pulumi-azuread 5.48.0a1706744699__py3-none-any.whl → 6.8.0a1766208344__py3-none-any.whl

pulumi_azuread/application.py

@@ -1,12 +1,17 @@
 # coding=utf-8
-# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import copy
+import builtins as _builtins
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 from . import outputs
 from ._inputs import *
@@ -16,69 +21,73 @@ __all__ = ['ApplicationArgs', 'Application']
 @pulumi.input_type
 class ApplicationArgs:
     def __init__(__self__, *,
-                 display_name: pulumi.Input[str],
+                 display_name: pulumi.Input[_builtins.str],
                  api: Optional[pulumi.Input['ApplicationApiArgs']] = None,
                  app_roles: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 device_only_auth_enabled: Optional[pulumi.Input[bool]] = None,
-                 fallback_public_client_enabled: Optional[pulumi.Input[bool]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 device_only_auth_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 fallback_public_client_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
                  feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]]] = None,
-                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 logo_image: Optional[pulumi.Input[str]] = None,
-                 marketing_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 oauth2_post_response_required: Optional[pulumi.Input[bool]] = None,
+                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 logo_image: Optional[pulumi.Input[_builtins.str]] = None,
+                 marketing_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 oauth2_post_response_required: Optional[pulumi.Input[_builtins.bool]] = None,
                  optional_claims: Optional[pulumi.Input['ApplicationOptionalClaimsArgs']] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 prevent_duplicate_names: Optional[pulumi.Input[bool]] = None,
-                 privacy_statement_url: Optional[pulumi.Input[str]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password: Optional[pulumi.Input['ApplicationPasswordArgs']] = None,
+                 prevent_duplicate_names: Optional[pulumi.Input[_builtins.bool]] = None,
+                 privacy_statement_url: Optional[pulumi.Input[_builtins.str]] = None,
                  public_client: Optional[pulumi.Input['ApplicationPublicClientArgs']] = None,
                  required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]]] = None,
-                 service_management_reference: Optional[pulumi.Input[str]] = None,
-                 sign_in_audience: Optional[pulumi.Input[str]] = None,
+                 service_management_reference: Optional[pulumi.Input[_builtins.str]] = None,
+                 sign_in_audience: Optional[pulumi.Input[_builtins.str]] = None,
                  single_page_application: Optional[pulumi.Input['ApplicationSinglePageApplicationArgs']] = None,
-                 support_url: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 template_id: Optional[pulumi.Input[str]] = None,
-                 terms_of_service_url: Optional[pulumi.Input[str]] = None,
+                 support_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 template_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 terms_of_service_url: Optional[pulumi.Input[_builtins.str]] = None,
                  web: Optional[pulumi.Input['ApplicationWebArgs']] = None):
         """
         The set of arguments for constructing a Application resource.
-        :param pulumi.Input[str] display_name: The display name for the application.
+        :param pulumi.Input[_builtins.str] display_name: The display name for the application.
         :param pulumi.Input['ApplicationApiArgs'] api: An `api` block as documented below, which configures API related settings for this application.
         :param pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]] app_roles: A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
-        :param pulumi.Input[str] description: A description of the application, as shown to end users.
-        :param pulumi.Input[bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
-        :param pulumi.Input[bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] description: A description of the application, as shown to end users.
+        :param pulumi.Input[_builtins.bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
+        :param pulumi.Input[_builtins.bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                
                > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
-        :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
-        :param pulumi.Input[str] marketing_url: URL of the application's marketing page.
-        :param pulumi.Input[str] notes: User-specified notes relevant for the management of the application.
-        :param pulumi.Input[bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
+        :param pulumi.Input[_builtins.str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
+        :param pulumi.Input[_builtins.str] marketing_url: URL of the application's marketing page.
+        :param pulumi.Input[_builtins.str] notes: User-specified notes relevant for the management of the application.
+        :param pulumi.Input[_builtins.bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
         :param pulumi.Input['ApplicationOptionalClaimsArgs'] optional_claims: An `optional_claims` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the application
-        :param pulumi.Input[bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
-        :param pulumi.Input[str] privacy_statement_url: URL of the application's privacy statement.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the application
+        :param pulumi.Input['ApplicationPasswordArgs'] password: A single `password` block as documented below. The password is generated during creation. By default, no password is generated.
+               
+               > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource.
+        :param pulumi.Input[_builtins.bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] privacy_statement_url: URL of the application's privacy statement.
         :param pulumi.Input['ApplicationPublicClientArgs'] public_client: A `public_client` block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
         :param pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]] required_resource_accesses: A collection of `required_resource_access` blocks as documented below.
-        :param pulumi.Input[str] service_management_reference: References application context information from a Service or Asset Management database.
-        :param pulumi.Input[str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
+        :param pulumi.Input[_builtins.str] service_management_reference: References application context information from a Service or Asset Management database.
+        :param pulumi.Input[_builtins.str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
                
                > **Changing `sign_in_audience` for existing applications** When updating an existing application to use a `sign_in_audience` value of `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`, your configuration may no longer be valid. Refer to [official documentation](https://docs.microsoft.com/en-gb/azure/active-directory/develop/supported-accounts-validation) to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.
         :param pulumi.Input['ApplicationSinglePageApplicationArgs'] single_page_application: A `single_page_application` block as documented below, which configures single-page application (SPA) related settings for this application.
-        :param pulumi.Input[str] support_url: URL of the application's support page.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[_builtins.str] support_url: URL of the application's support page.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
                
                > **Tip for Gallery Applications** This resource can  be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the ApplicationRegistration resource instead.
-        :param pulumi.Input[str] terms_of_service_url: URL of the application's terms of service statement.
+        :param pulumi.Input[_builtins.str] terms_of_service_url: URL of the application's terms of service statement.
         :param pulumi.Input['ApplicationWebArgs'] web: A `web` block as documented below, which configures web related settings for this application.
                
                > **Application Name Uniqueness** Application names are not unique within Azure Active Directory. Use the `prevent_duplicate_names` argument to check for existing applications if you want to avoid name collisions.
@@ -112,6 +121,8 @@ class ApplicationArgs:
             pulumi.set(__self__, "optional_claims", optional_claims)
         if owners is not None:
             pulumi.set(__self__, "owners", owners)
+        if password is not None:
+            pulumi.set(__self__, "password", password)
         if prevent_duplicate_names is not None:
             pulumi.set(__self__, "prevent_duplicate_names", prevent_duplicate_names)
         if privacy_statement_url is not None:
@@ -137,19 +148,19 @@ class ApplicationArgs:
         if web is not None:
             pulumi.set(__self__, "web", web)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> pulumi.Input[str]:
+    def display_name(self) -> pulumi.Input[_builtins.str]:
         """
         The display name for the application.
         """
         return pulumi.get(self, "display_name")
 
     @display_name.setter
-    def display_name(self, value: pulumi.Input[str]):
+    def display_name(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "display_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def api(self) -> Optional[pulumi.Input['ApplicationApiArgs']]:
         """
@@ -161,7 +172,7 @@ class ApplicationArgs:
     def api(self, value: Optional[pulumi.Input['ApplicationApiArgs']]):
         pulumi.set(self, "api", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoles")
     def app_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]]]:
         """
@@ -173,43 +184,43 @@ class ApplicationArgs:
     def app_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]]]):
         pulumi.set(self, "app_roles", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A description of the application, as shown to end users.
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="deviceOnlyAuthEnabled")
-    def device_only_auth_enabled(self) -> Optional[pulumi.Input[bool]]:
+    def device_only_auth_enabled(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether this application supports device authentication without a user. Defaults to `false`.
         """
         return pulumi.get(self, "device_only_auth_enabled")
 
     @device_only_auth_enabled.setter
-    def device_only_auth_enabled(self, value: Optional[pulumi.Input[bool]]):
+    def device_only_auth_enabled(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "device_only_auth_enabled", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="fallbackPublicClientEnabled")
-    def fallback_public_client_enabled(self) -> Optional[pulumi.Input[bool]]:
+    def fallback_public_client_enabled(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
         """
         return pulumi.get(self, "fallback_public_client_enabled")
 
     @fallback_public_client_enabled.setter
-    def fallback_public_client_enabled(self, value: Optional[pulumi.Input[bool]]):
+    def fallback_public_client_enabled(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "fallback_public_client_enabled", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="featureTags")
     def feature_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]]]:
         """
@@ -223,79 +234,79 @@ class ApplicationArgs:
     def feature_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]]]):
         pulumi.set(self, "feature_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="groupMembershipClaims")
-    def group_membership_claims(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def group_membership_claims(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
-        Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
+        A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
         """
         return pulumi.get(self, "group_membership_claims")
 
     @group_membership_claims.setter
-    def group_membership_claims(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def group_membership_claims(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "group_membership_claims", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="identifierUris")
-    def identifier_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def identifier_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
         """
         return pulumi.get(self, "identifier_uris")
 
     @identifier_uris.setter
-    def identifier_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def identifier_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "identifier_uris", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="logoImage")
-    def logo_image(self) -> Optional[pulumi.Input[str]]:
+    def logo_image(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
         """
         return pulumi.get(self, "logo_image")
 
     @logo_image.setter
-    def logo_image(self, value: Optional[pulumi.Input[str]]):
+    def logo_image(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "logo_image", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="marketingUrl")
-    def marketing_url(self) -> Optional[pulumi.Input[str]]:
+    def marketing_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's marketing page.
         """
         return pulumi.get(self, "marketing_url")
 
     @marketing_url.setter
-    def marketing_url(self, value: Optional[pulumi.Input[str]]):
+    def marketing_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "marketing_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def notes(self) -> Optional[pulumi.Input[str]]:
+    def notes(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         User-specified notes relevant for the management of the application.
         """
         return pulumi.get(self, "notes")
 
     @notes.setter
-    def notes(self, value: Optional[pulumi.Input[str]]):
+    def notes(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "notes", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PostResponseRequired")
-    def oauth2_post_response_required(self) -> Optional[pulumi.Input[bool]]:
+    def oauth2_post_response_required(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
         """
         return pulumi.get(self, "oauth2_post_response_required")
 
     @oauth2_post_response_required.setter
-    def oauth2_post_response_required(self, value: Optional[pulumi.Input[bool]]):
+    def oauth2_post_response_required(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "oauth2_post_response_required", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="optionalClaims")
     def optional_claims(self) -> Optional[pulumi.Input['ApplicationOptionalClaimsArgs']]:
         """
@@ -307,43 +318,57 @@ class ApplicationArgs:
     def optional_claims(self, value: Optional[pulumi.Input['ApplicationOptionalClaimsArgs']]):
         pulumi.set(self, "optional_claims", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of object IDs of principals that will be granted ownership of the application
         """
         return pulumi.get(self, "owners")
 
     @owners.setter
-    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "owners", value)
 
