clientId`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`displayName`\" pulumi-lang-dotnet=\"`DisplayName`\" pulumi-lang-go=\"`displayName`\" pulumi-lang-python=\"`display_name`\" pulumi-lang-yaml=\"`displayName`\" pulumi-lang-java=\"`displayName`\"\u003e`displayName`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getServicePrincipal.\n","properties":{"accountEnabled":{"description":"Whether the service principal account is enabled.\n","type":"boolean"},"alternativeNames":{"description":"A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.\n","items":{"type":"string"},"type":"array"},"appRoleAssignmentRequired":{"description":"Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application.\n","type":"boolean"},"appRoleIds":{"additionalProperties":{"type":"string"},"description":"A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.\n","type":"object"},"appRoles":{"description":"A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).\n","items":{"$ref":"#/types/azuread:index/getServicePrincipalAppRole:getServicePrincipalAppRole"},"type":"array"},"applicationTenantId":{"description":"The tenant ID where the associated application is registered.\n","type":"string"},"clientId":{"description":"The client ID of the application associated with this service principal.\n","type":"string"},"description":{"description":"Permission help text that appears in the admin app assignment and consent experiences.\n","type":"string"},"displayName":{"description":"Display name for the permission that appears in the admin consent and app assignment experiences.\n","type":"string"},"featureTags":{"items":{"$ref":"#/types/azuread:index/getServicePrincipalFeatureTag:getServicePrincipalFeatureTag"},"type":"array"},"features":{"deprecationMessage":"This block has been renamed to \u003cspan pulumi-lang-nodejs=\"`featureTags`\" pulumi-lang-dotnet=\"`FeatureTags`\" pulumi-lang-go=\"`featureTags`\" pulumi-lang-python=\"`feature_tags`\" pulumi-lang-yaml=\"`featureTags`\" pulumi-lang-java=\"`featureTags`\"\u003e`featureTags`\u003c/span\u003e and will be removed in version 3.0 of the provider","description":"A \u003cspan pulumi-lang-nodejs=\"`features`\" pulumi-lang-dotnet=\"`Features`\" pulumi-lang-go=\"`features`\" pulumi-lang-python=\"`features`\" pulumi-lang-yaml=\"`features`\" pulumi-lang-java=\"`features`\"\u003e`features`\u003c/span\u003e block as described below.\n","items":{"$ref":"#/types/azuread:index/getServicePrincipalFeature:getServicePrincipalFeature"},"type":"array"},"homepageUrl":{"description":"Home page or landing page of the associated application.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"loginUrl":{"description":"The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps.\n","type":"string"},"logoutUrl":{"description":"The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.\n","type":"string"},"notes":{"description":"A free text field to capture information about the service principal, typically used for operational purposes.\n","type":"string"},"notificationEmailAddresses":{"description":"A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.\n","items":{"type":"string"},"type":"array"},"oauth2PermissionScopeIds":{"additionalProperties":{"type":"string"},"description":"A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.\n","type":"object"},"oauth2PermissionScopes":{"description":"A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an \u003cspan pulumi-lang-nodejs=\"`oauth2PermissionScopes`\" pulumi-lang-dotnet=\"`Oauth2PermissionScopes`\" pulumi-lang-go=\"`oauth2PermissionScopes`\" pulumi-lang-python=\"`oauth2_permission_scopes`\" pulumi-lang-yaml=\"`oauth2PermissionScopes`\" pulumi-lang-java=\"`oauth2PermissionScopes`\"\u003e`oauth2PermissionScopes`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getServicePrincipalOauth2PermissionScope:getServicePrincipalOauth2PermissionScope"},"type":"array"},"objectId":{"description":"The object ID of the service principal.\n","type":"string"},"preferredSingleSignOnMode":{"description":"The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps.\n","type":"string"},"redirectUris":{"description":"A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.\n","items":{"type":"string"},"type":"array"},"samlMetadataUrl":{"description":"The URL where the service exposes SAML metadata for federation.