Terraform for M365 & Azure (With Real Examples)

Title:

Terraform for M365 and Azure — Infrastructure-as-Code Made Simple

Introduction

Terraform is one of the most powerful tools for managing cloud environments because it lets you declare what you want and Azure builds it. No guessing. No clicking. No forgetting what you changed.

Even if M365 doesn’t support Terraform natively for all workloads, you can still automate Azure AD, Conditional Access, Groups, SPNs, Networking, Key Vault, and App Registrations through the Microsoft Graph provider.

I used IaC principles while supporting Church systems — Terraform makes environments repeatable, auditable, and consistent.

1. Installing Terraform

choco install terraform

2. Azure Login Block

provider "azurerm" {
  features {}
}

provider "azuread" {
}

3. Creating an Azure Resource Group

resource "azurerm_resource_group" "rg1" {
  name     = "M365AutomationRG"
  location = "WestUS2"
}

4. Creating an Azure AD Group

resource "azuread_group" "security_group" {
  display_name     = "M365-Automation-Admins"
  security_enabled = true
}

5. Creating an App Registration + Secret

resource "azuread_application" "app" {
  display_name = "Terraform-Automation-App"
}

resource "azuread_service_principal" "sp" {
  application_id = azuread_application.app.application_id
}

resource "azuread_application_password" "sp_secret" {
  application_object_id = azuread_application.app.id
  display_name          = "secret1"
}

6. Conditional Access via Terraform (Yes, possible!)

Uses the Microsoft Graph Terraform provider.

resource "msgraph_conditional_access_policy" "block_non_us" {
  display_name = "Block Non-US IP"
  state        = "enabled"

  conditions {
    users {
      include_users = ["all"]
    }
    locations {
      include_locations = ["All"]
      exclude_locations = ["US"]
    }
  }

  grant_controls {
    operator         = "OR"
    built_in_controls = ["block"]
  }
}

7. Create an M365 Group (Unified Group)

resource "msgraph_group" "m365_group" {
  display_name     = "Engineering Team"
  mail_nickname    = "engineering"
  security_enabled = false
  mail_enabled     = true
  group_type       = ["Unified"]
}

8. Create Azure Key Vault

resource "azurerm_key_vault" "kv" {
  name                = "m365-keyvault-prod"
  location            = azurerm_resource_group.rg1.location
  resource_group_name = azurerm_resource_group.rg1.name
  tenant_id           = data.azuread_client_config.current.tenant_id
  sku_name            = "standard"
}

Conclusion

Terraform is the “blueprint” of modern cloud administration.
Clicking creates inconsistencies — IaC creates reliable, repeatable deployments.

Jet Mariano

Terraform for M365 & Azure (With Real Examples)

Title:

Introduction

1. Installing Terraform

2. Azure Login Block

3. Creating an Azure Resource Group

4. Creating an Azure AD Group

5. Creating an App Registration + Secret

6. Conditional Access via Terraform (Yes, possible!)

7. Create an M365 Group (Unified Group)

8. Create Azure Key Vault

Conclusion

More posts

What My Eyes and Camera Remembered.

Weekly IT Blog

How to Implement High-Availability Engineering (Step-by-Step)

MIT8 – “Don’t Give Up, Boy”

How to Install Sysmon on Windows 11 (Step-by-Step Guide)

Terraform for M365 & Azure (With Real Examples)

Title:

Introduction

1. Installing Terraform

2. Azure Login Block

3. Creating an Azure Resource Group

4. Creating an Azure AD Group

5. Creating an App Registration + Secret

6. Conditional Access via Terraform (Yes, possible!)

7. Create an M365 Group (Unified Group)

8. Create Azure Key Vault

Conclusion

More posts

What My Eyes and Camera Remembered.

Weekly IT Blog

How to Implement High-Availability Engineering (Step-by-Step)

MIT8 – “Don’t Give Up, Boy”

MIT8 – “Keeping the Temple Holy”

How to Install Sysmon on Windows 11 (Step-by-Step Guide)