PyPI - pulumi-azuread - Versions diffs - 5.48.0a1706744699__py3-none-any.whl → 6.8.0a1766208344__py3-none-any.whl - Mend

pulumi-azuread 5.48.0a1706744699py3-none-any.whl → 6.8.0a1766208344py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pulumi-azuread might be problematic. Click here for more details.

Files changed (87) hide show

pulumi_azuread/__init__.py +48 -1
pulumi_azuread/_inputs.py +3803 -919
pulumi_azuread/_utilities.py +52 -12
pulumi_azuread/access_package.py +84 -78
pulumi_azuread/access_package_assignment_policy.py +202 -196
pulumi_azuread/access_package_catalog.py +82 -76
pulumi_azuread/access_package_catalog_role_assignment.py +73 -67
pulumi_azuread/access_package_resource_catalog_association.py +73 -67
pulumi_azuread/access_package_resource_package_association.py +79 -73
pulumi_azuread/administrative_unit.py +120 -100
pulumi_azuread/administrative_unit_member.py +66 -50
pulumi_azuread/administrative_unit_role_member.py +75 -69
pulumi_azuread/app_role_assignment.py +164 -264
pulumi_azuread/application.py +766 -692
pulumi_azuread/application_api_access.py +84 -80
pulumi_azuread/application_app_role.py +120 -116
pulumi_azuread/application_certificate.py +349 -211
pulumi_azuread/application_fallback_public_client.py +50 -44
pulumi_azuread/application_federated_identity_credential.py +142 -197
pulumi_azuread/application_from_template.py +90 -84
pulumi_azuread/application_identifier_uri.py +56 -52
pulumi_azuread/application_known_clients.py +50 -44
pulumi_azuread/application_optional_claims.py +87 -81
pulumi_azuread/application_owner.py +76 -42
pulumi_azuread/application_password.py +159 -205
pulumi_azuread/application_permission_scope.py +160 -156
pulumi_azuread/application_pre_authorized.py +120 -236
pulumi_azuread/application_redirect_uris.py +75 -69
pulumi_azuread/application_registration.py +315 -309
pulumi_azuread/authentication_strength_policy.py +73 -67
pulumi_azuread/claims_mapping_policy.py +48 -42
pulumi_azuread/conditional_access_policy.py +248 -232
pulumi_azuread/config/__init__.py +2 -1
pulumi_azuread/config/__init__.pyi +23 -17
pulumi_azuread/config/vars.py +47 -37
pulumi_azuread/custom_directory_role.py +128 -122
pulumi_azuread/directory_role.py +60 -54
pulumi_azuread/directory_role_assignment.py +194 -181
pulumi_azuread/directory_role_eligibility_schedule_request.py +86 -80
pulumi_azuread/directory_role_member.py +54 -48
pulumi_azuread/get_access_package.py +45 -31
pulumi_azuread/get_access_package_catalog.py +40 -27
pulumi_azuread/get_access_package_catalog_role.py +39 -25
pulumi_azuread/get_administrative_unit.py +42 -27
pulumi_azuread/get_application.py +135 -94
pulumi_azuread/get_application_published_app_ids.py +42 -47
pulumi_azuread/get_application_template.py +49 -33
pulumi_azuread/get_client_config.py +24 -15
pulumi_azuread/get_directory_object.py +32 -21
pulumi_azuread/get_directory_role_templates.py +20 -12
pulumi_azuread/get_directory_roles.py +23 -14
pulumi_azuread/get_domains.py +65 -46
pulumi_azuread/get_group.py +147 -88
pulumi_azuread/get_group_role_management_policy.py +178 -0
pulumi_azuread/get_groups.py +71 -51
pulumi_azuread/get_named_location.py +47 -22
pulumi_azuread/get_service_principal.py +108 -90
pulumi_azuread/get_service_principals.py +60 -64
pulumi_azuread/get_user.py +186 -118
pulumi_azuread/get_users.py +96 -53
pulumi_azuread/group.py +622 -464
pulumi_azuread/group_member.py +56 -50
pulumi_azuread/group_role_management_policy.py +544 -0
pulumi_azuread/group_without_members.py +1610 -0
pulumi_azuread/invitation.py +126 -120
pulumi_azuread/named_location.py +90 -76
pulumi_azuread/outputs.py +2844 -1308
pulumi_azuread/privileged_access_group_assignment_schedule.py +695 -0
pulumi_azuread/privileged_access_group_eligibility_schedule.py +695 -0
pulumi_azuread/provider.py +292 -246
pulumi_azuread/pulumi-plugin.json +2 -1
pulumi_azuread/service_principal.py +400 -461
pulumi_azuread/service_principal_certificate.py +230 -145
pulumi_azuread/service_principal_claims_mapping_policy_assignment.py +53 -47
pulumi_azuread/service_principal_delegated_permission_grant.py +146 -140
pulumi_azuread/service_principal_password.py +156 -141
pulumi_azuread/service_principal_token_signing_certificate.py +119 -124
pulumi_azuread/synchronization_job.py +105 -111
pulumi_azuread/synchronization_job_provision_on_demand.py +396 -0
pulumi_azuread/synchronization_secret.py +64 -70
pulumi_azuread/user.py +776 -730
pulumi_azuread/user_flow_attribute.py +76 -70
{pulumi_azuread-5.48.0a1706744699.dist-info → pulumi_azuread-6.8.0a1766208344.dist-info}/METADATA +21 -20
pulumi_azuread-6.8.0a1766208344.dist-info/RECORD +87 -0
{pulumi_azuread-5.48.0a1706744699.dist-info → pulumi_azuread-6.8.0a1766208344.dist-info}/WHEEL +1 -1
pulumi_azuread-5.48.0a1706744699.dist-info/RECORD +0 -81
{pulumi_azuread-5.48.0a1706744699.dist-info → pulumi_azuread-6.8.0a1766208344.dist-info}/top_level.txt +0 -0

pulumi_azuread/service_principal.py CHANGED Viewed

@@ -1,12 +1,17 @@
 # coding=utf-8
-# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
-import copy
+import builtins as _builtins
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 from . import outputs
 from ._inputs import *
@@ -16,58 +21,50 @@ __all__ = ['ServicePrincipalArgs', 'ServicePrincipal']
 @pulumi.input_type
 class ServicePrincipalArgs:
     def __init__(__self__, *,
-                 account_enabled: Optional[pulumi.Input[bool]] = None,
-                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 app_role_assignment_required: Optional[pulumi.Input[bool]] = None,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
+                 client_id: pulumi.Input[_builtins.str],
+                 account_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 app_role_assignment_required: Optional[pulumi.Input[_builtins.bool]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
                  feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]]] = None,
                  features: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]]] = None,
-                 login_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 preferred_single_sign_on_mode: Optional[pulumi.Input[str]] = None,
+                 login_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 preferred_single_sign_on_mode: Optional[pulumi.Input[_builtins.str]] = None,
                  saml_single_sign_on: Optional[pulumi.Input['ServicePrincipalSamlSingleSignOnArgs']] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 use_existing: Optional[pulumi.Input[bool]] = None):
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 use_existing: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         The set of arguments for constructing a ServicePrincipal resource.