\n","type":"string"},"samlSingleSignOns":{"description":"A \u003cspan pulumi-lang-nodejs=\"`samlSingleSignOn`\" pulumi-lang-dotnet=\"`SamlSingleSignOn`\" pulumi-lang-go=\"`samlSingleSignOn`\" pulumi-lang-python=\"`saml_single_sign_on`\" pulumi-lang-yaml=\"`samlSingleSignOn`\" pulumi-lang-java=\"`samlSingleSignOn`\"\u003e`samlSingleSignOn`\u003c/span\u003e block as documented below.\n","items":{"$ref":"#/types/azuread:index/getServicePrincipalSamlSingleSignOn:getServicePrincipalSamlSingleSignOn"},"type":"array"},"servicePrincipalNames":{"description":"A list of identifier URI(s), copied over from the associated application.\n","items":{"type":"string"},"type":"array"},"signInAudience":{"description":"The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.\n","type":"string"},"tags":{"description":"A list of tags applied to the service principal.\n","items":{"type":"string"},"type":"array"},"type":{"description":"Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.\n","type":"string"}},"required":["accountEnabled","alternativeNames","appRoleAssignmentRequired","appRoleIds","appRoles","applicationTenantId","clientId","description","displayName","featureTags","features","homepageUrl","loginUrl","logoutUrl","notes","notificationEmailAddresses","oauth2PermissionScopeIds","oauth2PermissionScopes","objectId","preferredSingleSignOnMode","redirectUris","samlMetadataUrl","samlSingleSignOns","servicePrincipalNames","signInAudience","tags","type","id"],"type":"object"}},"azuread:index/getServicePrincipals:getServicePrincipals":{"description":"Gets basic information for multiple Azure Active Directory service principals.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Application.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up by application display names*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n    displayNames: [\n        \"example-app\",\n        \"another-app\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(display_names=[\n    \"example-app\",\n    \"another-app\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetServicePrincipals.Invoke(new()\n    {\n        DisplayNames = new[]\n        {\n            \"example-app\",\n            \"another-app\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tDisplayNames: []string{\n\t\t\t\t\"example-app\",\n\t\t\t\t\"another-app\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n            .displayNames(            \n                \"example-app\",\n                \"another-app\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getServicePrincipals\n      arguments:\n        displayNames:\n          - example-app\n          - another-app\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by application IDs (client IDs)*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n    clientIds: [\n        \"11111111-0000-0000-0000-000000000000\",\n        \"22222222-0000-0000-0000-000000000000\",\n        \"33333333-0000-0000-0000-000000000000\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(client_ids=[\n    \"11111111-0000-0000-0000-000000000000\",\n    \"22222222-0000-0000-0000-000000000000\",\n    \"33333333-0000-0000-0000-000000000000\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetServicePrincipals.Invoke(new()\n    {\n        ClientIds = new[]\n        {\n            \"11111111-0000-0000-0000-000000000000\",\n            \"22222222-0000-0000-0000-000000000000\",\n            \"33333333-0000-0000-0000-000000000000\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tClientIds: []string{\n\t\t\t\t\"11111111-0000-0000-0000-000000000000\",\n\t\t\t\t\"22222222-0000-0000-0000-000000000000\",\n\t\t\t\t\"33333333-0000-0000-0000-000000000000\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n            .clientIds(            \n                \"11111111-0000-0000-0000-000000000000\",\n                \"22222222-0000-0000-0000-000000000000\",\n                \"33333333-0000-0000-0000-000000000000\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getServicePrincipals\n      arguments:\n        clientIds:\n          - 11111111-0000-0000-0000-000000000000\n          - 22222222-0000-0000-0000-000000000000\n          - 33333333-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by service principal object