Dan Kershaw [MSFT]

Can we get this fixed ASAP? We're looking to use this editor and it's great - but this is a real blocker for us to adopt the extension. It looks...

This is pretty critical for us as Graph has many nested/child resources, and we want the same Bicep authoring experience as other types.

Just to recap - **capabilities and limitations for private preview**: - Bicep types for: - Group, group membership, group ownership - Application - ServicePrincipal - Oauth2PermissionGrant and AppRoleAssignment - Bicep...

Here's a very simple example: 

What permission scope and update are you trying? We recently made a change such that Directory.ReadWrite no longer allows resetting of user passwords. Is this what you are hitting?

Folks, [Global/tenant/company administrator are all the same thing.] We removed a very privileged operation (resetting users passwords) from the Directory.ReadWrite.All app-only and delegated permissions, with the intent to provide an...

Thanks for your honest feedback. I totally understand your concerns, especially around any changes to existing permissions capabilities. Functions like adding and removing members from a group will not be...

@dansan There has been no change in the permission as described here: https://msdn.microsoft.com/en-us/Library/Azure/Ad/Graph/howto/azure-ad-graph-api-permission-scopes (see Directory.ReadWrite.All details). This permission has never allowed deleting users or groups. Unfortunately, until we expose more...

@Matthewsre - sorry for the late response. Is this still a problem, or is this working now?

We do sync this property from on premises, but it's not exposed today on the user entity. Is this something you need?