-        :param pulumi.Input[bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
-        :param pulumi.Input[bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
-        :param pulumi.Input[str] application_id: The application ID (client ID) of the application for which to create a service principal
-        :param pulumi.Input[str] client_id: The client ID of the application for which to create a service principal.
-        :param pulumi.Input[str] description: A description of the service principal provided for internal end-users.
+        :param pulumi.Input[_builtins.str] client_id: The client ID of the application for which to create a service principal.
+        :param pulumi.Input[_builtins.bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
+        :param pulumi.Input[_builtins.bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] description: A description of the service principal provided for internal end-users.
         :param pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                > **Features and Tags** Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Any tags configured for the linked application will propagate to this service principal.
         :param pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]] features: Block of features to configure for this service principal using tags
-        :param pulumi.Input[str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
-        :param pulumi.Input[str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
-        :param pulumi.Input[str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
+        :param pulumi.Input[_builtins.str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
+        :param pulumi.Input[_builtins.str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
+        :param pulumi.Input[_builtins.str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
         :param pulumi.Input['ServicePrincipalSamlSingleSignOnArgs'] saml_single_sign_on: A `saml_single_sign_on` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values set for the linked application will also propagate to this service principal.
-        :param pulumi.Input[bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
+        :param pulumi.Input[_builtins.bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
         """
+        pulumi.set(__self__, "client_id", client_id)
         if account_enabled is not None:
             pulumi.set(__self__, "account_enabled", account_enabled)
         if alternative_names is not None:
             pulumi.set(__self__, "alternative_names", alternative_names)
         if app_role_assignment_required is not None:
             pulumi.set(__self__, "app_role_assignment_required", app_role_assignment_required)
-        if application_id is not None:
-            warnings.warn("""The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-            pulumi.log.warn("""application_id is deprecated: The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""")
-        if application_id is not None:
-            pulumi.set(__self__, "application_id", application_id)
-        if client_id is not None:
-            pulumi.set(__self__, "client_id", client_id)
         if description is not None:
             pulumi.set(__self__, "description", description)
         if feature_tags is not None:
@@ -94,82 +91,67 @@ class ServicePrincipalArgs:
         if use_existing is not None:
             pulumi.set(__self__, "use_existing", use_existing)
-    @property
+    @_builtins.property
+    @pulumi.getter(name="clientId")
+    def client_id(self) -> pulumi.Input[_builtins.str]:
+        """
+        The client ID of the application for which to create a service principal.
+        """
+        return pulumi.get(self, "client_id")
+    @client_id.setter
+    def client_id(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "client_id", value)
+    @_builtins.property
     @pulumi.getter(name="accountEnabled")
-    def account_enabled(self) -> Optional[pulumi.Input[bool]]:
+    def account_enabled(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the service principal account is enabled. Defaults to `true`.
         """
         return pulumi.get(self, "account_enabled")
     @account_enabled.setter
-    def account_enabled(self, value: Optional[pulumi.Input[bool]]):
+    def account_enabled(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "account_enabled", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="alternativeNames")
-    def alternative_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def alternative_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
         """
         return pulumi.get(self, "alternative_names")
     @alternative_names.setter
-    def alternative_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def alternative_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "alternative_names", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoleAssignmentRequired")
-    def app_role_assignment_required(self) -> Optional[pulumi.Input[bool]]:
+    def app_role_assignment_required(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
         """
         return pulumi.get(self, "app_role_assignment_required")
     @app_role_assignment_required.setter
-    def app_role_assignment_required(self, value: Optional[pulumi.Input[bool]]):
+    def app_role_assignment_required(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "app_role_assignment_required", value)
-    @property
-    @pulumi.getter(name="applicationId")
-    def application_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        The application ID (client ID) of the application for which to create a service principal
-        """
-        warnings.warn("""The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_id is deprecated: The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""")
-        return pulumi.get(self, "application_id")
-    @application_id.setter
-    def application_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "application_id", value)
-    @property
-    @pulumi.getter(name="clientId")
-    def client_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        The client ID of the application for which to create a service principal.
-        """
-        return pulumi.get(self, "client_id")
-    @client_id.setter
-    def client_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "client_id", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A description of the service principal provided for internal end-users.
         """
         return pulumi.get(self, "description")
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="featureTags")
     def feature_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]]]:
         """
@@ -183,82 +165,80 @@ class ServicePrincipalArgs:
     def feature_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]]]):
         pulumi.set(self, "feature_tags", value)
-    @property
+    @_builtins.property
     @pulumi.getter
+    @_utilities.deprecated("""This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""")
     def features(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]]]:
         """
         Block of features to configure for this service principal using tags
         """
-        warnings.warn("""This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""", DeprecationWarning)
-        pulumi.log.warn("""features is deprecated: This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""")
         return pulumi.get(self, "features")
     @features.setter
     def features(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]]]):
         pulumi.set(self, "features", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="loginUrl")
-    def login_url(self) -> Optional[pulumi.Input[str]]:
+    def login_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
         """
         return pulumi.get(self, "login_url")
     @login_url.setter
-    def login_url(self, value: Optional[pulumi.Input[str]]):
+    def login_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "login_url", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def notes(self) -> Optional[pulumi.Input[str]]:
+    def notes(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A free text field to capture information about the service principal, typically used for operational purposes.
