Skip to main content
The Microsoft 365 provider can leverage the Azure Developer CLI (azd) authentication to simplify the development experience. This method uses the existing authenticated session from the Azure Developer CLI, making it ideal for local development scenarios.

How It Works

This authentication method leverages the Azure Developer CLI authentication, which stores tokens in a local credential cache:
1

Check Authentication

The provider checks if the Azure Developer CLI is installed and authenticated
2

Use Existing Credential

It uses the existing credential to acquire tokens for Microsoft Graph
3

No App Registration

No additional app registrations or secrets are required

Benefits

  • Eliminates the need to create and manage separate app registrations
  • Removes the need to handle sensitive client secrets or certificates
  • Uses the same authentication context as your other Azure development tools
  • Supports automatic token renewal when tokens expire

Prerequisites

Use Cases

Local Development

Quick setup for development environments

Prototyping

Rapidly test Terraform configurations without overhead

Cross-service Dev

Maintain consistent auth when working with Azure and M365 resources

Testing

Simplified authentication for debugging issues

Setup

Install Azure Developer CLI

Follow the Azure Developer CLI installation guide for your operating system. Verify installation: 
azd version

Authenticate

# Basic authentication to your default tenant
azd auth login

# Or specify a tenant ID
azd auth login --tenant-id 00000000-0000-0000-0000-000000000000
No additional app registration setup is required for this authentication method.

Provider Configuration

VS Code Integration

Create a .vscode/tasks.json file to streamline your workflow: 
{
  "version": "2.0.0",
  "tasks": [
    {
      "label": "Terraform Init and Apply",
      "type": "shell",
      "command": "terraform init && terraform apply -auto-approve",
      "options": {
        "env": {
          "M365_AUTH_METHOD": "azure_developer_cli",
          "M365_TENANT_ID": "your-tenant-id-here"
        }
      },
      "problemMatcher": []
    },
    {
      "label": "Terraform Plan",
      "type": "shell",
      "command": "terraform plan",
      "options": {
        "env": {
          "M365_AUTH_METHOD": "azure_developer_cli",
          "M365_TENANT_ID": "your-tenant-id-here"
        }
      },
      "problemMatcher": []
    }
  ]
}
Access tasks in VS Code:
  1. Press Ctrl+Shift+P (or Cmd+Shift+P on macOS)
  2. Type “Tasks: Run Task”
  3. Select your desired task

Switching Between Auth Methods

Create a shell script to easily switch profiles: 
#!/bin/bash
# switch-auth-method.sh

case "$1" in
  dev)
    export M365_AUTH_METHOD="azure_developer_cli"
    echo "Switched to developer mode using Azure Developer CLI authentication"
    ;;
  prod)
    export M365_AUTH_METHOD="client_secret"
    export M365_CLIENT_ID="00000000-0000-0000-0000-000000000000"
    export M365_CLIENT_SECRET="$(cat ~/.secrets/m365_client_secret)"
    echo "Switched to production mode using service principal authentication"
    ;;
  *)
    echo "Usage: $0 {dev|prod}"
    exit 1
    ;;
esac

Limitations

Important Limitations
  • Requires Azure Developer CLI to be installed and available in PATH
  • Only works for interactive development scenarios
  • Uses the permissions of the currently logged-in user
  • Not suitable for automated workflows or CI/CD pipelines
  • Sessions might expire, requiring re-authentication
  • Less control over token lifetimes and authentication parameters
  • Not recommended for production deployment scenarios

Security Considerations

  • Azure Developer CLI stores tokens in a local credential cache, which is encrypted
  • The authentication uses the developer’s own user account
  • Actions performed will be attributable to that user
  • Token refresh is handled automatically
  • Ensure your user account follows the principle of least privilege
  • For shared or public computers, be cautious of leaving authenticated sessions active
  • Log out when finished: azd auth logout
  • For production environments, use dedicated service principal authentication

Troubleshooting

Error: Failed to create credential strategy: azure developer cli not found in PATHEnsure that azd is installed and available in your system PATH. Verify with:
azd version
Error: Failed to get token: azure developer cli not authenticatedRun azd auth login to authenticate before using Terraform.
Error: Failed to get token: tenant ID mismatchIf you work with multiple tenants, authenticate to the specific tenant:
azd auth login --tenant-id <tenant-id>
Error: Insufficient privileges to complete the operationThe authenticated user must have the necessary permissions for Microsoft Graph operations. Check your user permissions in the Microsoft Entra admin center.
Enable debug mode for detailed logging:
provider "microsoft365" {
  auth_method = "azure_developer_cli"
  debug_mode  = true
}

Build docs developers (and LLMs) love

Get started for freeTalk to us