Is your feature request related to a problem? Please describe.
Today, Bicep templates that include Microsoft.Graph/* resources can be deployed via Azure CLI or Azure PowerShell, but I cannot achieve the same outcome when initiating deployments from the Azure Portal (e.g. Template Specs) or Azure Marketplace (offer creation). The portal/marketplace deployment fails with “Insufficient privileges to complete the operation.”
This is especially problematic for our scenario where our customers deploy our product in their tenant via Azure Marketplace. We need to create one or more app registrations during deployment, which requires delegated Microsoft Graph permissions such as Application.ReadWrite.All for interactive create/update.
Having this work end-to-end in the marketplace deployment would remove manual post-deployment steps and significantly improve customer onboarding.
Describe the solution you'd like
Enable Azure Portal (Template Spec deployments) and Azure Marketplace deployment flows to support ARM/Bicep templates that include Microsoft Graph resources via a supported interactive (delegated / on-behalf-of user) model.
Additional context
Documentation only list Azure CLI and Azure PowerShell as supported for interactive deployment, but if a supported workaround already exists for Portal/Marketplace initiated deployments, please point us to the recommended approach
Is your feature request related to a problem? Please describe.
Today, Bicep templates that include Microsoft.Graph/* resources can be deployed via Azure CLI or Azure PowerShell, but I cannot achieve the same outcome when initiating deployments from the Azure Portal (e.g. Template Specs) or Azure Marketplace (offer creation). The portal/marketplace deployment fails with “Insufficient privileges to complete the operation.”
This is especially problematic for our scenario where our customers deploy our product in their tenant via Azure Marketplace. We need to create one or more app registrations during deployment, which requires delegated Microsoft Graph permissions such as Application.ReadWrite.All for interactive create/update.
Having this work end-to-end in the marketplace deployment would remove manual post-deployment steps and significantly improve customer onboarding.
Describe the solution you'd like
Enable Azure Portal (Template Spec deployments) and Azure Marketplace deployment flows to support ARM/Bicep templates that include Microsoft Graph resources via a supported interactive (delegated / on-behalf-of user) model.
Additional context
Documentation only list Azure CLI and Azure PowerShell as supported for interactive deployment, but if a supported workaround already exists for Portal/Marketplace initiated deployments, please point us to the recommended approach