         """
         return pulumi.get(self, "notes")
     @notes.setter
-    def notes(self, value: Optional[pulumi.Input[str]]):
+    def notes(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "notes", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="notificationEmailAddresses")
-    def notification_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def notification_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
         """
         return pulumi.get(self, "notification_email_addresses")
     @notification_email_addresses.setter
-    def notification_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def notification_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "notification_email_addresses", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of object IDs of principals that will be granted ownership of the service principal
         """
         return pulumi.get(self, "owners")
     @owners.setter
-    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "owners", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="preferredSingleSignOnMode")
-    def preferred_single_sign_on_mode(self) -> Optional[pulumi.Input[str]]:
+    def preferred_single_sign_on_mode(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
         """
         return pulumi.get(self, "preferred_single_sign_on_mode")
     @preferred_single_sign_on_mode.setter
-    def preferred_single_sign_on_mode(self, value: Optional[pulumi.Input[str]]):
+    def preferred_single_sign_on_mode(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "preferred_single_sign_on_mode", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="samlSingleSignOn")
     def saml_single_sign_on(self) -> Optional[pulumi.Input['ServicePrincipalSamlSingleSignOnArgs']]:
         """
@@ -270,9 +250,9 @@ class ServicePrincipalArgs:
     def saml_single_sign_on(self, value: Optional[pulumi.Input['ServicePrincipalSamlSingleSignOnArgs']]):
         pulumi.set(self, "saml_single_sign_on", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
@@ -281,91 +261,89 @@ class ServicePrincipalArgs:
         return pulumi.get(self, "tags")
     @tags.setter
-    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "tags", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="useExisting")
-    def use_existing(self) -> Optional[pulumi.Input[bool]]:
+    def use_existing(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         When true, the resource will return an existing service principal instead of failing with an error
         """
         return pulumi.get(self, "use_existing")
     @use_existing.setter
-    def use_existing(self, value: Optional[pulumi.Input[bool]]):
+    def use_existing(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_existing", value)
 @pulumi.input_type
 class _ServicePrincipalState:
     def __init__(__self__, *,
-                 account_enabled: Optional[pulumi.Input[bool]] = None,
-                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 app_role_assignment_required: Optional[pulumi.Input[bool]] = None,
-                 app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 account_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 app_role_assignment_required: Optional[pulumi.Input[_builtins.bool]] = None,
+                 app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
                  app_roles: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalAppRoleArgs']]]] = None,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 application_tenant_id: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 display_name: Optional[pulumi.Input[str]] = None,
+                 application_tenant_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 client_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
                  feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]]] = None,
                  features: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]]] = None,
-                 homepage_url: Optional[pulumi.Input[str]] = None,
-                 login_url: Optional[pulumi.Input[str]] = None,
-                 logout_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 homepage_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 login_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 logout_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
                  oauth2_permission_scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalOauth2PermissionScopeArgs']]]] = None,
-                 object_id: Optional[pulumi.Input[str]] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 preferred_single_sign_on_mode: Optional[pulumi.Input[str]] = None,
-                 redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 saml_metadata_url: Optional[pulumi.Input[str]] = None,
+                 object_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 preferred_single_sign_on_mode: Optional[pulumi.Input[_builtins.str]] = None,
+                 redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 saml_metadata_url: Optional[pulumi.Input[_builtins.str]] = None,
                  saml_single_sign_on: Optional[pulumi.Input['ServicePrincipalSamlSingleSignOnArgs']] = None,
-                 service_principal_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 sign_in_audience: Optional[pulumi.Input[str]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 type: Optional[pulumi.Input[str]] = None,
-                 use_existing: Optional[pulumi.Input[bool]] = None):
+                 service_principal_names: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 sign_in_audience: Optional[pulumi.Input[_builtins.str]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_existing: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         Input properties used for looking up and filtering ServicePrincipal resources.
-        :param pulumi.Input[bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
-        :param pulumi.Input[bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] app_role_ids: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
+        :param pulumi.Input[_builtins.bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
+        :param pulumi.Input[_builtins.bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] app_role_ids: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
         :param pulumi.Input[Sequence[pulumi.Input['ServicePrincipalAppRoleArgs']]] app_roles: A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
-        :param pulumi.Input[str] application_id: The application ID (client ID) of the application for which to create a service principal
-        :param pulumi.Input[str] application_tenant_id: The tenant ID where the associated application is registered.
-        :param pulumi.Input[str] client_id: The client ID of the application for which to create a service principal.
-        :param pulumi.Input[str] description: A description of the service principal provided for internal end-users.
-        :param pulumi.Input[str] display_name: Display name for the app role that appears during app role assignment and in consent experiences.
+        :param pulumi.Input[_builtins.str] application_tenant_id: The tenant ID where the associated application is registered.
+        :param pulumi.Input[_builtins.str] client_id: The client ID of the application for which to create a service principal.
+        :param pulumi.Input[_builtins.str] description: A description of the service principal provided for internal end-users.
+        :param pulumi.Input[_builtins.str] display_name: Display name for the app role that appears during app role assignment and in consent experiences.
         :param pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                > **Features and Tags** Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Any tags configured for the linked application will propagate to this service principal.
         :param pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]] features: Block of features to configure for this service principal using tags
-        :param pulumi.Input[str] homepage_url: Home page or landing page of the associated application.
-        :param pulumi.Input[str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
-        :param pulumi.Input[str] logout_url: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
-        :param pulumi.Input[str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
+        :param pulumi.Input[_builtins.str] homepage_url: Home page or landing page of the associated application.
+        :param pulumi.Input[_builtins.str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
+        :param pulumi.Input[_builtins.str] logout_url: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
+        :param pulumi.Input[_builtins.str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
         :param pulumi.Input[Sequence[pulumi.Input['ServicePrincipalOauth2PermissionScopeArgs']]] oauth2_permission_scopes: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
-        :param pulumi.Input[str] object_id: The object ID of the service principal.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
-        :param pulumi.Input[str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] redirect_uris: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
-        :param pulumi.Input[str] saml_metadata_url: The URL where the service exposes SAML metadata for federation.
+        :param pulumi.Input[_builtins.str] object_id: The object ID of the service principal.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
+        :param pulumi.Input[_builtins.str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] redirect_uris: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
+        :param pulumi.Input[_builtins.str] saml_metadata_url: The URL where the service exposes SAML metadata for federation.
         :param pulumi.Input['ServicePrincipalSamlSingleSignOnArgs'] saml_single_sign_on: A `saml_single_sign_on` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] service_principal_names: A list of identifier URI(s), copied over from the associated application.
-        :param pulumi.Input[str] sign_in_audience: The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] service_principal_names: A list of identifier URI(s), copied over from the associated application.
+        :param pulumi.Input[_builtins.str] sign_in_audience: The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values set for the linked application will also propagate to this service principal.
-        :param pulumi.Input[str] type: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.
-        :param pulumi.Input[bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
+        :param pulumi.Input[_builtins.str] type: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.
+        :param pulumi.Input[_builtins.bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
         """
         if account_enabled is not None:
             pulumi.set(__self__, "account_enabled", account_enabled)
@@ -377,11 +355,6 @@ class _ServicePrincipalState:
             pulumi.set(__self__, "app_role_ids", app_role_ids)
         if app_roles is not None:
             pulumi.set(__self__, "app_roles", app_roles)
-        if application_id is not None:
-            warnings.warn("""The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-            pulumi.log.warn("""application_id is deprecated: The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""")
-        if application_id is not None:
-            pulumi.set(__self__, "application_id", application_id)
         if application_tenant_id is not None:
             pulumi.set(__self__, "application_tenant_id", application_tenant_id)
         if client_id is not None:
@@ -434,55 +407,55 @@ class _ServicePrincipalState:
         if use_existing is not None:
             pulumi.set(__self__, "use_existing", use_existing)
-    @property
+    @_builtins.property
     @pulumi.getter(name="accountEnabled")
-    def account_enabled(self) -> Optional[pulumi.Input[bool]]:
+    def account_enabled(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the service principal account is enabled. Defaults to `true`.
