{"id":24630673,"url":"https://github.com/deploymenttheory/terraform-demo-microsoft365","last_synced_at":"2026-05-04T08:42:47.438Z","repository":{"id":273923856,"uuid":"919039237","full_name":"deploymenttheory/terraform-demo-microsoft365","owner":"deploymenttheory","description":"A gha demo using gitlab branching and terraform to automate configuration for microsoft365","archived":false,"fork":false,"pushed_at":"2025-12-01T09:03:49.000Z","size":10740,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-03T20:41:03.021Z","etag":null,"topics":["demo","microsoft365","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deploymenttheory.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-01-19T14:59:25.000Z","updated_at":"2025-12-01T09:03:45.000Z","dependencies_parsed_at":"2025-05-11T19:21:39.210Z","dependency_job_id":"ecf64e23-cc28-42ca-bfd3-7551cbcfd27c","html_url":"https://github.com/deploymenttheory/terraform-demo-microsoft365","commit_stats":null,"previous_names":["deploymenttheory/terraform-demo-microsoft365"],"tags_count":0,"template":false,"template_full_name":"deploymenttheory/Template","purl":"pkg:github/deploymenttheory/terraform-demo-microsoft365","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deploymenttheory%2Fterraform-demo-microsoft365","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deploymenttheory%2Fterraform-demo-microsoft365/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deploymenttheory%2Fterraform-demo-microsoft365/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deploymenttheory%2Fterraform-demo-microsoft365/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deploymenttheory","download_url":"https://codeload.github.com/deploymenttheory/terraform-demo-microsoft365/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deploymenttheory%2Fterraform-demo-microsoft365/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32600967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T22:12:39.696Z","status":"online","status_checked_at":"2026-05-04T02:00:06.625Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["demo","microsoft365","terraform"],"created_at":"2025-01-25T07:12:36.329Z","updated_at":"2026-05-04T08:42:47.419Z","avatar_url":"https://github.com/deploymenttheory.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-demo-microsoft365\n\nThis repository provides a demonstration of using Terraform to manage Microsoft 365 resources using the terraform-provider-microsoft365 provider.\n\nThis repo is designed for workplace engineers familiar with click ops with a learning pathway to start using declarative management with terraform for their operational workflows. This repo demonstrates how to use IaC principles to lifecycle\nmanage as code microsoft tools and services as code.\n\nThis lab has the following dependancies\n\n- a minimum of 1 Microsoft 365 tenant, but this demo is designed to be used with 3. One sandbox tenant and two route to live tenants.\n- terraform cloud for remote state management\n- github with github actions for CI/CD\n- access to create various enterprise app types with Entra ID to test different authentication methods\n- relevant m365 licensing for the demo\n- enterprise app defined within Entra ID for authentication with the correct graph permissions defined.\n\n## Getting Started\n\nBefore you begin working with this Terraform demo for Microsoft 365, you'll need to set up the required dependencies on your local system.