-    @property
+    @_builtins.property
+    @pulumi.getter
+    def password(self) -> Optional[pulumi.Input['ApplicationPasswordArgs']]:
+        """
+        A single `password` block as documented below. The password is generated during creation. By default, no password is generated.
+
+        > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource.
+        """
+        return pulumi.get(self, "password")
+
+    @password.setter
+    def password(self, value: Optional[pulumi.Input['ApplicationPasswordArgs']]):
+        pulumi.set(self, "password", value)
+
+    @_builtins.property
     @pulumi.getter(name="preventDuplicateNames")
-    def prevent_duplicate_names(self) -> Optional[pulumi.Input[bool]]:
+    def prevent_duplicate_names(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
         """
         return pulumi.get(self, "prevent_duplicate_names")
 
     @prevent_duplicate_names.setter
-    def prevent_duplicate_names(self, value: Optional[pulumi.Input[bool]]):
+    def prevent_duplicate_names(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "prevent_duplicate_names", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="privacyStatementUrl")
-    def privacy_statement_url(self) -> Optional[pulumi.Input[str]]:
+    def privacy_statement_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's privacy statement.
         """
         return pulumi.get(self, "privacy_statement_url")
 
     @privacy_statement_url.setter
-    def privacy_statement_url(self, value: Optional[pulumi.Input[str]]):
+    def privacy_statement_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "privacy_statement_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="publicClient")
     def public_client(self) -> Optional[pulumi.Input['ApplicationPublicClientArgs']]:
         """
@@ -355,7 +380,7 @@ class ApplicationArgs:
     def public_client(self, value: Optional[pulumi.Input['ApplicationPublicClientArgs']]):
         pulumi.set(self, "public_client", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requiredResourceAccesses")
     def required_resource_accesses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]]]:
         """
@@ -367,21 +392,21 @@ class ApplicationArgs:
     def required_resource_accesses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]]]):
         pulumi.set(self, "required_resource_accesses", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serviceManagementReference")
-    def service_management_reference(self) -> Optional[pulumi.Input[str]]:
+    def service_management_reference(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         References application context information from a Service or Asset Management database.
         """
         return pulumi.get(self, "service_management_reference")
 
     @service_management_reference.setter
-    def service_management_reference(self, value: Optional[pulumi.Input[str]]):
+    def service_management_reference(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "service_management_reference", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="signInAudience")
-    def sign_in_audience(self) -> Optional[pulumi.Input[str]]:
+    def sign_in_audience(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
 
@@ -390,10 +415,10 @@ class ApplicationArgs:
         return pulumi.get(self, "sign_in_audience")
 
     @sign_in_audience.setter
-    def sign_in_audience(self, value: Optional[pulumi.Input[str]]):
+    def sign_in_audience(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "sign_in_audience", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="singlePageApplication")
     def single_page_application(self) -> Optional[pulumi.Input['ApplicationSinglePageApplicationArgs']]:
         """
@@ -405,21 +430,21 @@ class ApplicationArgs:
     def single_page_application(self, value: Optional[pulumi.Input['ApplicationSinglePageApplicationArgs']]):
         pulumi.set(self, "single_page_application", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportUrl")
-    def support_url(self) -> Optional[pulumi.Input[str]]:
+    def support_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's support page.
         """
         return pulumi.get(self, "support_url")
 
     @support_url.setter
-    def support_url(self, value: Optional[pulumi.Input[str]]):
+    def support_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "support_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
 
@@ -428,12 +453,12 @@ class ApplicationArgs:
         return pulumi.get(self, "tags")
 
     @tags.setter
-    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="templateId")
-    def template_id(self) -> Optional[pulumi.Input[str]]:
+    def template_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
 
@@ -442,22 +467,22 @@ class ApplicationArgs:
         return pulumi.get(self, "template_id")
 
     @template_id.setter
-    def template_id(self, value: Optional[pulumi.Input[str]]):
+    def template_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "template_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="termsOfServiceUrl")
-    def terms_of_service_url(self) -> Optional[pulumi.Input[str]]:
+    def terms_of_service_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's terms of service statement.
         """
         return pulumi.get(self, "terms_of_service_url")
 
     @terms_of_service_url.setter
-    def terms_of_service_url(self, value: Optional[pulumi.Input[str]]):
+    def terms_of_service_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "terms_of_service_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def web(self) -> Optional[pulumi.Input['ApplicationWebArgs']]:
         """
@@ -476,84 +501,86 @@ class ApplicationArgs:
 class _ApplicationState:
     def __init__(__self__, *,
                  api: Optional[pulumi.Input['ApplicationApiArgs']] = None,
-                 app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
                  app_roles: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]]] = None,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 device_only_auth_enabled: Optional[pulumi.Input[bool]] = None,
-                 disabled_by_microsoft: Optional[pulumi.Input[str]] = None,
-                 display_name: Optional[pulumi.Input[str]] = None,
-                 fallback_public_client_enabled: Optional[pulumi.Input[bool]] = None,
+                 client_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 device_only_auth_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disabled_by_microsoft: Optional[pulumi.Input[_builtins.str]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 fallback_public_client_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
                  feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]]] = None,
-                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 logo_image: Optional[pulumi.Input[str]] = None,
-                 logo_url: Optional[pulumi.Input[str]] = None,
-                 marketing_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 oauth2_post_response_required: Optional[pulumi.Input[bool]] = None,
-                 object_id: Optional[pulumi.Input[str]] = None,
+                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 logo_image: Optional[pulumi.Input[_builtins.str]] = None,
+                 logo_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 marketing_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 oauth2_post_response_required: Optional[pulumi.Input[_builtins.bool]] = None,
+                 object_id: Optional[pulumi.Input[_builtins.str]] = None,
                  optional_claims: Optional[pulumi.Input['ApplicationOptionalClaimsArgs']] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 prevent_duplicate_names: Optional[pulumi.Input[bool]] = None,
-                 privacy_statement_url: Optional[pulumi.Input[str]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password: Optional[pulumi.Input['ApplicationPasswordArgs']] = None,
+                 prevent_duplicate_names: Optional[pulumi.Input[_builtins.bool]] = None,
+                 privacy_statement_url: Optional[pulumi.Input[_builtins.str]] = None,
                  public_client: Optional[pulumi.Input['ApplicationPublicClientArgs']] = None,
-                 publisher_domain: Optional[pulumi.Input[str]] = None,
+                 publisher_domain: Optional[pulumi.Input[_builtins.str]] = None,
                  required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]]] = None,
-                 service_management_reference: Optional[pulumi.Input[str]] = None,
-                 sign_in_audience: Optional[pulumi.Input[str]] = None,
+                 service_management_reference: Optional[pulumi.Input[_builtins.str]] = None,
+                 sign_in_audience: Optional[pulumi.Input[_builtins.str]] = None,
                  single_page_application: Optional[pulumi.Input['ApplicationSinglePageApplicationArgs']] = None,
-                 support_url: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 template_id: Optional[pulumi.Input[str]] = None,
-                 terms_of_service_url: Optional[pulumi.Input[str]] = None,
+                 support_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 template_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 terms_of_service_url: Optional[pulumi.Input[_builtins.str]] = None,
                  web: Optional[pulumi.Input['ApplicationWebArgs']] = None):
         """
         Input properties used for looking up and filtering Application resources.
         :param pulumi.Input['ApplicationApiArgs'] api: An `api` block as documented below, which configures API related settings for this application.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] app_role_ids: A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] app_role_ids: A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
         :param pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]] app_roles: A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
-        :param pulumi.Input[str] application_id: The Application ID (also called Client ID)
-        :param pulumi.Input[str] client_id: The Client ID for the application.
-        :param pulumi.Input[str] description: A description of the application, as shown to end users.
-        :param pulumi.Input[bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
-        :param pulumi.Input[str] disabled_by_microsoft: Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`
-        :param pulumi.Input[str] display_name: The display name for the application.
-        :param pulumi.Input[bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] client_id: The Client ID for the application.
+        :param pulumi.Input[_builtins.str] description: A description of the application, as shown to end users.
+        :param pulumi.Input[_builtins.bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] disabled_by_microsoft: Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`
+        :param pulumi.Input[_builtins.str] display_name: The display name for the application.
+        :param pulumi.Input[_builtins.bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                
                > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
-        :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
-        :param pulumi.Input[str] logo_url: CDN URL to the application's logo, as uploaded with the `logo_image` property.
-        :param pulumi.Input[str] marketing_url: URL of the application's marketing page.
-        :param pulumi.Input[str] notes: User-specified notes relevant for the management of the application.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
-        :param pulumi.Input[bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
-        :param pulumi.Input[str] object_id: The application's object ID.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
+        :param pulumi.Input[_builtins.str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
+        :param pulumi.Input[_builtins.str] logo_url: CDN URL to the application's logo, as uploaded with the `logo_image` property.
+        :param pulumi.Input[_builtins.str] marketing_url: URL of the application's marketing page.
+        :param pulumi.Input[_builtins.str] notes: User-specified notes relevant for the management of the application.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
+        :param pulumi.Input[_builtins.bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
+        :param pulumi.Input[_builtins.str] object_id: The application's object ID.
         :param pulumi.Input['ApplicationOptionalClaimsArgs'] optional_claims: An `optional_claims` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the application
-        :param pulumi.Input[bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
-        :param pulumi.Input[str] privacy_statement_url: URL of the application's privacy statement.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the application
+        :param pulumi.Input['ApplicationPasswordArgs'] password: A single `password` block as documented below. The password is generated during creation. By default, no password is generated.
+               
+               > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource.
+        :param pulumi.Input[_builtins.bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] privacy_statement_url: URL of the application's privacy statement.
         :param pulumi.Input['ApplicationPublicClientArgs'] public_client: A `public_client` block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
-        :param pulumi.Input[str] publisher_domain: The verified publisher domain for the application.
+        :param pulumi.Input[_builtins.str] publisher_domain: The verified publisher domain for the application.
         :param pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]] required_resource_accesses: A collection of `required_resource_access` blocks as documented below.
-        :param pulumi.Input[str] service_management_reference: References application context information from a Service or Asset Management database.
-        :param pulumi.Input[str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
+        :param pulumi.Input[_builtins.str] service_management_reference: References application context information from a Service or Asset Management database.
+        :param pulumi.Input[_builtins.str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
                
                > **Changing `sign_in_audience` for existing applications** When updating an existing application to use a `sign_in_audience` value of `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`, your configuration may no longer be valid. Refer to [official documentation](https://docs.microsoft.com/en-gb/azure/active-directory/develop/supported-accounts-validation) to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.
         :param pulumi.Input['ApplicationSinglePageApplicationArgs'] single_page_application: A `single_page_application` block as documented below, which configures single-page application (SPA) related settings for this application.
-        :param pulumi.Input[str] support_url: URL of the application's support page.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[_builtins.str] support_url: URL of the application's support page.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
                
                > **Tip for Gallery Applications** This resource can  be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the ApplicationRegistration resource instead.
-        :param pulumi.Input[str] terms_of_service_url: URL of the application's terms of service statement.
+        :param pulumi.Input[_builtins.str] terms_of_service_url: URL of the application's terms of service statement.
         :param pulumi.Input['ApplicationWebArgs'] web: A `web` block as documented below, which configures web related settings for this application.
                