         """
         return pulumi.get(self, "account_enabled")
     @account_enabled.setter
-    def account_enabled(self, value: Optional[pulumi.Input[bool]]):
+    def account_enabled(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "account_enabled", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="alternativeNames")
-    def alternative_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def alternative_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
         """
         return pulumi.get(self, "alternative_names")
     @alternative_names.setter
-    def alternative_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def alternative_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "alternative_names", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoleAssignmentRequired")
-    def app_role_assignment_required(self) -> Optional[pulumi.Input[bool]]:
+    def app_role_assignment_required(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
         """
         return pulumi.get(self, "app_role_assignment_required")
     @app_role_assignment_required.setter
-    def app_role_assignment_required(self, value: Optional[pulumi.Input[bool]]):
+    def app_role_assignment_required(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "app_role_assignment_required", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoleIds")
-    def app_role_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def app_role_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
         """
         return pulumi.get(self, "app_role_ids")
     @app_role_ids.setter
-    def app_role_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def app_role_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "app_role_ids", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoles")
     def app_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalAppRoleArgs']]]]:
         """
@@ -494,70 +467,55 @@ class _ServicePrincipalState:
     def app_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalAppRoleArgs']]]]):
         pulumi.set(self, "app_roles", value)
-    @property
-    @pulumi.getter(name="applicationId")
-    def application_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        The application ID (client ID) of the application for which to create a service principal
-        """
-        warnings.warn("""The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_id is deprecated: The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""")
-        return pulumi.get(self, "application_id")
-    @application_id.setter
-    def application_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "application_id", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationTenantId")
-    def application_tenant_id(self) -> Optional[pulumi.Input[str]]:
+    def application_tenant_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The tenant ID where the associated application is registered.
         """
         return pulumi.get(self, "application_tenant_id")
     @application_tenant_id.setter
-    def application_tenant_id(self, value: Optional[pulumi.Input[str]]):
+    def application_tenant_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "application_tenant_id", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientId")
-    def client_id(self) -> Optional[pulumi.Input[str]]:
+    def client_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The client ID of the application for which to create a service principal.
         """
         return pulumi.get(self, "client_id")
     @client_id.setter
-    def client_id(self, value: Optional[pulumi.Input[str]]):
+    def client_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "client_id", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A description of the service principal provided for internal end-users.
         """
         return pulumi.get(self, "description")
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "description", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> Optional[pulumi.Input[str]]:
+    def display_name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Display name for the app role that appears during app role assignment and in consent experiences.
         """
         return pulumi.get(self, "display_name")
     @display_name.setter
-    def display_name(self, value: Optional[pulumi.Input[str]]):
+    def display_name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "display_name", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="featureTags")
     def feature_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]]]:
         """
@@ -571,94 +529,92 @@ class _ServicePrincipalState:
     def feature_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureTagArgs']]]]):
         pulumi.set(self, "feature_tags", value)
-    @property
+    @_builtins.property
     @pulumi.getter
+    @_utilities.deprecated("""This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""")
     def features(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]]]:
         """
         Block of features to configure for this service principal using tags
         """
-        warnings.warn("""This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""", DeprecationWarning)
-        pulumi.log.warn("""features is deprecated: This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""")
         return pulumi.get(self, "features")
     @features.setter
     def features(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalFeatureArgs']]]]):
         pulumi.set(self, "features", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="homepageUrl")
-    def homepage_url(self) -> Optional[pulumi.Input[str]]:
+    def homepage_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Home page or landing page of the associated application.
         """
         return pulumi.get(self, "homepage_url")
     @homepage_url.setter
-    def homepage_url(self, value: Optional[pulumi.Input[str]]):
+    def homepage_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "homepage_url", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="loginUrl")
-    def login_url(self) -> Optional[pulumi.Input[str]]:
+    def login_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
         """
         return pulumi.get(self, "login_url")
     @login_url.setter
-    def login_url(self, value: Optional[pulumi.Input[str]]):
+    def login_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "login_url", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="logoutUrl")
-    def logout_url(self) -> Optional[pulumi.Input[str]]:
+    def logout_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
         """
         return pulumi.get(self, "logout_url")
     @logout_url.setter
-    def logout_url(self, value: Optional[pulumi.Input[str]]):
+    def logout_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "logout_url", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def notes(self) -> Optional[pulumi.Input[str]]:
+    def notes(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A free text field to capture information about the service principal, typically used for operational purposes.
         """
         return pulumi.get(self, "notes")
     @notes.setter
-    def notes(self, value: Optional[pulumi.Input[str]]):
+    def notes(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "notes", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="notificationEmailAddresses")
-    def notification_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def notification_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
         """
         return pulumi.get(self, "notification_email_addresses")
     @notification_email_addresses.setter
-    def notification_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def notification_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "notification_email_addresses", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PermissionScopeIds")
-    def oauth2_permission_scope_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def oauth2_permission_scope_ids(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
         """
         return pulumi.get(self, "oauth2_permission_scope_ids")
     @oauth2_permission_scope_ids.setter
-    def oauth2_permission_scope_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def oauth2_permission_scope_ids(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "oauth2_permission_scope_ids", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PermissionScopes")
     def oauth2_permission_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalOauth2PermissionScopeArgs']]]]:
         """
@@ -670,67 +626,67 @@ class _ServicePrincipalState:
     def oauth2_permission_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePrincipalOauth2PermissionScopeArgs']]]]):
         pulumi.set(self, "oauth2_permission_scopes", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="objectId")
-    def object_id(self) -> Optional[pulumi.Input[str]]:
+    def object_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The object ID of the service principal.
         """
         return pulumi.get(self, "object_id")
     @object_id.setter
-    def object_id(self, value: Optional[pulumi.Input[str]]):
+    def object_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "object_id", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def owners(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of object IDs of principals that will be granted ownership of the service principal
         """
         return pulumi.get(self, "owners")
     @owners.setter
-    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def owners(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "owners", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="preferredSingleSignOnMode")
-    def preferred_single_sign_on_mode(self) -> Optional[pulumi.Input[str]]:
+    def preferred_single_sign_on_mode(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
         """
         return pulumi.get(self, "preferred_single_sign_on_mode")
     @preferred_single_sign_on_mode.setter
-    def preferred_single_sign_on_mode(self, value: Optional[pulumi.Input[str]]):
+    def preferred_single_sign_on_mode(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "preferred_single_sign_on_mode", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="redirectUris")
-    def redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
         """
         return pulumi.get(self, "redirect_uris")
     @redirect_uris.setter
-    def redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "redirect_uris", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="samlMetadataUrl")
-    def saml_metadata_url(self) -> Optional[pulumi.Input[str]]:
+    def saml_metadata_url(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The URL where the service exposes SAML metadata for federation.
