Skip to main content
The Microsoft 365 provider supports multiple cloud environments, each with different endpoints for authentication and Microsoft Graph API access.

Supported Cloud Environments

The provider supports the following cloud environments via the cloud parameter:

Public Cloud

Microsoft Azure Public Cloud (default)Value: public

US Government Cloud

US Government Cloud (GCC)Value: gcc

US Government High

US Government High Cloud (GCC High)Value: gcchigh

US DoD Cloud

US Department of Defense CloudValue: dod

China Cloud

Microsoft Cloud China (operated by 21Vianet)Value: china

EagleX Cloud

EagleX Cloud EnvironmentValue: ex

Secure Cloud (RX)

Secure Cloud EnvironmentValue: rx

Configuration

Set the cloud environment using the cloud parameter: 
provider "microsoft365" {
  cloud       = "public"
  tenant_id   = var.tenant_id
  auth_method = "client_secret"

  entra_id_options = {
    client_id     = var.client_id
    client_secret = var.client_secret
  }
}
Or using an environment variable: 
export M365_CLOUD="public"

Cloud-Specific Details

Public Cloud (public)

Default environment for most Microsoft 365 customers. Endpoints:
  • OAuth Authority: https://login.microsoftonline.com/
  • Graph API: https://graph.microsoft.com/v1.0
  • Graph Beta API: https://graph.microsoft.com/beta
Configuration: 
provider "microsoft365" {
  cloud = "public"
  # ... other configuration
}

US Government Cloud (gcc)

For US Government Community Cloud customers. Endpoints:
  • OAuth Authority: https://login.microsoftonline.us/
  • Graph API: https://graph.microsoft.us/v1.0
  • Graph Beta API: https://graph.microsoft.us/beta
Configuration: 
provider "microsoft365" {
  cloud = "gcc"
  # ... other configuration
}

US Government High Cloud (gcchigh)

For US Government Community Cloud High (GCC High) customers with enhanced compliance requirements. Endpoints:
  • OAuth Authority: https://login.microsoftonline.us/
  • Graph API: https://graph.microsoft.us/v1.0
  • Graph Beta API: https://graph.microsoft.us/beta
Configuration: 
provider "microsoft365" {
  cloud = "gcchigh"
  # ... other configuration
}

US Department of Defense Cloud (dod)

For US Department of Defense customers with the highest compliance and security requirements. Endpoints:
  • OAuth Authority: https://login.microsoftonline.us/
  • Graph API: https://dod-graph.microsoft.us/v1.0
  • Graph Beta API: https://dod-graph.microsoft.us/beta
Configuration: 
provider "microsoft365" {
  cloud = "dod"
  # ... other configuration
}

China Cloud (china)

For Microsoft Cloud China operated by 21Vianet. Endpoints:
  • OAuth Authority: https://login.chinacloudapi.cn/
  • Graph API: https://microsoftgraph.chinacloudapi.cn/v1.0
  • Graph Beta API: https://microsoftgraph.chinacloudapi.cn/beta
Configuration: 
provider "microsoft365" {
  cloud = "china"
  # ... other configuration
}
Microsoft Cloud China is operated by 21Vianet and is physically separated from Microsoft’s global cloud infrastructure. You’ll need separate credentials and tenant IDs for this environment.

EagleX Cloud (ex)

For EagleX Cloud Environment customers. Configuration: 
provider "microsoft365" {
  cloud = "ex"
  # ... other configuration
}

Secure Cloud (rx)

For Secure Cloud (RX) Environment customers. Configuration: 
provider "microsoft365" {
  cloud = "rx"
  # ... other configuration
}

Disconnected Clouds and Private Clouds

If you’re using a disconnected cloud or private cloud such as Azure Stack, you may need to disable instance discovery: 
provider "microsoft365" {
  cloud = "public"
  
  entra_id_options = {
    disable_instance_discovery = true
    # ... other authentication options
  }
}
Or using an environment variable: 
export M365_DISABLE_INSTANCE_DISCOVERY="true"
Only enable disable_instance_discovery for disconnected clouds or private clouds such as Azure Stack. Setting this to true will skip Microsoft Entra instance metadata requests, making your application responsible for ensuring the configured authority is valid and trustworthy.

Choosing the Right Cloud

1

Identify your organization's cloud

Check with your IT administrator or Azure portal to determine which cloud environment your organization uses.
2

Verify tenant ID

Ensure you’re using the correct tenant ID for your cloud environment. Tenant IDs are unique to each cloud.
3

Configure authentication

Set up authentication credentials appropriate for your cloud environment.
4

Test connectivity

Verify that the provider can successfully authenticate and access the Microsoft Graph API in your cloud environment.

Environment Variable Example

# For US Government Cloud
export M365_CLOUD="gcc"
export M365_TENANT_ID="your-gov-tenant-id"
export M365_CLIENT_ID="your-gov-client-id"
export M365_CLIENT_SECRET="your-gov-client-secret"

Complete Configuration Example

terraform {
  required_providers {
    microsoft365 = {
      source  = "deploymenttheory/microsoft365"
      version = "~> 0.40.0"
    }
  }
}

variable "cloud" {
  description = "The cloud environment to use"
  type        = string
  default     = "public"
  
  validation {
    condition     = contains(["public", "dod", "gcc", "gcchigh", "china", "ex", "rx"], var.cloud)
    error_message = "Cloud must be one of: public, dod, gcc, gcchigh, china, ex, rx"
  }
}

provider "microsoft365" {
  cloud       = var.cloud
  tenant_id   = var.tenant_id
  auth_method = "client_secret"

  entra_id_options = {
    client_id     = var.client_id
    client_secret = var.client_secret
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us