\n\n### Prerequisites\n\n1. **Python 3**\n   - Python is required to run the prerequisite installation scripts\n   - [Download Python](https://www.python.org/downloads/)\n   - Verify installation with: `python --version` or `python3 --version`\n\n### Installing Dependencies\n\nNavigate to the prerequisites directory:\n\n```bash\ncd ./GitHub/deploymenttheory/terraform-demo-microsoft365/scripts/pre_reqs\n```\n\n#### For Windows Users\n\nIf you're using Windows, run the winget-based installation script:\n\n```bash\n# Run with Administrator privileges\npython install_dependencies_with_winget.py\n```\n\nThis script will:\n\n- Check if winget is installed\n- Install or update the following tools:\n  - Python (latest version)\n  - Go (latest version)\n  - Terraform (latest version)\n  - Terraform-docs (latest version)\n  - Azure CLI (latest version)\n  - Git (latest version)\n  - PowerShell (latest version)\n\n#### For macOS Users\n\nIf you're using macOS, you'll need to run two scripts:\n\n1. First, ensure Homebrew is installed:\n\n```bash\npython install_brew.py\n```\n\n2. Then, install the required dependencies:\n\n```bash\npython install_dependencies_with_brew.py\n```\n\nThese scripts will:\n\n- Check if Homebrew is installed and install it if needed\n- Install or update the following tools:\n  - Python (latest version)\n  - Go (latest version)\n  - Terraform (latest version)\n  - Terraform-docs (latest version)\n  - Azure CLI (latest version)\n  - Git (latest version)\n  - PowerShell (latest version)\n\n### Verifying Installation\n\nAfter running the appropriate script for your platform, you should see a summary of the installed versions. Verify that all required tools have been successfully installed.\n\n### Using Terraform Cloud as a Backend\n\nTo use Terraform Cloud as a backend for your local development environment, follow these steps:\n\n1. **Sign up for Terraform Cloud** at [app.terraform.io](https://app.terraform.io) if you haven't already.\n\n2. **Create an organization and workspace in Terraform Cloud**:\n\nYou can either create a new organization and workspace, use an existing one or use the supplied script to build the tfc project, workspace and variable sets.\n\n   1. **Sign up and create an organization**:\n      - Go to [app.terraform.io](https://app.terraform.io) and sign up for an account if you haven't already\n      - After signing up, create a new tf cloud organization (e.g., \"deploymenttheory\") or use an existing one\n2a. \n\n  2b. **Create and configure workspaces**:\n      - In your organization, navigate to \"Workspaces\" and click \"New Workspace\"\n      - Choose \"CLI-driven workflow\" for local Terraform execution\n      - Name your workspace (e.g., \"terraform-demo-microsoft365-sandbox\")\n      - Under the workspace settings, add tags that match your configuration (e.g., \"microsoft_365\")\n      - Configure any additional settings like environment variables or version control settings\n\n   c. **Ensure your Terraform configuration matches your organization and workspace**:\n\n      ```hcl\n      terraform {\n        required_providers {\n          microsoft365 = {\n            source  = \"deploymenttheory/microsoft365\"\n            version = \"0.12.0-alpha\"\n          }\n        }\n\n        cloud {\n          organization = \"deploymenttheory\"  # Replace with your organization name\n\n          workspaces {\n            # Using tags to allow multiple workspaces to use this configuration\n            tags = [\"microsoft_365\"]\n          }\n        }\n      }\n      ```\n\n   d. **Set execution mode to local (if needed)**:\n      - In your workspace settings, go to \"General\"\n      - Set the \"Execution Mode\" to \"Local\" if you want all Terraform operations to run on your local machine\n      - This allows you to run commands locally while still using Terraform Cloud for state management\n\n3. **Generate an API token**:\n   - Go to Account Settings \u003e Tokens\n   - Create an API token and call it something contextual e.g 'terraform-cli'\n   - Copy the token value and store it for later (you won't be able to see it again)\n\n4. **Configure local Terraform authentication**:\n\n   You can authenticate to Terraform Cloud using environment variables instead of the `.terraformrc` file. This is what we shall use for auth to our lab environment.\n\n   **Option A: Using a specific environment variable for app.terraform.io**:\n\n   ```bash\n   # For Terraform Cloud (app.terraform.io)\n   export TF_TOKEN_app_terraform_io=YOUR_TERRAFORM_CLOUD_TOKEN\n   ```\n\n   **Option B: Setting the token as an environment variable in your current shell**:\n\n   ```bash\n   # For bash/zsh\n   export TF_TOKEN_app_terraform_io=YOUR_TERRAFORM_CLOUD_TOKEN\n   \n   # For Windows PowerShell\n   $env:TF_TOKEN_app_terraform_io=\"YOUR_TERRAFORM_CLOUD_TOKEN\"\n   \n   # For Windows Command Prompt\n   set TF_TOKEN_app_terraform_io=YOUR_TERRAFORM_CLOUD_TOKEN\n   ```\n\n   **Option C: Creating the credential file programmatically**:\n\n   ```bash\n   # Create the credentials file with the token\n   mkdir -p ~/.terraform.d\n   echo '{\"credentials\":{\"app.terraform.io\":{\"token\":\"YOUR_TERRAFORM_CLOUD_TOKEN\"}}}' \u003e ~/.terraform.d/credentials.tfrc.json\n   ```\n\n   Replace `YOUR_TERRAFORM_CLOUD_TOKEN` with your actual Terraform Cloud API token in all examples.\n\n5. **Configure your project to use Terraform Cloud**:\n   - Add a `cloud` block in your main Terraform configuration file (e.g., `main.tf`).\n   - You must choose **only one** of these two approaches:\n\n   **Option A: Using a named workspace** (for single workspace configurations):\n\n   ```hcl\n   terraform {\n     required_providers {\n       microsoft365 = {\n         source  = \"deploymenttheory/microsoft365\"\n         version = \"~\u003e 0.12.0-alpha\"\n       }\n     }\n\n     cloud {\n       organization = \"deploymenttheory\"\n\n       workspaces {\n         name = \"terraform-demo-microsoft365-sandbox\"\n       }\n     }\n   }\n   ```\n\n   **Option B: Using workspace tags** (for multiple workspace configurations):\n\n   ```hcl\n   terraform {\n     required_providers {\n       microsoft365 = {\n         source  = \"deploymenttheory/microsoft365\"\n         version = \"~\u003e 0.12.0-alpha\"\n       }\n     }\n\n     cloud {\n       organization = \"deploymenttheory\"\n\n       workspaces {\n         tags = [\"microsoft365\"]\n       }\n     }\n   }\n   ```\n\n   - Option A lets you specify a single workspace by name\n   - Option B lets you select workspaces by tags (useful for managing multiple environments)\n\n6. **Initialize your Terraform project**:\n\n   ```bash\n   terraform init\n   ```\n\n7. **Run Terraform commands as usual**:\n\n   ```bash\n   terraform plan\n   terraform apply\n   ```\n### Setting up the Sandbox Environment Variables\n\nTo set up the sandbox environment variables, run the following script:\n\n```bash\n#!/bin/bash\n\n# Colors for better readability\nGREEN='\\033[0;32m'\nBLUE='\\033[0;34m'\nYELLOW='\\033[0;33m'\nRED='\\033[0;31m'\nNC='\\033[0m' # No Color\n\n# Function to display section headers\nsection() {\n  printf \"\\n%s=== %s ===%s\\n\" \"$BLUE\" \"$1\" \"$NC\"\n}\n\n# Function to display a variable (mask if sensitive)\nshow_var() {\n  local var_name=$1\n  local is_sensitive=${2:-false}\n  \n  if [ \"$is_sensitive\" = true ]; then\n    printf \"%s%s%s=%s********%s (masked for security)\\n\" \"$GREEN\" \"$var_name\" \"$NC\" \"$YELLOW\" \"$NC\"\n  else\n    # Use printf and parameter expansion to display the variable value\n    printf \"%s%s%s=%s%s%s\\n\" \"$GREEN\" \"$var_name\" \"$NC\" \"$YELLOW\" \"${!var_name}\" \"$NC\"\n  fi\n}\n\n# Set the Terraform Cloud API token\nexport TFE_ORG_TOKEN=\"\"\n\n# Set the terraform cloud token id for cli access with sandbox\nexport TF_TOKEN_app_terraform_io=\"\"\n\n# Set Microsoft 365 variables\nexport M365_TENANT_ID=\"\"\nexport M365_AUTH_METHOD=\"\" # or \"certificate\"\nexport M365_CLIENT_ID=\"\"\nexport M365_CLIENT_SECRET=\"\"\n# If using certificate auth\nexport M365_CLIENT_CERTIFICATE_FILE_PATH=\"/some/path/to/your/cert.key\"\nexport M365_CLIENT_CERTIFICATE_PASSWORD=\"cert_password\"\n\n# Set Azure AD environment variables for Service Principal authentication\nexport M365_CLIENT_ID=\"$M365_TENANT_ID\"\nexport M365_CLIENT_ID=\"$M365_CLIENT_ID\"\nexport M365_CLIENT_SECRET=\"$M365_CLIENT_SECRET\"\n\n# Set common variables\nexport M365_CLOUD=\"public\"\nexport TF_LOG=\"DEBUG\"\nexport M365_DEBUG_MODE=\"false\"\nexport M365_TELEMETRY_OPTOUT=\"true\"\nexport TFE_PARALLELISM=\"1\"\n\n# Display all set variables\nclear\nsection \"Terraform Cloud Authentication\"\nshow_var \"TFE_ORG_TOKEN\" true\nshow_var \"TF_TOKEN_app_terraform_io\" true\n\nsection \"Microsoft 365 Authentication Variables\"\nshow_var \"M365_TENANT_ID\" true\nshow_var \"M365_AUTH_METHOD\"\nshow_var \"M365_CLIENT_ID\" true\nshow_var \"M365_CLIENT_SECRET\" true\nshow_var \"M365_CLIENT_CERTIFICATE_FILE_PATH\" true\nshow_var \"M365_CLIENT_CERTIFICATE_PASSWORD\" true\n\nsection \"Microsoft 365 Common Variables\"\nshow_var \"M365_CLOUD\"\nshow_var \"TF_LOG\"\nshow_var \"M365_DEBUG_MODE\"\nshow_var \"M365_TELEMETRY_OPTOUT\"\nshow_var \"TFE_PARALLELISM\"\n\nsection \"Environment Variables Set Successfully\"\nprintf \"%sYou can now run Terraform commands for the sandbox environment.%s\\n\" \"$GREEN\" \"$NC\"\nprintf \"%sExample: terraform init \u0026\u0026 terraform plan%s\\n\" \"$YELLOW\" \"$NC\"\n\n# Display current directory\nprintf \"\\n%sCurrent directory:%s %s\\n\" \"$BLUE\" \"$NC\" \"$(pwd)\"\n\n# Verify Terraform Cloud token is set correctly\nif [ -n \"$TF_TOKEN_app_terraform_io\" ]; then\n  printf \"\\n%s✓ Terraform Cloud token is set%s\\n\" \"$GREEN\" \"$NC\"\nelse\n  printf \"\\n%s✗ Terraform Cloud token is NOT set%s\\n\" \"$RED\" \"$NC\"\nfi\n\n# Create/update Terraform CLI config file to ensure token is recognized\nmkdir -p ~/.terraform.d\ncat \u003e ~/.terraform.d/credentials.tfrc.json \u003c\u003c EOF\n{\n  \"credentials\": {\n    \"app.terraform.io\": {\n      \"token\": \"$TF_TOKEN_app_terraform_io\"\n    }\n  }\n}\nEOF\n\nprintf \"\\n%s✓ Terraform credentials file updated at ~/.terraform.d/credentials.tfrc.json%s\\n\" \"$GREEN\" \"$NC\"\n```\n\nThe `cloud` block is the recommended approach for new configurations with Terraform v1.1.0 and later, replacing the older `backend \"remote\"` configuration. With this setup, your state will be stored in Terraform Cloud while you can still run Terraform commands locally.\n\nBefore you begin working with this Terraform demo for Microsoft 365, you'll need to set up the required dependencies on your system.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeploymenttheory%2Fterraform-demo-microsoft365","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeploymenttheory%2Fterraform-demo-microsoft365","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeploymenttheory%2Fterraform-demo-microsoft365/lists"}