         """
         return pulumi.get(self, "saml_metadata_url")
     @saml_metadata_url.setter
-    def saml_metadata_url(self, value: Optional[pulumi.Input[str]]):
+    def saml_metadata_url(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "saml_metadata_url", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="samlSingleSignOn")
     def saml_single_sign_on(self) -> Optional[pulumi.Input['ServicePrincipalSamlSingleSignOnArgs']]:
         """
@@ -742,33 +698,33 @@ class _ServicePrincipalState:
     def saml_single_sign_on(self, value: Optional[pulumi.Input['ServicePrincipalSamlSingleSignOnArgs']]):
         pulumi.set(self, "saml_single_sign_on", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="servicePrincipalNames")
-    def service_principal_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def service_principal_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of identifier URI(s), copied over from the associated application.
         """
         return pulumi.get(self, "service_principal_names")
     @service_principal_names.setter
-    def service_principal_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def service_principal_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "service_principal_names", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="signInAudience")
-    def sign_in_audience(self) -> Optional[pulumi.Input[str]]:
+    def sign_in_audience(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.
         """
         return pulumi.get(self, "sign_in_audience")
     @sign_in_audience.setter
-    def sign_in_audience(self, value: Optional[pulumi.Input[str]]):
+    def sign_in_audience(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "sign_in_audience", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
@@ -777,55 +733,55 @@ class _ServicePrincipalState:
         return pulumi.get(self, "tags")
     @tags.setter
-    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "tags", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.
         """
         return pulumi.get(self, "type")
     @type.setter
-    def type(self, value: Optional[pulumi.Input[str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="useExisting")
-    def use_existing(self) -> Optional[pulumi.Input[bool]]:
+    def use_existing(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         When true, the resource will return an existing service principal instead of failing with an error
         """
         return pulumi.get(self, "use_existing")
     @use_existing.setter
-    def use_existing(self, value: Optional[pulumi.Input[bool]]):
+    def use_existing(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_existing", value)
+@pulumi.type_token("azuread:index/servicePrincipal:ServicePrincipal")
 class ServicePrincipal(pulumi.CustomResource):
     @overload
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 account_enabled: Optional[pulumi.Input[bool]] = None,
-                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 app_role_assignment_required: Optional[pulumi.Input[bool]] = None,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureTagArgs']]]]] = None,
-                 features: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureArgs']]]]] = None,
-                 login_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 preferred_single_sign_on_mode: Optional[pulumi.Input[str]] = None,
-                 saml_single_sign_on: Optional[pulumi.Input[pulumi.InputType['ServicePrincipalSamlSingleSignOnArgs']]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 use_existing: Optional[pulumi.Input[bool]] = None,
+                 account_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 app_role_assignment_required: Optional[pulumi.Input[_builtins.bool]] = None,
+                 client_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureTagArgs', 'ServicePrincipalFeatureTagArgsDict']]]]] = None,
+                 features: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureArgs', 'ServicePrincipalFeatureArgsDict']]]]] = None,
+                 login_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 preferred_single_sign_on_mode: Optional[pulumi.Input[_builtins.str]] = None,
+                 saml_single_sign_on: Optional[pulumi.Input[Union['ServicePrincipalSamlSingleSignOnArgs', 'ServicePrincipalSamlSingleSignOnArgsDict']]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 use_existing: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -837,11 +793,11 @@ class ServicePrincipal(pulumi.CustomResource):
         import pulumi_azuread as azuread
         current = azuread.get_client_config()
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.Application("example",
             display_name="example",
             owners=[current.object_id])
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
-            client_id=example_application.client_id,
+        example_service_principal = azuread.ServicePrincipal("example",
+            client_id=example.client_id,
             app_role_assignment_required=False,
             owners=[current.object_id])
         ```
@@ -853,17 +809,17 @@ class ServicePrincipal(pulumi.CustomResource):
         import pulumi_azuread as azuread
         current = azuread.get_client_config()
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.Application("example",
             display_name="example",
             owners=[current.object_id])
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
-            client_id=example_application.client_id,
+        example_service_principal = azuread.ServicePrincipal("example",
+            client_id=example.client_id,
             app_role_assignment_required=False,
             owners=[current.object_id],
-            feature_tags=[azuread.ServicePrincipalFeatureTagArgs(
-                enterprise=True,
-                gallery=True,
-            )])
+            feature_tags=[{
+                "enterprise": True,
+                "gallery": True,
+            }])
         ```
         *Manage a service principal for a first-party Microsoft application*
@@ -874,7 +830,7 @@ class ServicePrincipal(pulumi.CustomResource):
         well_known = azuread.get_application_published_app_ids()
         msgraph = azuread.ServicePrincipal("msgraph",
-            client_id=well_known.result["MicrosoftGraph"],
+            client_id=well_known.result["microsoftGraph"],
             use_existing=True)
         ```
@@ -884,11 +840,11 @@ class ServicePrincipal(pulumi.CustomResource):
         import pulumi
         import pulumi_azuread as azuread
-        example_application_template = azuread.get_application_template(display_name="Marketo")
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.get_application_template(display_name="Marketo")
+        example_application = azuread.Application("example",
             display_name="example",
-            template_id=example_application_template.template_id)
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
+            template_id=example.template_id)
+        example_service_principal = azuread.ServicePrincipal("example",
             client_id=example_application.client_id,
             use_existing=True)
         ```
@@ -898,37 +854,36 @@ class ServicePrincipal(pulumi.CustomResource):
         Service principals can be imported using their object ID, e.g.
         ```sh
-         $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000
+        $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000
         ```
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
-        :param pulumi.Input[bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
-        :param pulumi.Input[str] application_id: The application ID (client ID) of the application for which to create a service principal
-        :param pulumi.Input[str] client_id: The client ID of the application for which to create a service principal.
-        :param pulumi.Input[str] description: A description of the service principal provided for internal end-users.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureTagArgs']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
+        :param pulumi.Input[_builtins.bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
+        :param pulumi.Input[_builtins.bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
+        :param pulumi.Input[_builtins.str] client_id: The client ID of the application for which to create a service principal.