IDs*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n    objectIds: [\n        \"00000000-0000-0000-0000-000000000000\",\n        \"00000000-0000-0000-0000-111111111111\",\n        \"00000000-0000-0000-0000-222222222222\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(object_ids=[\n    \"00000000-0000-0000-0000-000000000000\",\n    \"00000000-0000-0000-0000-111111111111\",\n    \"00000000-0000-0000-0000-222222222222\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetServicePrincipals.Invoke(new()\n    {\n        ObjectIds = new[]\n        {\n            \"00000000-0000-0000-0000-000000000000\",\n            \"00000000-0000-0000-0000-111111111111\",\n            \"00000000-0000-0000-0000-222222222222\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tObjectIds: []string{\n\t\t\t\t\"00000000-0000-0000-0000-000000000000\",\n\t\t\t\t\"00000000-0000-0000-0000-111111111111\",\n\t\t\t\t\"00000000-0000-0000-0000-222222222222\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n            .objectIds(            \n                \"00000000-0000-0000-0000-000000000000\",\n                \"00000000-0000-0000-0000-111111111111\",\n                \"00000000-0000-0000-0000-222222222222\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getServicePrincipals\n      arguments:\n        objectIds:\n          - 00000000-0000-0000-0000-000000000000\n          - 00000000-0000-0000-0000-111111111111\n          - 00000000-0000-0000-0000-222222222222\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getServicePrincipals.\n","properties":{"clientIds":{"type":"array","items":{"type":"string"},"description":"A list of client IDs of the applications associated with the service principals.\n"},"displayNames":{"type":"array","items":{"type":"string"},"description":"A list of display names of the applications associated with the service principals.\n"},"ignoreMissing":{"type":"boolean","description":"Ignore missing service principals and return all service principals that are found. The data source will still fail if no service principals are found. Defaults to false.\n"},"objectIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of the service principals.\n"},"returnAll":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the data source will return all service principals. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`ignoreMissing`\" pulumi-lang-dotnet=\"`IgnoreMissing`\" pulumi-lang-go=\"`ignoreMissing`\" pulumi-lang-python=\"`ignore_missing`\" pulumi-lang-yaml=\"`ignoreMissing`\" pulumi-lang-java=\"`ignoreMissing`\"\u003e`ignoreMissing`\u003c/span\u003e. Defaults to false.\n\n\u003e Either \u003cspan pulumi-lang-nodejs=\"`returnAll`\" pulumi-lang-dotnet=\"`ReturnAll`\" pulumi-lang-go=\"`returnAll`\" pulumi-lang-python=\"`return_all`\" pulumi-lang-yaml=\"`returnAll`\" pulumi-lang-java=\"`returnAll`\"\u003e`returnAll`\u003c/span\u003e, or one of \u003cspan pulumi-lang-nodejs=\"`clientIds`\" pulumi-lang-dotnet=\"`ClientIds`\" pulumi-lang-go=\"`clientIds`\" pulumi-lang-python=\"`client_ids`\" pulumi-lang-yaml=\"`clientIds`\" pulumi-lang-java=\"`clientIds`\"\u003e`clientIds`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`displayNames`\" pulumi-lang-dotnet=\"`DisplayNames`\" pulumi-lang-go=\"`displayNames`\" pulumi-lang-python=\"`display_names`\" pulumi-lang-yaml=\"`displayNames`\" pulumi-lang-java=\"`displayNames`\"\u003e`displayNames`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`objectIds`\" pulumi-lang-dotnet=\"`ObjectIds`\" pulumi-lang-go=\"`objectIds`\" pulumi-lang-python=\"`object_ids`\" pulumi-lang-yaml=\"`objectIds`\" pulumi-lang-java=\"`objectIds`\"\u003e`objectIds`\u003c/span\u003e must be specified. These _may_ be specified as an empty list, in which case no results will be returned.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getServicePrincipals.\n","properties":{"clientIds":{"description":"The client ID of the application associated with this service principal.\n","items":{"type":"string"},"type":"array"},"displayNames":{"description":"A list of display names of the applications associated with the service principals.\n","items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"ignoreMissing":{"type":"boolean"},"objectIds":{"description":"The object IDs of the service principals.