                > **Application Name Uniqueness** Application names are not unique within Azure Active Directory. Use the `prevent_duplicate_names` argument to check for existing applications if you want to avoid name collisions.
@@ -564,11 +591,6 @@ class _ApplicationState:
             pulumi.set(__self__, "app_role_ids", app_role_ids)
         if app_roles is not None:
             pulumi.set(__self__, "app_roles", app_roles)
-        if application_id is not None:
-            warnings.warn("""The `application_id` attribute has been replaced by the `client_id` attribute and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-            pulumi.log.warn("""application_id is deprecated: The `application_id` attribute has been replaced by the `client_id` attribute and will be removed in version 3.0 of the AzureAD provider""")
-        if application_id is not None:
-            pulumi.set(__self__, "application_id", application_id)
         if client_id is not None:
             pulumi.set(__self__, "client_id", client_id)
         if description is not None:
@@ -605,6 +627,8 @@ class _ApplicationState:
             pulumi.set(__self__, "optional_claims", optional_claims)
         if owners is not None:
             pulumi.set(__self__, "owners", owners)
+        if password is not None:
+            pulumi.set(__self__, "password", password)
         if prevent_duplicate_names is not None:
             pulumi.set(__self__, "prevent_duplicate_names", prevent_duplicate_names)
         if privacy_statement_url is not None:
@@ -632,7 +656,7 @@ class _ApplicationState:
         if web is not None:
             pulumi.set(__self__, "web", web)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def api(self) -> Optional[pulumi.Input['ApplicationApiArgs']]:
         """
@@ -644,19 +668,19 @@ class _ApplicationState:
     def api(self, value: Optional[pulumi.Input['ApplicationApiArgs']]):
         pulumi.set(self, "api", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoleIds")
-    def app_role_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def app_role_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
         """
         return pulumi.get(self, "app_role_ids")
 
     @app_role_ids.setter
-    def app_role_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def app_role_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "app_role_ids", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoles")
     def app_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]]]:
         """
@@ -668,94 +692,79 @@ class _ApplicationState:
     def app_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationAppRoleArgs']]]]):
         pulumi.set(self, "app_roles", value)
 
-    @property
-    @pulumi.getter(name="applicationId")
-    def application_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        The Application ID (also called Client ID)
-        """
-        warnings.warn("""The `application_id` attribute has been replaced by the `client_id` attribute and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_id is deprecated: The `application_id` attribute has been replaced by the `client_id` attribute and will be removed in version 3.0 of the AzureAD provider""")
-
-        return pulumi.get(self, "application_id")
-
-    @application_id.setter
-    def application_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "application_id", value)
-
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientId")
-    def client_id(self) -> Optional[pulumi.Input[str]]:
+    def client_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The Client ID for the application.
         """
         return pulumi.get(self, "client_id")
 
     @client_id.setter
-    def client_id(self, value: Optional[pulumi.Input[str]]):
+    def client_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "client_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A description of the application, as shown to end users.
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="deviceOnlyAuthEnabled")
-    def device_only_auth_enabled(self) -> Optional[pulumi.Input[bool]]:
+    def device_only_auth_enabled(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether this application supports device authentication without a user. Defaults to `false`.
         """
         return pulumi.get(self, "device_only_auth_enabled")
 
     @device_only_auth_enabled.setter
-    def device_only_auth_enabled(self, value: Optional[pulumi.Input[bool]]):
+    def device_only_auth_enabled(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "device_only_auth_enabled", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disabledByMicrosoft")
-    def disabled_by_microsoft(self) -> Optional[pulumi.Input[str]]:
+    def disabled_by_microsoft(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`
         """
         return pulumi.get(self, "disabled_by_microsoft")
 
     @disabled_by_microsoft.setter
-    def disabled_by_microsoft(self, value: Optional[pulumi.Input[str]]):
+    def disabled_by_microsoft(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "disabled_by_microsoft", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> Optional[pulumi.Input[str]]:
+    def display_name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The display name for the application.
         """
         return pulumi.get(self, "display_name")
 
     @display_name.setter
-    def display_name(self, value: Optional[pulumi.Input[str]]):
+    def display_name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "display_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="fallbackPublicClientEnabled")
-    def fallback_public_client_enabled(self) -> Optional[pulumi.Input[bool]]:
+    def fallback_public_client_enabled(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
         """
         return pulumi.get(self, "fallback_public_client_enabled")
 
     @fallback_public_client_enabled.setter
-    def fallback_public_client_enabled(self, value: Optional[pulumi.Input[bool]]):
+    def fallback_public_client_enabled(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "fallback_public_client_enabled", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="featureTags")
     def feature_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]]]:
         """
@@ -769,115 +778,115 @@ class _ApplicationState:
     def feature_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]]]):
         pulumi.set(self, "feature_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="groupMembershipClaims")
-    def group_membership_claims(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def group_membership_claims(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
-        Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
+        A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
         """
         return pulumi.get(self, "group_membership_claims")
 
     @group_membership_claims.setter
-    def group_membership_claims(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def group_membership_claims(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "group_membership_claims", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="identifierUris")
-    def identifier_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def identifier_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
         """
         return pulumi.get(self, "identifier_uris")
 
     @identifier_uris.setter
-    def identifier_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def identifier_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "identifier_uris", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="logoImage")
-    def logo_image(self) -> Optional[pulumi.Input[str]]:
+    def logo_image(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
         """
         return pulumi.get(self, "logo_image")
 
     @logo_image.setter
-    def logo_image(self, value: Optional[pulumi.Input[str]]):
+    def logo_image(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "logo_image", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="logoUrl")
-    def logo_url(self) -> Optional[pulumi.Input[str]]:
+    def logo_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         CDN URL to the application's logo, as uploaded with the `logo_image` property.
         """
         return pulumi.get(self, "logo_url")
 
     @logo_url.setter
-    def logo_url(self, value: Optional[pulumi.Input[str]]):
+    def logo_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "logo_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="marketingUrl")
-    def marketing_url(self) -> Optional[pulumi.Input[str]]:
+    def marketing_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's marketing page.
         """
         return pulumi.get(self, "marketing_url")
 
     @marketing_url.setter
-    def marketing_url(self, value: Optional[pulumi.Input[str]]):
+    def marketing_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "marketing_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def notes(self) -> Optional[pulumi.Input[str]]:
+    def notes(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         User-specified notes relevant for the management of the application.
         """
         return pulumi.get(self, "notes")
 
     @notes.setter
-    def notes(self, value: Optional[pulumi.Input[str]]):
+    def notes(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "notes", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PermissionScopeIds")
-    def oauth2_permission_scope_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def oauth2_permission_scope_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
         """
         return pulumi.get(self, "oauth2_permission_scope_ids")
 
     @oauth2_permission_scope_ids.setter
-    def oauth2_permission_scope_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def oauth2_permission_scope_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "oauth2_permission_scope_ids", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PostResponseRequired")
-    def oauth2_post_response_required(self) -> Optional[pulumi.Input[bool]]:
+    def oauth2_post_response_required(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
         """
         return pulumi.get(self, "oauth2_post_response_required")
 
     @oauth2_post_response_required.setter
-    def oauth2_post_response_required(self, value: Optional[pulumi.Input[bool]]):
+    def oauth2_post_response_required(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "oauth2_post_response_required", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="objectId")
-    def object_id(self) -> Optional[pulumi.Input[str]]:
+    def object_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The application's object ID.
         """
         return pulumi.get(self, "object_id")
 
     @object_id.setter
-    def object_id(self, value: Optional[pulumi.Input[str]]):
+    def object_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "object_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="optionalClaims")
     def optional_claims(self) -> Optional[pulumi.Input['ApplicationOptionalClaimsArgs']]:
         """
@@ -889,43 +898,57 @@ class _ApplicationState:
     def optional_claims(self, value: Optional[pulumi.Input['ApplicationOptionalClaimsArgs']]):
         pulumi.set(self, "optional_claims", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of object IDs of principals that will be granted ownership of the application
         """
         return pulumi.get(self, "owners")
 
     @owners.setter
-    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "owners", value)
 
-    @property
+    @_builtins.property
+    @pulumi.getter
+    def password(self) -> Optional[pulumi.Input['ApplicationPasswordArgs']]:
+        """
+        A single `password` block as documented below. The password is generated during creation. By default, no password is generated.
+
+        > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource.
+        """
+        return pulumi.get(self, "password")
+
+    @password.setter
+    def password(self, value: Optional[pulumi.Input['ApplicationPasswordArgs']]):
+        pulumi.set(self, "password", value)
+
+    @_builtins.property
     @pulumi.getter(name="preventDuplicateNames")
-    def prevent_duplicate_names(self) -> Optional[pulumi.Input[bool]]:
+    def prevent_duplicate_names(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
         """
         return pulumi.get(self, "prevent_duplicate_names")
 
     @prevent_duplicate_names.setter
-    def prevent_duplicate_names(self, value: Optional[pulumi.Input[bool]]):
+    def prevent_duplicate_names(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "prevent_duplicate_names", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="privacyStatementUrl")
-    def privacy_statement_url(self) -> Optional[pulumi.Input[str]]:
+    def privacy_statement_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's privacy statement.
         """
         return pulumi.get(self, "privacy_statement_url")
 
     @privacy_statement_url.setter
-    def privacy_statement_url(self, value: Optional[pulumi.Input[str]]):
+    def privacy_statement_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "privacy_statement_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="publicClient")
     def public_client(self) -> Optional[pulumi.Input['ApplicationPublicClientArgs']]:
         """
@@ -937,19 +960,19 @@ class _ApplicationState:
     def public_client(self, value: Optional[pulumi.Input['ApplicationPublicClientArgs']]):
         pulumi.set(self, "public_client", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="publisherDomain")
-    def publisher_domain(self) -> Optional[pulumi.Input[str]]:
+    def publisher_domain(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The verified publisher domain for the application.
         """
         return pulumi.get(self, "publisher_domain")
 
     @publisher_domain.setter
-    def publisher_domain(self, value: Optional[pulumi.Input[str]]):
+    def publisher_domain(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "publisher_domain", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requiredResourceAccesses")
     def required_resource_accesses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]]]:
         """
@@ -961,21 +984,21 @@ class _ApplicationState:
     def required_resource_accesses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationRequiredResourceAccessArgs']]]]):
         pulumi.set(self, "required_resource_accesses", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serviceManagementReference")
-    def service_management_reference(self) -> Optional[pulumi.Input[str]]:
+    def service_management_reference(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         References application context information from a Service or Asset Management database.
         """
         return pulumi.get(self, "service_management_reference")
 