+        :param pulumi.Input[_builtins.str] description: A description of the service principal provided for internal end-users.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureTagArgs', 'ServicePrincipalFeatureTagArgsDict']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                > **Features and Tags** Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Any tags configured for the linked application will propagate to this service principal.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureArgs']]]] features: Block of features to configure for this service principal using tags
-        :param pulumi.Input[str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
-        :param pulumi.Input[str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
-        :param pulumi.Input[str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
-        :param pulumi.Input[pulumi.InputType['ServicePrincipalSamlSingleSignOnArgs']] saml_single_sign_on: A `saml_single_sign_on` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureArgs', 'ServicePrincipalFeatureArgsDict']]]] features: Block of features to configure for this service principal using tags
+        :param pulumi.Input[_builtins.str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
+        :param pulumi.Input[_builtins.str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
+        :param pulumi.Input[_builtins.str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
+        :param pulumi.Input[Union['ServicePrincipalSamlSingleSignOnArgs', 'ServicePrincipalSamlSingleSignOnArgsDict']] saml_single_sign_on: A `saml_single_sign_on` block as documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values set for the linked application will also propagate to this service principal.
-        :param pulumi.Input[bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
+        :param pulumi.Input[_builtins.bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
         """
         ...
     @overload
     def __init__(__self__,
                  resource_name: str,
-                 args: Optional[ServicePrincipalArgs] = None,
+                 args: ServicePrincipalArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
         ## Example Usage
@@ -940,11 +895,11 @@ class ServicePrincipal(pulumi.CustomResource):
         import pulumi_azuread as azuread
         current = azuread.get_client_config()
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.Application("example",
             display_name="example",
             owners=[current.object_id])
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
-            client_id=example_application.client_id,
+        example_service_principal = azuread.ServicePrincipal("example",
+            client_id=example.client_id,
             app_role_assignment_required=False,
             owners=[current.object_id])
         ```
@@ -956,17 +911,17 @@ class ServicePrincipal(pulumi.CustomResource):
         import pulumi_azuread as azuread
         current = azuread.get_client_config()
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.Application("example",
             display_name="example",
             owners=[current.object_id])
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
-            client_id=example_application.client_id,
+        example_service_principal = azuread.ServicePrincipal("example",
+            client_id=example.client_id,
             app_role_assignment_required=False,
             owners=[current.object_id],
-            feature_tags=[azuread.ServicePrincipalFeatureTagArgs(
-                enterprise=True,
-                gallery=True,
-            )])
+            feature_tags=[{
+                "enterprise": True,
+                "gallery": True,
+            }])
         ```
         *Manage a service principal for a first-party Microsoft application*
@@ -977,7 +932,7 @@ class ServicePrincipal(pulumi.CustomResource):
         well_known = azuread.get_application_published_app_ids()
         msgraph = azuread.ServicePrincipal("msgraph",
-            client_id=well_known.result["MicrosoftGraph"],
+            client_id=well_known.result["microsoftGraph"],
             use_existing=True)
         ```
@@ -987,11 +942,11 @@ class ServicePrincipal(pulumi.CustomResource):
         import pulumi
         import pulumi_azuread as azuread
-        example_application_template = azuread.get_application_template(display_name="Marketo")
-        example_application = azuread.Application("exampleApplication",
+        example = azuread.get_application_template(display_name="Marketo")
+        example_application = azuread.Application("example",
             display_name="example",
-            template_id=example_application_template.template_id)
-        example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
+            template_id=example.template_id)
+        example_service_principal = azuread.ServicePrincipal("example",
             client_id=example_application.client_id,
             use_existing=True)
         ```
@@ -1001,7 +956,7 @@ class ServicePrincipal(pulumi.CustomResource):
         Service principals can be imported using their object ID, e.g.
         ```sh
-         $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example 00000000-0000-0000-0000-000000000000
+        $ pulumi import azuread:index/servicePrincipal:ServicePrincipal example /servicePrincipals/00000000-0000-0000-0000-000000000000
         ```
         :param str resource_name: The name of the resource.
@@ -1019,22 +974,21 @@ class ServicePrincipal(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 account_enabled: Optional[pulumi.Input[bool]] = None,
-                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 app_role_assignment_required: Optional[pulumi.Input[bool]] = None,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureTagArgs']]]]] = None,
-                 features: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureArgs']]]]] = None,
-                 login_url: Optional[pulumi.Input[str]] = None,
-                 notes: Optional[pulumi.Input[str]] = None,
-                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 preferred_single_sign_on_mode: Optional[pulumi.Input[str]] = None,
-                 saml_single_sign_on: Optional[pulumi.Input[pulumi.InputType['ServicePrincipalSamlSingleSignOnArgs']]] = None,
-                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 use_existing: Optional[pulumi.Input[bool]] = None,
+                 account_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 app_role_assignment_required: Optional[pulumi.Input[_builtins.bool]] = None,
+                 client_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 description: Optional[pulumi.Input[_builtins.str]] = None,
+                 feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureTagArgs', 'ServicePrincipalFeatureTagArgsDict']]]]] = None,
+                 features: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureArgs', 'ServicePrincipalFeatureArgsDict']]]]] = None,
+                 login_url: Optional[pulumi.Input[_builtins.str]] = None,
+                 notes: Optional[pulumi.Input[_builtins.str]] = None,
+                 notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 preferred_single_sign_on_mode: Optional[pulumi.Input[_builtins.str]] = None,
+                 saml_single_sign_on: Optional[pulumi.Input[Union['ServicePrincipalSamlSingleSignOnArgs', 'ServicePrincipalSamlSingleSignOnArgsDict']]] = None,
+                 tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 use_existing: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1047,7 +1001,8 @@ class ServicePrincipal(pulumi.CustomResource):
             __props__.__dict__["account_enabled"] = account_enabled
             __props__.__dict__["alternative_names"] = alternative_names
             __props__.__dict__["app_role_assignment_required"] = app_role_assignment_required
-            __props__.__dict__["application_id"] = application_id
+            if client_id is None and not opts.urn:
+                raise TypeError("Missing required property 'client_id'")
             __props__.__dict__["client_id"] = client_id
             __props__.__dict__["description"] = description
             __props__.__dict__["feature_tags"] = feature_tags
@@ -1084,36 +1039,35 @@ class ServicePrincipal(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            account_enabled: Optional[pulumi.Input[bool]] = None,
-            alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            app_role_assignment_required: Optional[pulumi.Input[bool]] = None,
-            app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-            app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalAppRoleArgs']]]]] = None,
-            application_id: Optional[pulumi.Input[str]] = None,
-            application_tenant_id: Optional[pulumi.Input[str]] = None,
-            client_id: Optional[pulumi.Input[str]] = None,
-            description: Optional[pulumi.Input[str]] = None,
-            display_name: Optional[pulumi.Input[str]] = None,
-            feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureTagArgs']]]]] = None,
-            features: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureArgs']]]]] = None,
-            homepage_url: Optional[pulumi.Input[str]] = None,
-            login_url: Optional[pulumi.Input[str]] = None,
-            logout_url: Optional[pulumi.Input[str]] = None,
-            notes: Optional[pulumi.Input[str]] = None,
-            notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-            oauth2_permission_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalOauth2PermissionScopeArgs']]]]] = None,