\n","items":{"type":"string"},"type":"array"},"returnAll":{"type":"boolean"},"servicePrincipals":{"description":"A list of service principals. Each \u003cspan pulumi-lang-nodejs=\"`servicePrincipal`\" pulumi-lang-dotnet=\"`ServicePrincipal`\" pulumi-lang-go=\"`servicePrincipal`\" pulumi-lang-python=\"`service_principal`\" pulumi-lang-yaml=\"`servicePrincipal`\" pulumi-lang-java=\"`servicePrincipal`\"\u003e`servicePrincipal`\u003c/span\u003e object provides the attributes documented below.\n","items":{"$ref":"#/types/azuread:index/getServicePrincipalsServicePrincipal:getServicePrincipalsServicePrincipal"},"type":"array"}},"required":["clientIds","displayNames","objectIds","servicePrincipals","id"],"type":"object"}},"azuread:index/getUser:getUser":{"description":"Gets information about an Azure Active Directory user.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `User.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getUser({\n    userPrincipalName: \"user@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_user(user_principal_name=\"user@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = AzureAD.Index.GetUser.Invoke(new()\n    {\n        UserPrincipalName = \"user@example.com\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetUser(ctx, \u0026azuread.LookupUserArgs{\n\t\t\tUserPrincipalName: pulumi.StringRef(\"user@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var example = AzureadFunctions.getUser(GetUserArgs.builder()\n            .userPrincipalName(\"user@example.com\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  example:\n    fn::invoke:\n      function: azuread:getUser\n      arguments:\n        userPrincipalName: user@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getUser.\n","properties":{"employeeId":{"type":"string","description":"The employee identifier assigned to the user by the organisation.\n"},"mail":{"type":"string","description":"The SMTP address for the user.\n"},"mailNickname":{"type":"string","description":"The email alias of the user.\n"},"objectId":{"type":"string","description":"The object ID of the user.\n"},"userPrincipalName":{"type":"string","description":"The user principal name (UPN) of the user.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`userPrincipalName`\" pulumi-lang-dotnet=\"`UserPrincipalName`\" pulumi-lang-go=\"`userPrincipalName`\" pulumi-lang-python=\"`user_principal_name`\" pulumi-lang-yaml=\"`userPrincipalName`\" pulumi-lang-java=\"`userPrincipalName`\"\u003e`userPrincipalName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`objectId`\" pulumi-lang-dotnet=\"`ObjectId`\" pulumi-lang-go=\"`objectId`\" pulumi-lang-python=\"`object_id`\" pulumi-lang-yaml=\"`objectId`\" pulumi-lang-java=\"`objectId`\"\u003e`objectId`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mail`\" pulumi-lang-dotnet=\"`Mail`\" pulumi-lang-go=\"`mail`\" pulumi-lang-python=\"`mail`\" pulumi-lang-yaml=\"`mail`\" pulumi-lang-java=\"`mail`\"\u003e`mail`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mailNickname`\" pulumi-lang-dotnet=\"`MailNickname`\" pulumi-lang-go=\"`mailNickname`\" pulumi-lang-python=\"`mail_nickname`\" pulumi-lang-yaml=\"`mailNickname`\" pulumi-lang-java=\"`mailNickname`\"\u003e`mailNickname`\u003c/span\u003e or \u003cspan pulumi-lang-nodejs=\"`employeeId`\" pulumi-lang-dotnet=\"`EmployeeId`\" pulumi-lang-go=\"`employeeId`\" pulumi-lang-python=\"`employee_id`\" pulumi-lang-yaml=\"`employeeId`\" pulumi-lang-java=\"`employeeId`\"\u003e`employeeId`\u003c/span\u003e must be specified.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getUser.\n","properties":{"accountEnabled":{"description":"Whether or not the account is enabled.\n","type":"boolean"},"ageGroup":{"description":"The age group of the user. Supported values are `Adult`, `NotAdult` and `Minor`.\n","type":"string"},"businessPhones":{"description":"A list of telephone numbers for the user.\n","items":{"type":"string"},"type":"array"},"city":{"description":"The city in which the user is located.\n","type":"string"},"companyName":{"description":"The company name which the user is associated. This property can be useful for describing the company that an external user comes from.\n","type":"string"},"consentProvidedForMinor":{"description":"Whether consent has been obtained for minors. Supported values are `Granted`, `Denied` and `NotRequired`.