     @service_management_reference.setter
-    def service_management_reference(self, value: Optional[pulumi.Input[str]]):
+    def service_management_reference(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "service_management_reference", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="signInAudience")
-    def sign_in_audience(self) -> Optional[pulumi.Input[str]]:
+    def sign_in_audience(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
 
@@ -984,10 +1007,10 @@ class _ApplicationState:
         return pulumi.get(self, "sign_in_audience")
 
     @sign_in_audience.setter
-    def sign_in_audience(self, value: Optional[pulumi.Input[str]]):
+    def sign_in_audience(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "sign_in_audience", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="singlePageApplication")
     def single_page_application(self) -> Optional[pulumi.Input['ApplicationSinglePageApplicationArgs']]:
         """
@@ -999,21 +1022,21 @@ class _ApplicationState:
     def single_page_application(self, value: Optional[pulumi.Input['ApplicationSinglePageApplicationArgs']]):
         pulumi.set(self, "single_page_application", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportUrl")
-    def support_url(self) -> Optional[pulumi.Input[str]]:
+    def support_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's support page.
         """
         return pulumi.get(self, "support_url")
 
     @support_url.setter
-    def support_url(self, value: Optional[pulumi.Input[str]]):
+    def support_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "support_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
 
@@ -1022,12 +1045,12 @@ class _ApplicationState:
         return pulumi.get(self, "tags")
 
     @tags.setter
-    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="templateId")
-    def template_id(self) -> Optional[pulumi.Input[str]]:
+    def template_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
 
@@ -1036,22 +1059,22 @@ class _ApplicationState:
         return pulumi.get(self, "template_id")
 
     @template_id.setter
-    def template_id(self, value: Optional[pulumi.Input[str]]):
+    def template_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "template_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="termsOfServiceUrl")
-    def terms_of_service_url(self) -> Optional[pulumi.Input[str]]:
+    def terms_of_service_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         URL of the application's terms of service statement.
         """
         return pulumi.get(self, "terms_of_service_url")
 
     @terms_of_service_url.setter
-    def terms_of_service_url(self, value: Optional[pulumi.Input[str]]):
+    def terms_of_service_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "terms_of_service_url", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def web(self) -> Optional[pulumi.Input['ApplicationWebArgs']]:
         """
@@ -1066,38 +1089,40 @@ class _ApplicationState:
         pulumi.set(self, "web", value)
 
 
+@pulumi.type_token("azuread:index/application:Application")
 class Application(pulumi.CustomResource):
     @overload
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 api: Optional[pulumi.Input[pulumi.InputType['ApplicationApiArgs']]] = None,
-                 app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationAppRoleArgs']]]]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 device_only_auth_enabled: Optional[pulumi.Input[bool]] = None,
-                 display_name: Optional[pulumi.Input[str]] = None,
-                 fallback_public_client_enabled: Optional[pulumi.Input[bool]] = None,
-                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationFeatureTagArgs']]]]] = None,
-                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 logo_image: Optional[pulumi.Input[str]] = None,
-                 marketing_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 oauth2_post_response_required: Optional[pulumi.Input[bool]] = None,
-                 optional_claims: Optional[pulumi.Input[pulumi.InputType['ApplicationOptionalClaimsArgs']]] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 prevent_duplicate_names: Optional[pulumi.Input[bool]] = None,
-                 privacy_statement_url: Optional[pulumi.Input[str]] = None,
-                 public_client: Optional[pulumi.Input[pulumi.InputType['ApplicationPublicClientArgs']]] = None,
-                 required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationRequiredResourceAccessArgs']]]]] = None,
-                 service_management_reference: Optional[pulumi.Input[str]] = None,
-                 sign_in_audience: Optional[pulumi.Input[str]] = None,
-                 single_page_application: Optional[pulumi.Input[pulumi.InputType['ApplicationSinglePageApplicationArgs']]] = None,
-                 support_url: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 template_id: Optional[pulumi.Input[str]] = None,
-                 terms_of_service_url: Optional[pulumi.Input[str]] = None,
-                 web: Optional[pulumi.Input[pulumi.InputType['ApplicationWebArgs']]] = None,
+                 api: Optional[pulumi.Input[Union['ApplicationApiArgs', 'ApplicationApiArgsDict']]] = None,
+                 app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationAppRoleArgs', 'ApplicationAppRoleArgsDict']]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 device_only_auth_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 fallback_public_client_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationFeatureTagArgs', 'ApplicationFeatureTagArgsDict']]]]] = None,
+                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 logo_image: Optional[pulumi.Input[_builtins.str]] = None,
+                 marketing_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 oauth2_post_response_required: Optional[pulumi.Input[_builtins.bool]] = None,
+                 optional_claims: Optional[pulumi.Input[Union['ApplicationOptionalClaimsArgs', 'ApplicationOptionalClaimsArgsDict']]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password: Optional[pulumi.Input[Union['ApplicationPasswordArgs', 'ApplicationPasswordArgsDict']]] = None,
+                 prevent_duplicate_names: Optional[pulumi.Input[_builtins.bool]] = None,
+                 privacy_statement_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 public_client: Optional[pulumi.Input[Union['ApplicationPublicClientArgs', 'ApplicationPublicClientArgsDict']]] = None,
+                 required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationRequiredResourceAccessArgs', 'ApplicationRequiredResourceAccessArgsDict']]]]] = None,
+                 service_management_reference: Optional[pulumi.Input[_builtins.str]] = None,
+                 sign_in_audience: Optional[pulumi.Input[_builtins.str]] = None,
+                 single_page_application: Optional[pulumi.Input[Union['ApplicationSinglePageApplicationArgs', 'ApplicationSinglePageApplicationArgsDict']]] = None,
+                 support_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 template_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 terms_of_service_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 web: Optional[pulumi.Input[Union['ApplicationWebArgs', 'ApplicationWebArgsDict']]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -1106,119 +1131,141 @@ class Application(pulumi.CustomResource):
 
         ```python
         import pulumi
-        import base64
         import pulumi_azuread as azuread
+        import pulumi_std as std
 