-            object_id: Optional[pulumi.Input[str]] = None,
-            owners: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            preferred_single_sign_on_mode: Optional[pulumi.Input[str]] = None,
-            redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            saml_metadata_url: Optional[pulumi.Input[str]] = None,
-            saml_single_sign_on: Optional[pulumi.Input[pulumi.InputType['ServicePrincipalSamlSingleSignOnArgs']]] = None,
-            service_principal_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            sign_in_audience: Optional[pulumi.Input[str]] = None,
-            tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            type: Optional[pulumi.Input[str]] = None,
-            use_existing: Optional[pulumi.Input[bool]] = None) -> 'ServicePrincipal':
+            account_enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+            alternative_names: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            app_role_assignment_required: Optional[pulumi.Input[_builtins.bool]] = None,
+            app_role_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            app_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalAppRoleArgs', 'ServicePrincipalAppRoleArgsDict']]]]] = None,
+            application_tenant_id: Optional[pulumi.Input[_builtins.str]] = None,
+            client_id: Optional[pulumi.Input[_builtins.str]] = None,
+            description: Optional[pulumi.Input[_builtins.str]] = None,
+            display_name: Optional[pulumi.Input[_builtins.str]] = None,
+            feature_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureTagArgs', 'ServicePrincipalFeatureTagArgsDict']]]]] = None,
+            features: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureArgs', 'ServicePrincipalFeatureArgsDict']]]]] = None,
+            homepage_url: Optional[pulumi.Input[_builtins.str]] = None,
+            login_url: Optional[pulumi.Input[_builtins.str]] = None,
+            logout_url: Optional[pulumi.Input[_builtins.str]] = None,
+            notes: Optional[pulumi.Input[_builtins.str]] = None,
+            notification_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            oauth2_permission_scope_ids: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            oauth2_permission_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalOauth2PermissionScopeArgs', 'ServicePrincipalOauth2PermissionScopeArgsDict']]]]] = None,
+            object_id: Optional[pulumi.Input[_builtins.str]] = None,
+            owners: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            preferred_single_sign_on_mode: Optional[pulumi.Input[_builtins.str]] = None,
+            redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            saml_metadata_url: Optional[pulumi.Input[_builtins.str]] = None,
+            saml_single_sign_on: Optional[pulumi.Input[Union['ServicePrincipalSamlSingleSignOnArgs', 'ServicePrincipalSamlSingleSignOnArgsDict']]] = None,
+            service_principal_names: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            sign_in_audience: Optional[pulumi.Input[_builtins.str]] = None,
+            tags: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            type: Optional[pulumi.Input[_builtins.str]] = None,
+            use_existing: Optional[pulumi.Input[_builtins.bool]] = None) -> 'ServicePrincipal':
         """
         Get an existing ServicePrincipal resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1121,40 +1075,39 @@ class ServicePrincipal(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
-        :param pulumi.Input[bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] app_role_ids: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalAppRoleArgs']]]] app_roles: A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
-        :param pulumi.Input[str] application_id: The application ID (client ID) of the application for which to create a service principal
-        :param pulumi.Input[str] application_tenant_id: The tenant ID where the associated application is registered.
-        :param pulumi.Input[str] client_id: The client ID of the application for which to create a service principal.
-        :param pulumi.Input[str] description: A description of the service principal provided for internal end-users.
-        :param pulumi.Input[str] display_name: Display name for the app role that appears during app role assignment and in consent experiences.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureTagArgs']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
+        :param pulumi.Input[_builtins.bool] account_enabled: Whether or not the service principal account is enabled. Defaults to `true`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] alternative_names: A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
+        :param pulumi.Input[_builtins.bool] app_role_assignment_required: Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] app_role_ids: A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalAppRoleArgs', 'ServicePrincipalAppRoleArgsDict']]]] app_roles: A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles).
+        :param pulumi.Input[_builtins.str] application_tenant_id: The tenant ID where the associated application is registered.
+        :param pulumi.Input[_builtins.str] client_id: The client ID of the application for which to create a service principal.
+        :param pulumi.Input[_builtins.str] description: A description of the service principal provided for internal end-users.
+        :param pulumi.Input[_builtins.str] display_name: Display name for the app role that appears during app role assignment and in consent experiences.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureTagArgs', 'ServicePrincipalFeatureTagArgsDict']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property.
                > **Features and Tags** Features are configured for a service principal using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for a service principal at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Any tags configured for the linked application will propagate to this service principal.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalFeatureArgs']]]] features: Block of features to configure for this service principal using tags
-        :param pulumi.Input[str] homepage_url: Home page or landing page of the associated application.
-        :param pulumi.Input[str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
-        :param pulumi.Input[str] logout_url: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
-        :param pulumi.Input[str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ServicePrincipalOauth2PermissionScopeArgs']]]] oauth2_permission_scopes: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
-        :param pulumi.Input[str] object_id: The object ID of the service principal.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
-        :param pulumi.Input[str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] redirect_uris: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
-        :param pulumi.Input[str] saml_metadata_url: The URL where the service exposes SAML metadata for federation.
-        :param pulumi.Input[pulumi.InputType['ServicePrincipalSamlSingleSignOnArgs']] saml_single_sign_on: A `saml_single_sign_on` block as documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] service_principal_names: A list of identifier URI(s), copied over from the associated application.
-        :param pulumi.Input[str] sign_in_audience: The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalFeatureArgs', 'ServicePrincipalFeatureArgsDict']]]] features: Block of features to configure for this service principal using tags
+        :param pulumi.Input[_builtins.str] homepage_url: Home page or landing page of the associated application.
+        :param pulumi.Input[_builtins.str] login_url: The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
+        :param pulumi.Input[_builtins.str] logout_url: The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
+        :param pulumi.Input[_builtins.str] notes: A free text field to capture information about the service principal, typically used for operational purposes.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] notification_email_addresses: A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] oauth2_permission_scope_ids: A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ServicePrincipalOauth2PermissionScopeArgs', 'ServicePrincipalOauth2PermissionScopeArgsDict']]]] oauth2_permission_scopes: A list of OAuth 2.0 delegated permission scopes exposed by the associated application, as documented below.
+        :param pulumi.Input[_builtins.str] object_id: The object ID of the service principal.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] owners: A list of object IDs of principals that will be granted ownership of the service principal
+        :param pulumi.Input[_builtins.str] preferred_single_sign_on_mode: The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] redirect_uris: A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
+        :param pulumi.Input[_builtins.str] saml_metadata_url: The URL where the service exposes SAML metadata for federation.
+        :param pulumi.Input[Union['ServicePrincipalSamlSingleSignOnArgs', 'ServicePrincipalSamlSingleSignOnArgsDict']] saml_single_sign_on: A `saml_single_sign_on` block as documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] service_principal_names: A list of identifier URI(s), copied over from the associated application.