\n","type":"string"},"costCenter":{"description":"The cost center associated with the user.\n","type":"string"},"country":{"description":"The country/region in which the user is located, e.g. `US` or `UK`.\n","type":"string"},"creationType":{"description":"Indicates whether the user account was created as a regular school or work account (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e), an external account (`Invitation`), a local account for an Azure Active Directory B2C tenant (`LocalAccount`) or self-service sign-up using email verification (`EmailVerified`).\n","type":"string"},"department":{"description":"The name for the department in which the user works.\n","type":"string"},"displayName":{"description":"The display name of the user.\n","type":"string"},"division":{"description":"The name of the division in which the user works.\n","type":"string"},"employeeHireDate":{"description":"The hire date of the user, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n","type":"string"},"employeeId":{"description":"The employee identifier assigned to the user by the organisation.\n","type":"string"},"employeeType":{"description":"Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.\n","type":"string"},"externalUserState":{"description":"For an external user invited to the tenant, this property represents the invited user's invitation status. Possible values are `PendingAcceptance` or `Accepted`.\n","type":"string"},"faxNumber":{"description":"The fax number of the user.\n","type":"string"},"givenName":{"description":"The given name (first name) of the user.\n","type":"string"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"imAddresses":{"description":"A list of instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user.\n","items":{"type":"string"},"type":"array"},"jobTitle":{"description":"The user’s job title.\n","type":"string"},"mail":{"description":"The SMTP address for the user.\n","type":"string"},"mailNickname":{"description":"The email alias of the user.\n","type":"string"},"managerId":{"description":"The object ID of the user's manager.\n","type":"string"},"mobilePhone":{"description":"The primary cellular telephone number for the user.\n","type":"string"},"objectId":{"description":"The object ID of the user.\n","type":"string"},"officeLocation":{"description":"The office location in the user's place of business.\n","type":"string"},"onpremisesDistinguishedName":{"description":"The on-premises distinguished name (DN) of the user, synchronised from the on-premises directory when Azure AD Connect is used.\n","type":"string"},"onpremisesDomainName":{"description":"The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.\n","type":"string"},"onpremisesImmutableId":{"description":"The value used to associate an on-premise Active Directory user account with their Azure AD user object.\n","type":"string"},"onpremisesSamAccountName":{"description":"The on-premise SAM account name of the user.\n","type":"string"},"onpremisesSecurityIdentifier":{"description":"The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.\n","type":"string"},"onpremisesSyncEnabled":{"description":"Whether this user is synchronised from an on-premises directory (\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e), no longer synchronised (\u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e), or has never been synchronised (\u003cspan pulumi-lang-nodejs=\"`null`\" pulumi-lang-dotnet=\"`Null`\" pulumi-lang-go=\"`null`\" pulumi-lang-python=\"`null`\" pulumi-lang-yaml=\"`null`\" pulumi-lang-java=\"`null`\"\u003e`null`\u003c/span\u003e).\n","type":"boolean"},"onpremisesUserPrincipalName":{"description":"The on-premise user principal name of the user.\n","type":"string"},"otherMails":{"description":"A list of additional email addresses for the user.\n","items":{"type":"string"},"type":"array"},"postalCode":{"description":"The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.\n","type":"string"},"preferredLanguage":{"description":"The user's preferred language, in ISO 639-1 notation.\n","type":"string"},"proxyAddresses":{"description":"List of email addresses for the user that direct to the same mailbox.\n","items":{"type":"string"},"type":"array"},"showInAddressList":{"description":"Whether or not the Outlook global address list should include this user.