This is a community-driven project and is not officially supported by Microsoft. For help, questions, or to connect with other users and contributors, join the community Discord server.
What you can manage
The provider supports management of resources across multiple Microsoft cloud services:- Microsoft Intune - Device and app management, compliance policies, configuration profiles
- Microsoft Entra ID (formerly Azure AD) - Users, groups, conditional access policies, authentication methods
- Microsoft 365 - Tenant-wide settings, app installation options, admin configurations
- Microsoft Teams - Teams policies, calling policies, meeting configurations
- Microsoft Defender - Security policies and configurations
- Windows 365 - Cloud PC provisioning, user settings, device images, network connections
Key features
Wide resource coverage
Manage users, groups, devices, policies, and administrative resources across Microsoft services
Multi-cloud compatible
Works with Microsoft public cloud, US Government (GCC, GCC High, DoD), China, and other national clouds
Flexible authentication
Supports 11 authentication methods including client secret, certificate, managed identity, OIDC, and more
Microsoft Graph SDK
Built on Kiota-generated Graph SDKs for strongly-typed development and support for v1.0 and beta endpoints
Use cases
Infrastructure as code for Microsoft 365
Manage Microsoft 365 configuration (users, groups, policies, device management, and more) as code, enabling version control, peer review, and repeatable deployments—just as you would for cloud infrastructure in Azure or GCP.Automated, auditable change management
Use Terraform’s plan and apply in GitOps workflows to preview, approve, and track changes to your Microsoft 365 environment, ensuring all modifications are intentional, reviewed, and logged.Environment replication and drift detection
Reproduce Microsoft 365 tenant configurations across multiple environments (development, staging, production) or tenants, and detect configuration drift over time using Terraform’s state management.Disaster recovery and rapid rebuilds
Store your Microsoft 365 configuration in code, allowing for rapid recovery or migration of tenant settings, policies, and assignments in the event of accidental changes or tenant loss.Bulk and consistent policy enforcement
Apply security, compliance, and device management policies at scale, ensuring consistency and reducing manual configuration errors across large organizations or multiple tenants.Self-service via Terraform modules
Build reusable Terraform modules for common Microsoft 365 workloads, enabling service-owning teams to provide self-service provisioning to other engineering teams while maintaining standards.Integration with policy-as-code
Integrate with Open Policy Agent (OPA) or Conftest to enforce organizational standards, compliance, and guardrails on Microsoft 365 resources before deployment.Requirements
Before you begin, ensure you have:- Terraform >= 1.14.x installed
- A Microsoft 365 tenant with appropriate licenses
- An Entra ID application registration with the necessary API permissions
- Administrative access to configure authentication
Supported cloud environments
The provider works with multiple Microsoft cloud environments:| Environment | Cloud Value | Description |
|---|---|---|
| Public Cloud | public | Microsoft Azure Public Cloud (default) |
| US Government | gcc | US Government Cloud |
| US Government High | gcchigh | US Government High Cloud |
| US Department of Defense | dod | US DoD Cloud |
| China Cloud | china | Microsoft Cloud China (operated by 21Vianet) |
| EagleX Cloud | ex | EagleX Cloud environment |
| Secure Cloud | rx | Secure Cloud (RX) environment |
Example resources
Here are some of the resources you can manage with this provider:microsoft365_graph_beta_users_user- Create and manage user accountsmicrosoft365_graph_beta_groups_group- Manage security and Microsoft 365 groupsmicrosoft365_graph_beta_identity_and_access_conditional_access_policy- Configure conditional access policiesmicrosoft365_graph_beta_groups_group_member_assignment- Assign users to groupsmicrosoft365_graph_beta_device_management_windows_update_ring- Manage Windows update policiesmicrosoft365_graph_beta_windows_365_cloud_pc_provisioning_policy- Configure Cloud PC provisioning
Getting help
Quick start guide
Get up and running in minutes
Discord community
Ask questions and connect with other users
GitHub issues
Report bugs and request features
Important disclaimers
Data collection and telemetry
The provider may collect information about your use of the software and send it to Microsoft. You can opt out of telemetry by settingtelemetry_optout = true in your provider configuration or using the M365_TELEMETRY_OPTOUT environment variable. See Microsoft’s privacy statement for more information.
Next steps
Install the provider
Follow the Installation guide to add the provider to your Terraform configuration
Try the quick start
Deploy your first Microsoft 365 resources using the Quick start guide