         current = azuread.get_client_config()
         example = azuread.Application("example",
             display_name="example",
             identifier_uris=["api://example-app"],
-            logo_image=(lambda path: base64.b64encode(open(path).read().encode()).decode())("/path/to/logo.png"),
+            logo_image=std.filebase64(input="/path/to/logo.png").result,
             owners=[current.object_id],
             sign_in_audience="AzureADMultipleOrgs",
-            api=azuread.ApplicationApiArgs(
-                mapped_claims_enabled=True,
-                requested_access_token_version=2,
-                known_client_applications=[
-                    azuread_application["known1"]["application_id"],
-                    azuread_application["known2"]["application_id"],
+            api={
+                "mapped_claims_enabled": True,
+                "requested_access_token_version": 2,
+                "known_client_applications": [
+                    known1["clientId"],
+                    known2["clientId"],
                 ],
-                oauth2_permission_scopes=[
-                    azuread.ApplicationApiOauth2PermissionScopeArgs(
-                        admin_consent_description="Allow the application to access example on behalf of the signed-in user.",
-                        admin_consent_display_name="Access example",
-                        enabled=True,
-                        id="96183846-204b-4b43-82e1-5d2222eb4b9b",
-                        type="User",
-                        user_consent_description="Allow the application to access example on your behalf.",
-                        user_consent_display_name="Access example",
-                        value="user_impersonation",
-                    ),
-                    azuread.ApplicationApiOauth2PermissionScopeArgs(
-                        admin_consent_description="Administer the example application",
-                        admin_consent_display_name="Administer",
-                        enabled=True,
-                        id="be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
-                        type="Admin",
-                        value="administer",
-                    ),
+                "oauth2_permission_scopes": [
+                    {
+                        "admin_consent_description": "Allow the application to access example on behalf of the signed-in user.",
+                        "admin_consent_display_name": "Access example",
+                        "enabled": True,
+                        "id": "96183846-204b-4b43-82e1-5d2222eb4b9b",
+                        "type": "User",
+                        "user_consent_description": "Allow the application to access example on your behalf.",
+                        "user_consent_display_name": "Access example",
+                        "value": "user_impersonation",
+                    },
+                    {
+                        "admin_consent_description": "Administer the example application",
+                        "admin_consent_display_name": "Administer",
+                        "enabled": True,
+                        "id": "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
+                        "type": "Admin",
+                        "value": "administer",
+                    },
                 ],
-            ),
+            },
             app_roles=[
-                azuread.ApplicationAppRoleArgs(
-                    allowed_member_types=[
+                {
+                    "allowed_member_types": [
                         "User",
                         "Application",
                     ],
-                    description="Admins can manage roles and perform all task actions",
-                    display_name="Admin",
-                    enabled=True,
-                    id="1b19509b-32b1-4e9f-b71d-4992aa991967",
-                    value="admin",
-                ),
-                azuread.ApplicationAppRoleArgs(
-                    allowed_member_types=["User"],
-                    description="ReadOnly roles have limited query access",
-                    display_name="ReadOnly",
-                    enabled=True,
-                    id="497406e4-012a-4267-bf18-45a1cb148a01",
-                    value="User",
-                ),
+                    "description": "Admins can manage roles and perform all task actions",
+                    "display_name": "Admin",
+                    "enabled": True,
+                    "id": "1b19509b-32b1-4e9f-b71d-4992aa991967",
+                    "value": "admin",
+                },
+                {
+                    "allowed_member_types": ["User"],
+                    "description": "ReadOnly roles have limited query access",
+                    "display_name": "ReadOnly",
+                    "enabled": True,
+                    "id": "497406e4-012a-4267-bf18-45a1cb148a01",
+                    "value": "User",
+                },
             ],
-            feature_tags=[azuread.ApplicationFeatureTagArgs(
-                enterprise=True,
-                gallery=True,
-            )],
-            optional_claims=azuread.ApplicationOptionalClaimsArgs(
-                access_tokens=[
-                    azuread.ApplicationOptionalClaimsAccessTokenArgs(
-                        name="myclaim",
-                    ),
-                    azuread.ApplicationOptionalClaimsAccessTokenArgs(
-                        name="otherclaim",
-                    ),
+            feature_tags=[{
+                "enterprise": True,
+                "gallery": True,
+            }],
+            optional_claims={
+                "access_tokens": [
+                    {
+                        "name": "myclaim",
+                    },
+                    {
+                        "name": "otherclaim",
+                    },
                 ],
-                id_tokens=[azuread.ApplicationOptionalClaimsIdTokenArgs(
-                    name="userclaim",
-                    source="user",
-                    essential=True,
-                    additional_properties=["emit_as_roles"],
-                )],
-                saml2_tokens=[azuread.ApplicationOptionalClaimsSaml2TokenArgs(
-                    name="samlexample",
-                )],
-            ),
+                "id_tokens": [{
+                    "name": "userclaim",
+                    "source": "user",
+                    "essential": True,
+                    "additional_properties": ["emit_as_roles"],
+                }],
+                "saml2_tokens": [{
+                    "name": "samlexample",
+                }],
+            },
             required_resource_accesses=[
-                azuread.ApplicationRequiredResourceAccessArgs(
-                    resource_app_id="00000003-0000-0000-c000-000000000000",
-                    resource_accesses=[
-                        azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
-                            id="df021288-bdef-4463-88db-98f22de89214",
-                            type="Role",
-                        ),
-                        azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
-                            id="b4e74841-8e56-480b-be8b-910348b18b4c",
-                            type="Scope",
-                        ),
+                {
+                    "resource_app_id": "00000003-0000-0000-c000-000000000000",
+                    "resource_accesses": [
+                        {
+                            "id": "df021288-bdef-4463-88db-98f22de89214",
+                            "type": "Role",
+                        },
+                        {
+                            "id": "b4e74841-8e56-480b-be8b-910348b18b4c",
+                            "type": "Scope",
+                        },
                     ],
-                ),
-                azuread.ApplicationRequiredResourceAccessArgs(
-                    resource_app_id="c5393580-f805-4401-95e8-94b7a6ef2fc2",
-                    resource_accesses=[azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
-                        id="594c1fb6-4f81-4475-ae41-0c394909246c",
-                        type="Role",
-                    )],
-                ),
+                },
+                {
+                    "resource_app_id": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                    "resource_accesses": [{
+                        "id": "594c1fb6-4f81-4475-ae41-0c394909246c",
+                        "type": "Role",
+                    }],
+                },
             ],
-            web=azuread.ApplicationWebArgs(
-                homepage_url="https://app.example.net",
-                logout_url="https://app.example.net/logout",
-                redirect_uris=["https://app.example.net/account"],
-                implicit_grant=azuread.ApplicationWebImplicitGrantArgs(
-                    access_token_issuance_enabled=True,
-                    id_token_issuance_enabled=True,
-                ),
-            ))
+            web={
+                "homepage_url": "https://app.example.net",
+                "logout_url": "https://app.example.net/logout",
+                "redirect_uris": ["https://app.example.net/account"],
+                "implicit_grant": {
+                    "access_token_issuance_enabled": True,
+                    "id_token_issuance_enabled": True,
+                },
+            })
+        ```
+
+        *Create application and generate a password*
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_std as std
+        import pulumiverse_time as time
+
+        current = azuread.get_client_config()
+        example = time.Rotating("example", rotation_days=180)
+        example_application = azuread.Application("example",
+            display_name="example",
+            owners=[current.object_id],
+            password={
+                "display_name": "MySecret-1",
+                "start_date": example.id,
+                "end_date": std.timeadd_output(duration=example.id,
+                    timestamp="4320h").apply(lambda invoke: invoke.result),
+            })
+        pulumi.export("examplePassword", example_application.password[0]["value"])
         ```
 
         *Create application from a gallery template*
@@ -1227,12 +1274,12 @@ class Application(pulumi.CustomResource):
         import pulumi
         import pulumi_azuread as azuread
 
-        example_application_template = azuread.get_application_template(display_name="Marketo")
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.get_application_template(display_name="Marketo")
+        example_application = azuread.Application("example",
             display_name="example",
-            template_id=example_application_template.template_id)
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
-            application_id=example_application.application_id,
+            template_id=example.template_id)
+        example_service_principal = azuread.ServicePrincipal("example",
+            client_id=example_application.client_id,
             use_existing=True)
         ```
 
@@ -1241,46 +1288,49 @@ class Application(pulumi.CustomResource):
         Applications can be imported using the object ID of the application, in the following format.
 
         ```sh
-         $ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000
+        $ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000
         ```
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[pulumi.InputType['ApplicationApiArgs']] api: An `api` block as documented below, which configures API related settings for this application.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationAppRoleArgs']]]] app_roles: A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
-        :param pulumi.Input[str] description: A description of the application, as shown to end users.
-        :param pulumi.Input[bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
-        :param pulumi.Input[str] display_name: The display name for the application.
-        :param pulumi.Input[bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationFeatureTagArgs']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
+        :param pulumi.Input[Union['ApplicationApiArgs', 'ApplicationApiArgsDict']] api: An `api` block as documented below, which configures API related settings for this application.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ApplicationAppRoleArgs', 'ApplicationAppRoleArgsDict']]]] app_roles: A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
+        :param pulumi.Input[_builtins.str] description: A description of the application, as shown to end users.
+        :param pulumi.Input[_builtins.bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] display_name: The display name for the application.
+        :param pulumi.Input[_builtins.bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ApplicationFeatureTagArgs', 'ApplicationFeatureTagArgsDict']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                
                > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
-        :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
-        :param pulumi.Input[str] marketing_url: URL of the application's marketing page.
-        :param pulumi.Input[str] notes: User-specified notes relevant for the management of the application.
-        :param pulumi.Input[bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
-        :param pulumi.Input[pulumi.InputType['ApplicationOptionalClaimsArgs']] optional_claims: An `optional_claims` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the application
-        :param pulumi.Input[bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
-        :param pulumi.Input[str] privacy_statement_url: URL of the application's privacy statement.
-        :param pulumi.Input[pulumi.InputType['ApplicationPublicClientArgs']] public_client: A `public_client` block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationRequiredResourceAccessArgs']]]] required_resource_accesses: A collection of `required_resource_access` blocks as documented below.
-        :param pulumi.Input[str] service_management_reference: References application context information from a Service or Asset Management database.
-        :param pulumi.Input[str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
