Support for Management Group Settings (defaultManagementGroup & requireAuthorizationForGroupCreation)

[w-kramer]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Hello there,

as per Microsoft API Reference, it is possible to configure "defaultManagementGroup" and "requireAuthorizationForGroupCreation". I am missing this in the current azurerm provider. By now, I am using azapi provider to push the configuration, which is quite inconvenient as it doesn't track changes to this setting.

Example for azapi provider:

resource "azapi_resource_action" "management_group_settings" {
  type        = "Microsoft.Management/managementGroups@2021-04-01"
  resource_id = local.tenant_root_group_id
  action      = "settings/default"
  method      = "PATCH"
  body = jsonencode({
    properties = {
      requireAuthorizationForGroupCreation = true
      defaultManagementGroup = var.default_management_group_id
    }
  })
}

New or Affected Resource(s)/Data Source(s)

azurerm_management_group_settings

Potential Terraform Configuration

data "azurerm_management_group" "example" {
  name = "00000000-0000-0000-0000-000000000000"
}

azurerm_management_group_settings "example" {
  defaultManagementGroup = data.azurerm_management_group.example.id
  requireAuthorizationForGroupCreation = true
}

References

https://learn.microsoft.com/en-us/azure/templates/microsoft.management/2021-04-01/managementgroups/settings

[rcskosir]

Thank you for taking the time to open this feature request!