\n","type":"boolean"},"state":{"description":"The state or province in the user's address.\n","type":"string"},"streetAddress":{"description":"The street address of the user's place of business.\n","type":"string"},"surname":{"description":"The user's surname (family name or last name).\n","type":"string"},"usageLocation":{"description":"The usage location of the user.\n","type":"string"},"userPrincipalName":{"description":"The user principal name (UPN) of the user.\n","type":"string"},"userType":{"description":"The user type in the directory. Possible values are `Guest` or `Member`.\n","type":"string"}},"required":["accountEnabled","ageGroup","businessPhones","city","companyName","consentProvidedForMinor","costCenter","country","creationType","department","displayName","division","employeeHireDate","employeeId","employeeType","externalUserState","faxNumber","givenName","imAddresses","jobTitle","mail","mailNickname","managerId","mobilePhone","objectId","officeLocation","onpremisesDistinguishedName","onpremisesDomainName","onpremisesImmutableId","onpremisesSamAccountName","onpremisesSecurityIdentifier","onpremisesSyncEnabled","onpremisesUserPrincipalName","otherMails","postalCode","preferredLanguage","proxyAddresses","showInAddressList","state","streetAddress","surname","usageLocation","userPrincipalName","userType","id"],"type":"object"}},"azuread:index/getUsers:getUsers":{"description":"Gets basic information for multiple Azure Active Directory users.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `User.ReadBasic.All`, `User.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst users = azuread.getUsers({\n    userPrincipalNames: [\n        \"kat@example.com\",\n        \"byte@example.com\",\n    ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nusers = azuread.get_users(user_principal_names=[\n    \"kat@example.com\",\n    \"byte@example.com\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var users = AzureAD.Index.GetUsers.Invoke(new()\n    {\n        UserPrincipalNames = new[]\n        {\n            \"kat@example.com\",\n            \"byte@example.com\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetUsers(ctx, \u0026azuread.GetUsersArgs{\n\t\t\tUserPrincipalNames: []string{\n\t\t\t\t\"kat@example.com\",\n\t\t\t\t\"byte@example.com\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetUsersArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var users = AzureadFunctions.getUsers(GetUsersArgs.builder()\n            .userPrincipalNames(            \n                \"kat@example.com\",\n                \"byte@example.com\")\n            .build());\n\n    }\n}\n```\n```yaml\nvariables:\n  users:\n    fn::invoke:\n      function: azuread:getUsers\n      arguments:\n        userPrincipalNames:\n          - kat@example.com\n          - byte@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getUsers.\n","properties":{"employeeIds":{"type":"array","items":{"type":"string"},"description":"The employee identifiers assigned to the users by the organisation.\n"},"ignoreMissing":{"type":"boolean","description":"Ignore missing users and return users that were found. The data source will still fail if no users are found. Cannot be specified with \u003cspan pulumi-lang-nodejs=\"`returnAll`\" pulumi-lang-dotnet=\"`ReturnAll`\" pulumi-lang-go=\"`returnAll`\" pulumi-lang-python=\"`return_all`\" pulumi-lang-yaml=\"`returnAll`\" pulumi-lang-java=\"`returnAll`\"\u003e`returnAll`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"mailNicknames":{"type":"array","items":{"type":"string"},"description":"The email aliases of the users.\n\n\u003e **Note:** \u003cspan pulumi-lang-nodejs=\"`mailNicknames`\" pulumi-lang-dotnet=\"`MailNicknames`\" pulumi-lang-go=\"`mailNicknames`\" pulumi-lang-python=\"`mail_nicknames`\" pulumi-lang-yaml=\"`mailNicknames`\" pulumi-lang-java=\"`mailNicknames`\"\u003e`mailNicknames`\u003c/span\u003e are not a unique identifier for users. If multiple users share the same \u003cspan pulumi-lang-nodejs=\"`mailNickname`\" pulumi-lang-dotnet=\"`MailNickname`\" pulumi-lang-go=\"`mailNickname`\" pulumi-lang-python=\"`mail_nickname`\" pulumi-lang-yaml=\"`mailNickname`\" pulumi-lang-java=\"`mailNickname`\"\u003e`mailNickname`\u003c/span\u003e, all matching users will be returned.