+        :param pulumi.Input[_builtins.str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
+        :param pulumi.Input[_builtins.str] marketing_url: URL of the application's marketing page.
+        :param pulumi.Input[_builtins.str] notes: User-specified notes relevant for the management of the application.
+        :param pulumi.Input[_builtins.bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
+        :param pulumi.Input[Union['ApplicationOptionalClaimsArgs', 'ApplicationOptionalClaimsArgsDict']] optional_claims: An `optional_claims` block as documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the application
+        :param pulumi.Input[Union['ApplicationPasswordArgs', 'ApplicationPasswordArgsDict']] password: A single `password` block as documented below. The password is generated during creation. By default, no password is generated.
+               
+               > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource.
+        :param pulumi.Input[_builtins.bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] privacy_statement_url: URL of the application's privacy statement.
+        :param pulumi.Input[Union['ApplicationPublicClientArgs', 'ApplicationPublicClientArgsDict']] public_client: A `public_client` block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ApplicationRequiredResourceAccessArgs', 'ApplicationRequiredResourceAccessArgsDict']]]] required_resource_accesses: A collection of `required_resource_access` blocks as documented below.
+        :param pulumi.Input[_builtins.str] service_management_reference: References application context information from a Service or Asset Management database.
+        :param pulumi.Input[_builtins.str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
                
                > **Changing `sign_in_audience` for existing applications** When updating an existing application to use a `sign_in_audience` value of `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`, your configuration may no longer be valid. Refer to [official documentation](https://docs.microsoft.com/en-gb/azure/active-directory/develop/supported-accounts-validation) to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.
-        :param pulumi.Input[pulumi.InputType['ApplicationSinglePageApplicationArgs']] single_page_application: A `single_page_application` block as documented below, which configures single-page application (SPA) related settings for this application.
-        :param pulumi.Input[str] support_url: URL of the application's support page.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[Union['ApplicationSinglePageApplicationArgs', 'ApplicationSinglePageApplicationArgsDict']] single_page_application: A `single_page_application` block as documented below, which configures single-page application (SPA) related settings for this application.
+        :param pulumi.Input[_builtins.str] support_url: URL of the application's support page.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
                
                > **Tip for Gallery Applications** This resource can  be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the ApplicationRegistration resource instead.
-        :param pulumi.Input[str] terms_of_service_url: URL of the application's terms of service statement.
-        :param pulumi.Input[pulumi.InputType['ApplicationWebArgs']] web: A `web` block as documented below, which configures web related settings for this application.
+        :param pulumi.Input[_builtins.str] terms_of_service_url: URL of the application's terms of service statement.
+        :param pulumi.Input[Union['ApplicationWebArgs', 'ApplicationWebArgsDict']] web: A `web` block as documented below, which configures web related settings for this application.
                
                > **Application Name Uniqueness** Application names are not unique within Azure Active Directory. Use the `prevent_duplicate_names` argument to check for existing applications if you want to avoid name collisions.
         """
@@ -1297,119 +1347,141 @@ class Application(pulumi.CustomResource):
 
         ```python
         import pulumi
-        import base64
         import pulumi_azuread as azuread
+        import pulumi_std as std
 
         current = azuread.get_client_config()
         example = azuread.Application("example",
             display_name="example",
             identifier_uris=["api://example-app"],
-            logo_image=(lambda path: base64.b64encode(open(path).read().encode()).decode())("/path/to/logo.png"),
+            logo_image=std.filebase64(input="/path/to/logo.png").result,
             owners=[current.object_id],
             sign_in_audience="AzureADMultipleOrgs",
-            api=azuread.ApplicationApiArgs(
-                mapped_claims_enabled=True,
-                requested_access_token_version=2,
-                known_client_applications=[
-                    azuread_application["known1"]["application_id"],
-                    azuread_application["known2"]["application_id"],
+            api={
+                "mapped_claims_enabled": True,
+                "requested_access_token_version": 2,
+                "known_client_applications": [
+                    known1["clientId"],
+                    known2["clientId"],
                 ],
-                oauth2_permission_scopes=[
-                    azuread.ApplicationApiOauth2PermissionScopeArgs(
-                        admin_consent_description="Allow the application to access example on behalf of the signed-in user.",
-                        admin_consent_display_name="Access example",
-                        enabled=True,
-                        id="96183846-204b-4b43-82e1-5d2222eb4b9b",
-                        type="User",
-                        user_consent_description="Allow the application to access example on your behalf.",
-                        user_consent_display_name="Access example",
-                        value="user_impersonation",
-                    ),
-                    azuread.ApplicationApiOauth2PermissionScopeArgs(
-                        admin_consent_description="Administer the example application",
-                        admin_consent_display_name="Administer",
-                        enabled=True,
-                        id="be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
-                        type="Admin",
-                        value="administer",
-                    ),
+                "oauth2_permission_scopes": [
+                    {
+                        "admin_consent_description": "Allow the application to access example on behalf of the signed-in user.",
+                        "admin_consent_display_name": "Access example",
+                        "enabled": True,
+                        "id": "96183846-204b-4b43-82e1-5d2222eb4b9b",
+                        "type": "User",
+                        "user_consent_description": "Allow the application to access example on your behalf.",
+                        "user_consent_display_name": "Access example",
+                        "value": "user_impersonation",
+                    },
+                    {
+                        "admin_consent_description": "Administer the example application",
+                        "admin_consent_display_name": "Administer",
+                        "enabled": True,
+                        "id": "be98fa3e-ab5b-4b11-83d9-04ba2b7946bc",
+                        "type": "Admin",
+                        "value": "administer",
+                    },
                 ],
-            ),
+            },
             app_roles=[
-                azuread.ApplicationAppRoleArgs(
-                    allowed_member_types=[
+                {
+                    "allowed_member_types": [
                         "User",
                         "Application",
                     ],
-                    description="Admins can manage roles and perform all task actions",
-                    display_name="Admin",
-                    enabled=True,
-                    id="1b19509b-32b1-4e9f-b71d-4992aa991967",
-                    value="admin",
-                ),
-                azuread.ApplicationAppRoleArgs(
-                    allowed_member_types=["User"],
-                    description="ReadOnly roles have limited query access",
-                    display_name="ReadOnly",
-                    enabled=True,
-                    id="497406e4-012a-4267-bf18-45a1cb148a01",
-                    value="User",
-                ),
+                    "description": "Admins can manage roles and perform all task actions",
+                    "display_name": "Admin",
+                    "enabled": True,
+                    "id": "1b19509b-32b1-4e9f-b71d-4992aa991967",
+                    "value": "admin",
+                },
+                {
+                    "allowed_member_types": ["User"],
+                    "description": "ReadOnly roles have limited query access",
+                    "display_name": "ReadOnly",
+                    "enabled": True,
+                    "id": "497406e4-012a-4267-bf18-45a1cb148a01",
+                    "value": "User",
+                },
             ],
-            feature_tags=[azuread.ApplicationFeatureTagArgs(
-                enterprise=True,
-                gallery=True,
-            )],
-            optional_claims=azuread.ApplicationOptionalClaimsArgs(
-                access_tokens=[
-                    azuread.ApplicationOptionalClaimsAccessTokenArgs(
-                        name="myclaim",
-                    ),
-                    azuread.ApplicationOptionalClaimsAccessTokenArgs(
-                        name="otherclaim",
-                    ),
+            feature_tags=[{
+                "enterprise": True,
+                "gallery": True,
+            }],
+            optional_claims={
+                "access_tokens": [
+                    {
+                        "name": "myclaim",
+                    },
+                    {
+                        "name": "otherclaim",
+                    },
                 ],
-                id_tokens=[azuread.ApplicationOptionalClaimsIdTokenArgs(
-                    name="userclaim",
-                    source="user",
-                    essential=True,
-                    additional_properties=["emit_as_roles"],
-                )],
-                saml2_tokens=[azuread.ApplicationOptionalClaimsSaml2TokenArgs(
-                    name="samlexample",
-                )],
-            ),
+                "id_tokens": [{
+                    "name": "userclaim",
+                    "source": "user",
+                    "essential": True,
+                    "additional_properties": ["emit_as_roles"],
+                }],
+                "saml2_tokens": [{
+                    "name": "samlexample",
+                }],
+            },
             required_resource_accesses=[
-                azuread.ApplicationRequiredResourceAccessArgs(
-                    resource_app_id="00000003-0000-0000-c000-000000000000",
-                    resource_accesses=[
-                        azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
-                            id="df021288-bdef-4463-88db-98f22de89214",
-                            type="Role",
-                        ),
-                        azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
-                            id="b4e74841-8e56-480b-be8b-910348b18b4c",
-                            type="Scope",
-                        ),
+                {
+                    "resource_app_id": "00000003-0000-0000-c000-000000000000",
+                    "resource_accesses": [
+                        {
+                            "id": "df021288-bdef-4463-88db-98f22de89214",
+                            "type": "Role",
+                        },
+                        {
+                            "id": "b4e74841-8e56-480b-be8b-910348b18b4c",
+                            "type": "Scope",
+                        },
                     ],
-                ),
-                azuread.ApplicationRequiredResourceAccessArgs(
-                    resource_app_id="c5393580-f805-4401-95e8-94b7a6ef2fc2",
-                    resource_accesses=[azuread.ApplicationRequiredResourceAccessResourceAccessArgs(
-                        id="594c1fb6-4f81-4475-ae41-0c394909246c",
-                        type="Role",
-                    )],
-                ),
+                },
+                {
+                    "resource_app_id": "c5393580-f805-4401-95e8-94b7a6ef2fc2",
+                    "resource_accesses": [{
+                        "id": "594c1fb6-4f81-4475-ae41-0c394909246c",
+                        "type": "Role",
+                    }],
+                },
             ],
-            web=azuread.ApplicationWebArgs(
-                homepage_url="https://app.example.net",
-                logout_url="https://app.example.net/logout",
-                redirect_uris=["https://app.example.net/account"],
-                implicit_grant=azuread.ApplicationWebImplicitGrantArgs(
-                    access_token_issuance_enabled=True,
-                    id_token_issuance_enabled=True,
-                ),
-            ))
+            web={
+                "homepage_url": "https://app.example.net",
+                "logout_url": "https://app.example.net/logout",
+                "redirect_uris": ["https://app.example.net/account"],
+                "implicit_grant": {
+                    "access_token_issuance_enabled": True,
+                    "id_token_issuance_enabled": True,
+                },
+            })
+        ```
+
+        *Create application and generate a password*
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_std as std
+        import pulumiverse_time as time
+
+        current = azuread.get_client_config()
+        example = time.Rotating("example", rotation_days=180)
+        example_application = azuread.Application("example",
+            display_name="example",
+            owners=[current.object_id],
+            password={
+                "display_name": "MySecret-1",
+                "start_date": example.id,
+                "end_date": std.timeadd_output(duration=example.id,
+                    timestamp="4320h").apply(lambda invoke: invoke.result),
+            })
+        pulumi.export("examplePassword", example_application.password[0]["value"])
         ```
 
