Feature: Add support for configuring user settings

[ashtmMSFT]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add support for configuring [a subset of] user settings in Entra ID. Without a proper resource to support this, users must instead configure these settings manually or through REST calls to the appropriate Graph API(s).

For example, an organization could have requirements like these:

• Set "Users can register app registrations" to no
• Set "Users can create security groups" to no
• Set "Restrict non-admin users from creating tenants" to yes

New or Affected Resource(s)

I am certainly not an expert on how to best map one or more APIs to Terraform resources, but if we wanted to align with how these settings are organized in the Azure portal or Entra admin center, we could use:

• azuread_user_settings

Another viable approach would be to simply mirror the policy object(s) exposed by Graph:

• azuread_authorization_policy

Potential Terraform Configuration

resource "azuread_user_settings" "user_settings" {
    default_user_role_permissions = {
        allowed_to_create_apps = false
        allowed_to_create_security_groups = false
        allowed_to_create_tenants = false
    }
}

References

• https://learn.microsoft.com/en-us/graph/api/authorizationpolicy-update?view=graph-rest-1.0&tabs=http
• https://learn.microsoft.com/en-us/graph/api/resources/defaultuserrolepermissions?view=graph-rest-1.0