Owner of a group

[slavizh]

Bicep version
Bicep CLI version 0.27.1 (4b41cb6d4b)

Resource and API version
Microsoft.Graph/[email protected]

Auth flow
automated

Deployment details
N/A

Describe the bug
When you create Microsoft365 group with application it lists the Microsoft Graph Bicep extension as owner. Preferably owner should be the application that did the deployment.

To Reproduce
Create Microsoft365 group with application.

Additional context
Add any other context about the problem here. For example, what permissions does the identity have if it's a permission issue?

[dkershaw10]

Nice bug. Thanks for filing this. We'll go investigate this.
Supporting app-only required some work in the authentication flows to support application on-behalf-of through the service tiers, to ensure that the originating client flows through to the API service. It looks like the wrong client was used in the ownership logic, probably due to us forgetting to hook this up to the new application on-behalf-of flow.

[dkershaw10]

@slavizh Known issues has been updated - with temporary workaround. That said, we will work on getting a fix for this.

[eketo-msft]

Hey @slavizh, the bug has been identified and the fix is in progress. Including the deployment time, it will probably take 2-3 weeks to get the fix shipped. Happy to share any other details as needed.

[eketo-msft]

Just sharing an update. The fix has been merged into the repo and we're expecting ~2 weeks for the deployment to complete. I'll circle back here after deployment and verification is completed.

[eketo-msft]

Hey @slavizh, the fix for this is fully deployed and verified. Please let me know if you continue to see any issues regarding group owner.

[dkershaw10]

Hi @slavizh - would you be able to verify the fix here please, and let us know if you are still seeing any issues? Thanks in advance.

[danstis]

@dkershaw10 - As this item was linked to #134, should any application created also be automatically owned by the SP that created it? As we are still seeing no owner assigned to Applications created using the graph extension.

[dkershaw10]

@danstis So this should work for groups and service principals (ownership should be assigned for these resource types), but we do indeed still have a problem with applications that we are trying to nail down and fix.

[slavizh]

@dkershaw10 confirming that this is now fixed and the owner assigned now is the SP that was used for the deployment of the Microsoft 365 group.

[dkershaw10]

Just to confirm for others. This is working for group ownership only. We currently still have a bug for application ownership. We think we have a fix for this, and we're waiting for the rollout of the fix to start (which we will also verify in early integration rings). We'll track status and validation of this issue in #134