         *Create application from a gallery template*
@@ -1418,12 +1490,12 @@ class Application(pulumi.CustomResource):
         import pulumi
         import pulumi_azuread as azuread
 
-        example_application_template = azuread.get_application_template(display_name="Marketo")
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.get_application_template(display_name="Marketo")
+        example_application = azuread.Application("example",
             display_name="example",
-            template_id=example_application_template.template_id)
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
-            application_id=example_application.application_id,
+            template_id=example.template_id)
+        example_service_principal = azuread.ServicePrincipal("example",
+            client_id=example_application.client_id,
             use_existing=True)
         ```
 
@@ -1432,7 +1504,7 @@ class Application(pulumi.CustomResource):
         Applications can be imported using the object ID of the application, in the following format.
 
         ```sh
-         $ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000
+        $ pulumi import azuread:index/application:Application example /applications/00000000-0000-0000-0000-000000000000
         ```
 
         :param str resource_name: The name of the resource.
@@ -1450,33 +1522,34 @@ class Application(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 api: Optional[pulumi.Input[pulumi.InputType['ApplicationApiArgs']]] = None,
-                 app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationAppRoleArgs']]]]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 device_only_auth_enabled: Optional[pulumi.Input[bool]] = None,
-                 display_name: Optional[pulumi.Input[str]] = None,
-                 fallback_public_client_enabled: Optional[pulumi.Input[bool]] = None,
-                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationFeatureTagArgs']]]]] = None,
-                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 logo_image: Optional[pulumi.Input[str]] = None,
-                 marketing_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 oauth2_post_response_required: Optional[pulumi.Input[bool]] = None,
-                 optional_claims: Optional[pulumi.Input[pulumi.InputType['ApplicationOptionalClaimsArgs']]] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 prevent_duplicate_names: Optional[pulumi.Input[bool]] = None,
-                 privacy_statement_url: Optional[pulumi.Input[str]] = None,
-                 public_client: Optional[pulumi.Input[pulumi.InputType['ApplicationPublicClientArgs']]] = None,
-                 required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationRequiredResourceAccessArgs']]]]] = None,
-                 service_management_reference: Optional[pulumi.Input[str]] = None,
-                 sign_in_audience: Optional[pulumi.Input[str]] = None,
-                 single_page_application: Optional[pulumi.Input[pulumi.InputType['ApplicationSinglePageApplicationArgs']]] = None,
-                 support_url: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 template_id: Optional[pulumi.Input[str]] = None,
-                 terms_of_service_url: Optional[pulumi.Input[str]] = None,
-                 web: Optional[pulumi.Input[pulumi.InputType['ApplicationWebArgs']]] = None,
+                 api: Optional[pulumi.Input[Union['ApplicationApiArgs', 'ApplicationApiArgsDict']]] = None,
+                 app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationAppRoleArgs', 'ApplicationAppRoleArgsDict']]]]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 device_only_auth_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 fallback_public_client_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationFeatureTagArgs', 'ApplicationFeatureTagArgsDict']]]]] = None,
+                 group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 logo_image: Optional[pulumi.Input[_builtins.str]] = None,
+                 marketing_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 oauth2_post_response_required: Optional[pulumi.Input[_builtins.bool]] = None,
+                 optional_claims: Optional[pulumi.Input[Union['ApplicationOptionalClaimsArgs', 'ApplicationOptionalClaimsArgsDict']]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 password: Optional[pulumi.Input[Union['ApplicationPasswordArgs', 'ApplicationPasswordArgsDict']]] = None,
+                 prevent_duplicate_names: Optional[pulumi.Input[_builtins.bool]] = None,
+                 privacy_statement_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 public_client: Optional[pulumi.Input[Union['ApplicationPublicClientArgs', 'ApplicationPublicClientArgsDict']]] = None,
+                 required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationRequiredResourceAccessArgs', 'ApplicationRequiredResourceAccessArgsDict']]]]] = None,
+                 service_management_reference: Optional[pulumi.Input[_builtins.str]] = None,
+                 sign_in_audience: Optional[pulumi.Input[_builtins.str]] = None,
+                 single_page_application: Optional[pulumi.Input[Union['ApplicationSinglePageApplicationArgs', 'ApplicationSinglePageApplicationArgsDict']]] = None,
+                 support_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 template_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 terms_of_service_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 web: Optional[pulumi.Input[Union['ApplicationWebArgs', 'ApplicationWebArgsDict']]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1503,6 +1576,7 @@ class Application(pulumi.CustomResource):
             __props__.__dict__["oauth2_post_response_required"] = oauth2_post_response_required
             __props__.__dict__["optional_claims"] = optional_claims
             __props__.__dict__["owners"] = owners
+            __props__.__dict__["password"] = password
             __props__.__dict__["prevent_duplicate_names"] = prevent_duplicate_names
             __props__.__dict__["privacy_statement_url"] = privacy_statement_url
             __props__.__dict__["public_client"] = public_client
@@ -1516,7 +1590,6 @@ class Application(pulumi.CustomResource):
             __props__.__dict__["terms_of_service_url"] = terms_of_service_url
             __props__.__dict__["web"] = web
             __props__.__dict__["app_role_ids"] = None
-            __props__.__dict__["application_id"] = None
             __props__.__dict__["client_id"] = None
             __props__.__dict__["disabled_by_microsoft"] = None
             __props__.__dict__["logo_url"] = None
@@ -1533,41 +1606,41 @@ class Application(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            api: Optional[pulumi.Input[pulumi.InputType['ApplicationApiArgs']]] = None,
-            app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-            app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationAppRoleArgs']]]]] = None,
-            application_id: Optional[pulumi.Input[str]] = None,
-            client_id: Optional[pulumi.Input[str]] = None,
-            description: Optional[pulumi.Input[str]] = None,
-            device_only_auth_enabled: Optional[pulumi.Input[bool]] = None,
-            disabled_by_microsoft: Optional[pulumi.Input[str]] = None,
-            display_name: Optional[pulumi.Input[str]] = None,
-            fallback_public_client_enabled: Optional[pulumi.Input[bool]] = None,
-            feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationFeatureTagArgs']]]]] = None,
-            group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            logo_image: Optional[pulumi.Input[str]] = None,
-            logo_url: Optional[pulumi.Input[str]] = None,
-            marketing_url: Optional[pulumi.Input[str]] = None,
-            notes: Optional[pulumi.Input[str]] = None,
-            oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-            oauth2_post_response_required: Optional[pulumi.Input[bool]] = None,
-            object_id: Optional[pulumi.Input[str]] = None,
-            optional_claims: Optional[pulumi.Input[pulumi.InputType['ApplicationOptionalClaimsArgs']]] = None,
-            owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            prevent_duplicate_names: Optional[pulumi.Input[bool]] = None,
-            privacy_statement_url: Optional[pulumi.Input[str]] = None,
-            public_client: Optional[pulumi.Input[pulumi.InputType['ApplicationPublicClientArgs']]] = None,
-            publisher_domain: Optional[pulumi.Input[str]] = None,
-            required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationRequiredResourceAccessArgs']]]]] = None,
-            service_management_reference: Optional[pulumi.Input[str]] = None,
-            sign_in_audience: Optional[pulumi.Input[str]] = None,
-            single_page_application: Optional[pulumi.Input[pulumi.InputType['ApplicationSinglePageApplicationArgs']]] = None,
-            support_url: Optional[pulumi.Input[str]] = None,
-            tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            template_id: Optional[pulumi.Input[str]] = None,
-            terms_of_service_url: Optional[pulumi.Input[str]] = None,
-            web: Optional[pulumi.Input[pulumi.InputType['ApplicationWebArgs']]] = None) -> 'Application':
+            api: Optional[pulumi.Input[Union['ApplicationApiArgs', 'ApplicationApiArgsDict']]] = None,
+            app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationAppRoleArgs', 'ApplicationAppRoleArgsDict']]]]] = None,
+            client_id: Optional[pulumi.Input[_builtins.str]] = None,
+            description: Optional[pulumi.Input[_builtins.str]] = None,
+            device_only_auth_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+            disabled_by_microsoft: Optional[pulumi.Input[_builtins.str]] = None,
+            display_name: Optional[pulumi.Input[_builtins.str]] = None,
+            fallback_public_client_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+            feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationFeatureTagArgs', 'ApplicationFeatureTagArgsDict']]]]] = None,
+            group_membership_claims: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            identifier_uris: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            logo_image: Optional[pulumi.Input[_builtins.str]] = None,
+            logo_url: Optional[pulumi.Input[_builtins.str]] = None,
+            marketing_url: Optional[pulumi.Input[_builtins.str]] = None,
+            notes: Optional[pulumi.Input[_builtins.str]] = None,
+            oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            oauth2_post_response_required: Optional[pulumi.Input[_builtins.bool]] = None,
+            object_id: Optional[pulumi.Input[_builtins.str]] = None,
+            optional_claims: Optional[pulumi.Input[Union['ApplicationOptionalClaimsArgs', 'ApplicationOptionalClaimsArgsDict']]] = None,
+            owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            password: Optional[pulumi.Input[Union['ApplicationPasswordArgs', 'ApplicationPasswordArgsDict']]] = None,
+            prevent_duplicate_names: Optional[pulumi.Input[_builtins.bool]] = None,
+            privacy_statement_url: Optional[pulumi.Input[_builtins.str]] = None,
+            public_client: Optional[pulumi.Input[Union['ApplicationPublicClientArgs', 'ApplicationPublicClientArgsDict']]] = None,
+            publisher_domain: Optional[pulumi.Input[_builtins.str]] = None,
+            required_resource_accesses: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ApplicationRequiredResourceAccessArgs', 'ApplicationRequiredResourceAccessArgsDict']]]]] = None,
+            service_management_reference: Optional[pulumi.Input[_builtins.str]] = None,
+            sign_in_audience: Optional[pulumi.Input[_builtins.str]] = None,
+            single_page_application: Optional[pulumi.Input[Union['ApplicationSinglePageApplicationArgs', 'ApplicationSinglePageApplicationArgsDict']]] = None,
+            support_url: Optional[pulumi.Input[_builtins.str]] = None,
+            tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            template_id: Optional[pulumi.Input[_builtins.str]] = None,
+            terms_of_service_url: Optional[pulumi.Input[_builtins.str]] = None,
+            web: Optional[pulumi.Input[Union['ApplicationWebArgs', 'ApplicationWebArgsDict']]] = None) -> 'Application':
         """
         Get an existing Application resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1575,49 +1648,51 @@ class Application(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[pulumi.InputType['ApplicationApiArgs']] api: An `api` block as documented below, which configures API related settings for this application.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] app_role_ids: A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationAppRoleArgs']]]] app_roles: A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
-        :param pulumi.Input[str] application_id: The Application ID (also called Client ID)
-        :param pulumi.Input[str] client_id: The Client ID for the application.
-        :param pulumi.Input[str] description: A description of the application, as shown to end users.
-        :param pulumi.Input[bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
-        :param pulumi.Input[str] disabled_by_microsoft: Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`
-        :param pulumi.Input[str] display_name: The display name for the application.
-        :param pulumi.Input[bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationFeatureTagArgs']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
+        :param pulumi.Input[Union['ApplicationApiArgs', 'ApplicationApiArgsDict']] api: An `api` block as documented below, which configures API related settings for this application.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] app_role_ids: A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ApplicationAppRoleArgs', 'ApplicationAppRoleArgsDict']]]] app_roles: A collection of `app_role` blocks as documented below. For more information see [official documentation on Application Roles](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
+        :param pulumi.Input[_builtins.str] client_id: The Client ID for the application.
+        :param pulumi.Input[_builtins.str] description: A description of the application, as shown to end users.
+        :param pulumi.Input[_builtins.bool] device_only_auth_enabled: Specifies whether this application supports device authentication without a user. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] disabled_by_microsoft: Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`
+        :param pulumi.Input[_builtins.str] display_name: The display name for the application.
+        :param pulumi.Input[_builtins.bool] fallback_public_client_enabled: Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ApplicationFeatureTagArgs', 'ApplicationFeatureTagArgsDict']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                
                > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
-        :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
-        :param pulumi.Input[str] logo_url: CDN URL to the application's logo, as uploaded with the `logo_image` property.
-        :param pulumi.Input[str] marketing_url: URL of the application's marketing page.
-        :param pulumi.Input[str] notes: User-specified notes relevant for the management of the application.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
-        :param pulumi.Input[bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
-        :param pulumi.Input[str] object_id: The application's object ID.
-        :param pulumi.Input[pulumi.InputType['ApplicationOptionalClaimsArgs']] optional_claims: An `optional_claims` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the application
-        :param pulumi.Input[bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
-        :param pulumi.Input[str] privacy_statement_url: URL of the application's privacy statement.
-        :param pulumi.Input[pulumi.InputType['ApplicationPublicClientArgs']] public_client: A `public_client` block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
-        :param pulumi.Input[str] publisher_domain: The verified publisher domain for the application.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationRequiredResourceAccessArgs']]]] required_resource_accesses: A collection of `required_resource_access` blocks as documented below.
-        :param pulumi.Input[str] service_management_reference: References application context information from a Service or Asset Management database.
-        :param pulumi.Input[str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
+        :param pulumi.Input[_builtins.str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
+        :param pulumi.Input[_builtins.str] logo_url: CDN URL to the application's logo, as uploaded with the `logo_image` property.
+        :param pulumi.Input[_builtins.str] marketing_url: URL of the application's marketing page.
+        :param pulumi.Input[_builtins.str] notes: User-specified notes relevant for the management of the application.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
+        :param pulumi.Input[_builtins.bool] oauth2_post_response_required: Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
+        :param pulumi.Input[_builtins.str] object_id: The application's object ID.
+        :param pulumi.Input[Union['ApplicationOptionalClaimsArgs', 'ApplicationOptionalClaimsArgsDict']] optional_claims: An `optional_claims` block as documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the application
+        :param pulumi.Input[Union['ApplicationPasswordArgs', 'ApplicationPasswordArgsDict']] password: A single `password` block as documented below. The password is generated during creation. By default, no password is generated.
+               
+               > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource.
+        :param pulumi.Input[_builtins.bool] prevent_duplicate_names: If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] privacy_statement_url: URL of the application's privacy statement.
+        :param pulumi.Input[Union['ApplicationPublicClientArgs', 'ApplicationPublicClientArgsDict']] public_client: A `public_client` block as documented below, which configures non-web app or non-web API application settings, for example mobile or other public clients such as an installed application running on a desktop device.
+        :param pulumi.Input[_builtins.str] publisher_domain: The verified publisher domain for the application.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ApplicationRequiredResourceAccessArgs', 'ApplicationRequiredResourceAccessArgsDict']]]] required_resource_accesses: A collection of `required_resource_access` blocks as documented below.
+        :param pulumi.Input[_builtins.str] service_management_reference: References application context information from a Service or Asset Management database.
+        :param pulumi.Input[_builtins.str] sign_in_audience: The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
                
                > **Changing `sign_in_audience` for existing applications** When updating an existing application to use a `sign_in_audience` value of `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`, your configuration may no longer be valid. Refer to [official documentation](https://docs.microsoft.com/en-gb/azure/active-directory/develop/supported-accounts-validation) to understand the differences in supported configurations. Where possible, the provider will attempt to validate your configuration and try to avoid applying unsupported settings to your application.
-        :param pulumi.Input[pulumi.InputType['ApplicationSinglePageApplicationArgs']] single_page_application: A `single_page_application` block as documented below, which configures single-page application (SPA) related settings for this application.
-        :param pulumi.Input[str] support_url: URL of the application's support page.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[Union['ApplicationSinglePageApplicationArgs', 'ApplicationSinglePageApplicationArgsDict']] single_page_application: A `single_page_application` block as documented below, which configures single-page application (SPA) related settings for this application.
+        :param pulumi.Input[_builtins.str] support_url: URL of the application's support page.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of applications. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values also propagate to any linked service principals.
-        :param pulumi.Input[str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] template_id: Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
                
                > **Tip for Gallery Applications** This resource can  be used to instantiate a gallery application, however it will also attempt to manage the properties of the resulting application. If this is not desired, consider using the ApplicationRegistration resource instead.
-        :param pulumi.Input[str] terms_of_service_url: URL of the application's terms of service statement.
-        :param pulumi.Input[pulumi.InputType['ApplicationWebArgs']] web: A `web` block as documented below, which configures web related settings for this application.
+        :param pulumi.Input[_builtins.str] terms_of_service_url: URL of the application's terms of service statement.
+        :param pulumi.Input[Union['ApplicationWebArgs', 'ApplicationWebArgsDict']] web: A `web` block as documented below, which configures web related settings for this application.
                
