You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After initial bootstrap using a user account, we would like to assume the identity of a service principal for subsequent deploys (see also #759).
Currently on the first deploy, any created groups via modules/azuread/groups/ are assigned the current user as the owner. This results in the following issue:
Group is created with my user as owner
On the second run, the module attempts to remove my user as owner and replace it with the service principal. This is not possible:
It's recommended to always specify one or more group owners, including the principal being used to execute Terraform, such as in the example above. When removing group owners, if a user principal has been assigned ownership, the last user cannot be removed as an owner. Microsoft 365 groups are required to always have at least one owner which must be a user (i.e. not a service principal).
One option seems to be to add extra groups / users as owners on the group. However right now it's not possible to assign owners via our modules/azuread/groups/ module.
The text was updated successfully, but these errors were encountered:
After initial bootstrap using a user account, we would like to assume the identity of a service principal for subsequent deploys (see also #759).
Currently on the first deploy, any created groups via
modules/azuread/groups/are assigned the current user as the owner. This results in the following issue:One option seems to be to add extra groups / users as owners on the group. However right now it's not possible to assign owners via our
modules/azuread/groups/module.The text was updated successfully, but these errors were encountered: