A relatively new resource to the AzureRM provider for Terraform is the Azure Active Directory B2C resource that allows you to create a B2C tenant using Terraform, but with a big catch.

Many mature DevOps shops utilize CI / CD pipelines to provision infrastructure and manage its configuration over time. This is the biggest advantage to using Terraform, without it, you might as well manually execute CLI commands and save the Bash / PowerShell script files. So its always a bit frustrating when I find a resource that appears tone deaf to this way of working with Terraform. It makes me think we are just checking checkboxes rather than helping developers be productive with the platform.

First, not a lot can be configured for your B2C tenant yet. You can really just create the tenant itself. Most properties result in a re-creation event which is very destructive. This sort of thing can be expected with new resources for key stone pieces of architecture like a B2C tenant. The core properties control the region and data residency location as well as the domain name of the tenant. You would expect most of these things would not change, well, ever. I expect more resources will be added later to allow you to control policies and the end user experience that really makes B2C shine but it does beg the question where these resources belong, in the AzureRM provider, or something else? According to the ARM REST API Documentation the only nouns that can be provisioned are the tenants themselves.

When I changed to login interactively I got this error. I have seen this before with resources like API Management

Alt