                > **Application Name Uniqueness** Application names are not unique within Azure Active Directory. Use the `prevent_duplicate_names` argument to check for existing applications if you want to avoid name collisions.
         """
@@ -1628,7 +1703,6 @@ class Application(pulumi.CustomResource):
         __props__.__dict__["api"] = api
         __props__.__dict__["app_role_ids"] = app_role_ids
         __props__.__dict__["app_roles"] = app_roles
-        __props__.__dict__["application_id"] = application_id
         __props__.__dict__["client_id"] = client_id
         __props__.__dict__["description"] = description
         __props__.__dict__["device_only_auth_enabled"] = device_only_auth_enabled
@@ -1647,6 +1721,7 @@ class Application(pulumi.CustomResource):
         __props__.__dict__["object_id"] = object_id
         __props__.__dict__["optional_claims"] = optional_claims
         __props__.__dict__["owners"] = owners
+        __props__.__dict__["password"] = password
         __props__.__dict__["prevent_duplicate_names"] = prevent_duplicate_names
         __props__.__dict__["privacy_statement_url"] = privacy_statement_url
         __props__.__dict__["public_client"] = public_client
@@ -1662,7 +1737,7 @@ class Application(pulumi.CustomResource):
         __props__.__dict__["web"] = web
         return Application(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def api(self) -> pulumi.Output[Optional['outputs.ApplicationApi']]:
         """
@@ -1670,15 +1745,15 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "api")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoleIds")
-    def app_role_ids(self) -> pulumi.Output[Mapping[str, str]]:
+    def app_role_ids(self) -> pulumi.Output[Mapping[str, _builtins.str]]:
         """
         A mapping of app role values to app role IDs, intended to be useful when referencing app roles in other resources in your configuration.
         """
         return pulumi.get(self, "app_role_ids")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoles")
     def app_roles(self) -> pulumi.Output[Optional[Sequence['outputs.ApplicationAppRole']]]:
         """
@@ -1686,66 +1761,55 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "app_roles")
 
-    @property
-    @pulumi.getter(name="applicationId")
-    def application_id(self) -> pulumi.Output[str]:
-        """
-        The Application ID (also called Client ID)
-        """
-        warnings.warn("""The `application_id` attribute has been replaced by the `client_id` attribute and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_id is deprecated: The `application_id` attribute has been replaced by the `client_id` attribute and will be removed in version 3.0 of the AzureAD provider""")
-
-        return pulumi.get(self, "application_id")
-
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientId")
-    def client_id(self) -> pulumi.Output[str]:
+    def client_id(self) -> pulumi.Output[_builtins.str]:
         """
         The Client ID for the application.
         """
         return pulumi.get(self, "client_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> pulumi.Output[Optional[str]]:
+    def description(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         A description of the application, as shown to end users.
         """
         return pulumi.get(self, "description")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="deviceOnlyAuthEnabled")
-    def device_only_auth_enabled(self) -> pulumi.Output[Optional[bool]]:
+    def device_only_auth_enabled(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies whether this application supports device authentication without a user. Defaults to `false`.
         """
         return pulumi.get(self, "device_only_auth_enabled")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disabledByMicrosoft")
-    def disabled_by_microsoft(self) -> pulumi.Output[str]:
+    def disabled_by_microsoft(self) -> pulumi.Output[_builtins.str]:
         """
         Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement`
         """
         return pulumi.get(self, "disabled_by_microsoft")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> pulumi.Output[str]:
+    def display_name(self) -> pulumi.Output[_builtins.str]:
         """
         The display name for the application.
         """
         return pulumi.get(self, "display_name")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="fallbackPublicClientEnabled")
-    def fallback_public_client_enabled(self) -> pulumi.Output[Optional[bool]]:
+    def fallback_public_client_enabled(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies whether the application is a public client. Appropriate for apps using token grant flows that don't use a redirect URI. Defaults to `false`.
         """
         return pulumi.get(self, "fallback_public_client_enabled")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="featureTags")
     def feature_tags(self) -> pulumi.Output[Sequence['outputs.ApplicationFeatureTag']]:
         """
@@ -1755,79 +1819,79 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "feature_tags")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="groupMembershipClaims")
-    def group_membership_claims(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def group_membership_claims(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
-        Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
+        A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.
         """
         return pulumi.get(self, "group_membership_claims")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="identifierUris")
-    def identifier_uris(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def identifier_uris(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
         """
         return pulumi.get(self, "identifier_uris")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="logoImage")
-    def logo_image(self) -> pulumi.Output[Optional[str]]:
+    def logo_image(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image.
         """
         return pulumi.get(self, "logo_image")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="logoUrl")
-    def logo_url(self) -> pulumi.Output[str]:
+    def logo_url(self) -> pulumi.Output[_builtins.str]:
         """
         CDN URL to the application's logo, as uploaded with the `logo_image` property.
         """
         return pulumi.get(self, "logo_url")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="marketingUrl")
-    def marketing_url(self) -> pulumi.Output[Optional[str]]:
+    def marketing_url(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         URL of the application's marketing page.
         """
         return pulumi.get(self, "marketing_url")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def notes(self) -> pulumi.Output[Optional[str]]:
+    def notes(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         User-specified notes relevant for the management of the application.
         """
         return pulumi.get(self, "notes")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PermissionScopeIds")
-    def oauth2_permission_scope_ids(self) -> pulumi.Output[Mapping[str, str]]:
+    def oauth2_permission_scope_ids(self) -> pulumi.Output[Mapping[str, _builtins.str]]:
         """
         A mapping of OAuth2.0 permission scope values to scope IDs, intended to be useful when referencing permission scopes in other resources in your configuration.
         """
         return pulumi.get(self, "oauth2_permission_scope_ids")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PostResponseRequired")
-    def oauth2_post_response_required(self) -> pulumi.Output[Optional[bool]]:
+    def oauth2_post_response_required(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. Defaults to `false`, which specifies that only GET requests are allowed.
         """
         return pulumi.get(self, "oauth2_post_response_required")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="objectId")
-    def object_id(self) -> pulumi.Output[str]:
+    def object_id(self) -> pulumi.Output[_builtins.str]:
         """
         The application's object ID.
         """
         return pulumi.get(self, "object_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="optionalClaims")
     def optional_claims(self) -> pulumi.Output[Optional['outputs.ApplicationOptionalClaims']]:
         """
@@ -1835,31 +1899,41 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "optional_claims")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def owners(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def owners(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         A list of object IDs of principals that will be granted ownership of the application
         """
         return pulumi.get(self, "owners")
 
-    @property
+    @_builtins.property
+    @pulumi.getter
+    def password(self) -> pulumi.Output[Optional['outputs.ApplicationPassword']]:
+        """
+        A single `password` block as documented below. The password is generated during creation. By default, no password is generated.
+
+        > **Creating a Password** The `password` block supports a single password for the application, and is provided so that a password can be generated when a new application is created. This helps to make new applications available for authentication more quickly. To add additional passwords to an application, see the ApplicationPassword resource.
+        """
+        return pulumi.get(self, "password")
+
+    @_builtins.property
     @pulumi.getter(name="preventDuplicateNames")
-    def prevent_duplicate_names(self) -> pulumi.Output[Optional[bool]]:
+    def prevent_duplicate_names(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         If `true`, will return an error if an existing application is found with the same name. Defaults to `false`.
         """
         return pulumi.get(self, "prevent_duplicate_names")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="privacyStatementUrl")
-    def privacy_statement_url(self) -> pulumi.Output[Optional[str]]:
+    def privacy_statement_url(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         URL of the application's privacy statement.
         """
         return pulumi.get(self, "privacy_statement_url")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="publicClient")
     def public_client(self) -> pulumi.Output[Optional['outputs.ApplicationPublicClient']]:
         """
@@ -1867,15 +1941,15 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "public_client")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="publisherDomain")
-    def publisher_domain(self) -> pulumi.Output[str]:
+    def publisher_domain(self) -> pulumi.Output[_builtins.str]:
         """
         The verified publisher domain for the application.
         """
         return pulumi.get(self, "publisher_domain")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requiredResourceAccesses")
     def required_resource_accesses(self) -> pulumi.Output[Optional[Sequence['outputs.ApplicationRequiredResourceAccess']]]:
         """
@@ -1883,17 +1957,17 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "required_resource_accesses")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="serviceManagementReference")
-    def service_management_reference(self) -> pulumi.Output[Optional[str]]:
+    def service_management_reference(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         References application context information from a Service or Asset Management database.
         """
         return pulumi.get(self, "service_management_reference")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="signInAudience")
-    def sign_in_audience(self) -> pulumi.Output[Optional[str]]:
+    def sign_in_audience(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`.
 
@@ -1901,7 +1975,7 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "sign_in_audience")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="singlePageApplication")
     def single_page_application(self) -> pulumi.Output[Optional['outputs.ApplicationSinglePageApplication']]:
         """
@@ -1909,17 +1983,17 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "single_page_application")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportUrl")
-    def support_url(self) -> pulumi.Output[Optional[str]]:
+    def support_url(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         URL of the application's support page.
         """
         return pulumi.get(self, "support_url")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def tags(self) -> pulumi.Output[Sequence[str]]:
+    def tags(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         A set of tags to apply to the application for configuring specific behaviours of the application and linked service principals. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
 
@@ -1927,9 +2001,9 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "tags")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="templateId")
-    def template_id(self) -> pulumi.Output[str]:
+    def template_id(self) -> pulumi.Output[_builtins.str]:
         """
         Unique ID for a templated application in the Azure AD App Gallery, from which to create the application. Changing this forces a new resource to be created.
 
@@ -1937,15 +2011,15 @@ class Application(pulumi.CustomResource):
         """
         return pulumi.get(self, "template_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="termsOfServiceUrl")
-    def terms_of_service_url(self) -> pulumi.Output[Optional[str]]:
+    def terms_of_service_url(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         URL of the application's terms of service statement.
         """
         return pulumi.get(self, "terms_of_service_url")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def web(self) -> pulumi.Output[Optional['outputs.ApplicationWeb']]:
         """