\n"},"mails":{"type":"array","items":{"type":"string"},"description":"The SMTP email addresses of the users.\n"},"objectIds":{"type":"array","items":{"type":"string"},"description":"The object IDs of the users.\n"},"returnAll":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e, the data source will return all users. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`ignoreMissing`\" pulumi-lang-dotnet=\"`IgnoreMissing`\" pulumi-lang-go=\"`ignoreMissing`\" pulumi-lang-python=\"`ignore_missing`\" pulumi-lang-yaml=\"`ignoreMissing`\" pulumi-lang-java=\"`ignoreMissing`\"\u003e`ignoreMissing`\u003c/span\u003e. Defaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n"},"userPrincipalNames":{"type":"array","items":{"type":"string"},"description":"The user principal names (UPNs) of the users.\n\n\u003e Either \u003cspan pulumi-lang-nodejs=\"`returnAll`\" pulumi-lang-dotnet=\"`ReturnAll`\" pulumi-lang-go=\"`returnAll`\" pulumi-lang-python=\"`return_all`\" pulumi-lang-yaml=\"`returnAll`\" pulumi-lang-java=\"`returnAll`\"\u003e`returnAll`\u003c/span\u003e, or one of \u003cspan pulumi-lang-nodejs=\"`userPrincipalNames`\" pulumi-lang-dotnet=\"`UserPrincipalNames`\" pulumi-lang-go=\"`userPrincipalNames`\" pulumi-lang-python=\"`user_principal_names`\" pulumi-lang-yaml=\"`userPrincipalNames`\" pulumi-lang-java=\"`userPrincipalNames`\"\u003e`userPrincipalNames`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`objectIds`\" pulumi-lang-dotnet=\"`ObjectIds`\" pulumi-lang-go=\"`objectIds`\" pulumi-lang-python=\"`object_ids`\" pulumi-lang-yaml=\"`objectIds`\" pulumi-lang-java=\"`objectIds`\"\u003e`objectIds`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mailNicknames`\" pulumi-lang-dotnet=\"`MailNicknames`\" pulumi-lang-go=\"`mailNicknames`\" pulumi-lang-python=\"`mail_nicknames`\" pulumi-lang-yaml=\"`mailNicknames`\" pulumi-lang-java=\"`mailNicknames`\"\u003e`mailNicknames`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`mails`\" pulumi-lang-dotnet=\"`Mails`\" pulumi-lang-go=\"`mails`\" pulumi-lang-python=\"`mails`\" pulumi-lang-yaml=\"`mails`\" pulumi-lang-java=\"`mails`\"\u003e`mails`\u003c/span\u003e, or \u003cspan pulumi-lang-nodejs=\"`employeeIds`\" pulumi-lang-dotnet=\"`EmployeeIds`\" pulumi-lang-go=\"`employeeIds`\" pulumi-lang-python=\"`employee_ids`\" pulumi-lang-yaml=\"`employeeIds`\" pulumi-lang-java=\"`employeeIds`\"\u003e`employeeIds`\u003c/span\u003e must be specified. These _may_ be specified as an empty list, in which case no results will be returned.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getUsers.\n","properties":{"employeeIds":{"description":"The employee identifiers assigned to the users by the organisation.\n","items":{"type":"string"},"type":"array"},"id":{"description":"The provider-assigned unique ID for this managed resource.","type":"string"},"ignoreMissing":{"type":"boolean"},"mailNicknames":{"description":"The email aliases of the users.\n","items":{"type":"string"},"type":"array"},"mails":{"description":"The SMTP email addresses of the users.\n","items":{"type":"string"},"type":"array"},"objectIds":{"description":"The object IDs of the users.\n","items":{"type":"string"},"type":"array"},"returnAll":{"type":"boolean"},"userPrincipalNames":{"description":"The user principal names (UPNs) of the users.\n","items":{"type":"string"},"type":"array"},"users":{"description":"A list of users. Each \u003cspan pulumi-lang-nodejs=\"`user`\" pulumi-lang-dotnet=\"`User`\" pulumi-lang-go=\"`user`\" pulumi-lang-python=\"`user`\" pulumi-lang-yaml=\"`user`\" pulumi-lang-java=\"`user`\"\u003e`user`\u003c/span\u003e object provides the attributes documented below.\n","items":{"$ref":"#/types/azuread:index/getUsersUser:getUsersUser"},"type":"array"}},"required":["employeeIds","mailNicknames","mails","objectIds","userPrincipalNames","users","id"],"type":"object"}},"pulumi:providers:azuread/terraformConfig":{"description":"This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.","inputs":{"properties":{"__self__":{"type":"ref","$ref":"#/provider"}},"type":"pulumi:providers:azuread/terraformConfig","required":["__self__"]},"outputs":{"properties":{"result":{"additionalProperties":{"$ref":"pulumi.json#/Any"},"type":"object"}},"required":["result"],"type":"object"}}}}