+        :param pulumi.Input[_builtins.str] sign_in_audience: The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
                > **Tags and Features** Azure Active Directory uses special tag values to configure the behavior of service principals. These can be specified using either the `tags` property or with the `feature_tags` block. If you need to set any custom tag values not supported by the `feature_tags` block, it's recommended to use the `tags` property. Tag values set for the linked application will also propagate to this service principal.
-        :param pulumi.Input[str] type: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.
-        :param pulumi.Input[bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
+        :param pulumi.Input[_builtins.str] type: Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.
+        :param pulumi.Input[_builtins.bool] use_existing: When true, the resource will return an existing service principal instead of failing with an error
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -1165,7 +1118,6 @@ class ServicePrincipal(pulumi.CustomResource):
         __props__.__dict__["app_role_assignment_required"] = app_role_assignment_required
         __props__.__dict__["app_role_ids"] = app_role_ids
         __props__.__dict__["app_roles"] = app_roles
-        __props__.__dict__["application_id"] = application_id
         __props__.__dict__["application_tenant_id"] = application_tenant_id
         __props__.__dict__["client_id"] = client_id
         __props__.__dict__["description"] = description
@@ -1192,39 +1144,39 @@ class ServicePrincipal(pulumi.CustomResource):
         __props__.__dict__["use_existing"] = use_existing
         return ServicePrincipal(resource_name, opts=opts, __props__=__props__)
-    @property
+    @_builtins.property
     @pulumi.getter(name="accountEnabled")
-    def account_enabled(self) -> pulumi.Output[Optional[bool]]:
+    def account_enabled(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Whether or not the service principal account is enabled. Defaults to `true`.
         """
         return pulumi.get(self, "account_enabled")
-    @property
+    @_builtins.property
     @pulumi.getter(name="alternativeNames")
-    def alternative_names(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def alternative_names(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         A set of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities.
         """
         return pulumi.get(self, "alternative_names")
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoleAssignmentRequired")
-    def app_role_assignment_required(self) -> pulumi.Output[Optional[bool]]:
+    def app_role_assignment_required(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to `false`.
         """
         return pulumi.get(self, "app_role_assignment_required")
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoleIds")
-    def app_role_ids(self) -> pulumi.Output[Mapping[str, str]]:
+    def app_role_ids(self) -> pulumi.Output[Mapping[str, _builtins.str]]:
         """
         A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration.
         """
         return pulumi.get(self, "app_role_ids")
-    @property
+    @_builtins.property
     @pulumi.getter(name="appRoles")
     def app_roles(self) -> pulumi.Output[Sequence['outputs.ServicePrincipalAppRole']]:
         """
@@ -1232,50 +1184,39 @@ class ServicePrincipal(pulumi.CustomResource):
         """
         return pulumi.get(self, "app_roles")
-    @property
-    @pulumi.getter(name="applicationId")
-    def application_id(self) -> pulumi.Output[str]:
-        """
-        The application ID (client ID) of the application for which to create a service principal
-        """
-        warnings.warn("""The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_id is deprecated: The `application_id` property has been replaced with the `client_id` property and will be removed in version 3.0 of the AzureAD provider""")
-        return pulumi.get(self, "application_id")
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationTenantId")
-    def application_tenant_id(self) -> pulumi.Output[str]:
+    def application_tenant_id(self) -> pulumi.Output[_builtins.str]:
         """
         The tenant ID where the associated application is registered.
         """
         return pulumi.get(self, "application_tenant_id")
-    @property
+    @_builtins.property
     @pulumi.getter(name="clientId")
-    def client_id(self) -> pulumi.Output[str]:
+    def client_id(self) -> pulumi.Output[_builtins.str]:
         """
         The client ID of the application for which to create a service principal.
         """
         return pulumi.get(self, "client_id")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def description(self) -> pulumi.Output[Optional[str]]:
+    def description(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         A description of the service principal provided for internal end-users.
         """
         return pulumi.get(self, "description")
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> pulumi.Output[str]:
+    def display_name(self) -> pulumi.Output[_builtins.str]:
         """
         Display name for the app role that appears during app role assignment and in consent experiences.
         """
         return pulumi.get(self, "display_name")
-    @property
+    @_builtins.property
     @pulumi.getter(name="featureTags")
     def feature_tags(self) -> pulumi.Output[Sequence['outputs.ServicePrincipalFeatureTag']]:
         """
@@ -1285,66 +1226,64 @@ class ServicePrincipal(pulumi.CustomResource):
         """
         return pulumi.get(self, "feature_tags")
-    @property
+    @_builtins.property
     @pulumi.getter
+    @_utilities.deprecated("""This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""")
     def features(self) -> pulumi.Output[Sequence['outputs.ServicePrincipalFeature']]:
         """
         Block of features to configure for this service principal using tags
         """
-        warnings.warn("""This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""", DeprecationWarning)
-        pulumi.log.warn("""features is deprecated: This block has been renamed to `feature_tags` and will be removed in version 3.0 of the provider""")
         return pulumi.get(self, "features")
-    @property
+    @_builtins.property
     @pulumi.getter(name="homepageUrl")
-    def homepage_url(self) -> pulumi.Output[str]:
+    def homepage_url(self) -> pulumi.Output[_builtins.str]:
         """
         Home page or landing page of the associated application.
         """
         return pulumi.get(self, "homepage_url")
-    @property
+    @_builtins.property
     @pulumi.getter(name="loginUrl")
-    def login_url(self) -> pulumi.Output[Optional[str]]:
+    def login_url(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on.
         """
         return pulumi.get(self, "login_url")
-    @property
+    @_builtins.property
     @pulumi.getter(name="logoutUrl")
-    def logout_url(self) -> pulumi.Output[str]:
+    def logout_url(self) -> pulumi.Output[_builtins.str]:
         """
         The URL that will be used by Microsoft's authorization service to log out an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application.
         """
         return pulumi.get(self, "logout_url")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def notes(self) -> pulumi.Output[Optional[str]]:
+    def notes(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         A free text field to capture information about the service principal, typically used for operational purposes.
         """
         return pulumi.get(self, "notes")
-    @property
+    @_builtins.property
     @pulumi.getter(name="notificationEmailAddresses")
-    def notification_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def notification_email_addresses(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         A set of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications.
         """
         return pulumi.get(self, "notification_email_addresses")
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PermissionScopeIds")
-    def oauth2_permission_scope_ids(self) -> pulumi.Output[Mapping[str, str]]:
+    def oauth2_permission_scope_ids(self) -> pulumi.Output[Mapping[str, _builtins.str]]:
         """
         A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration.
         """
         return pulumi.get(self, "oauth2_permission_scope_ids")
-    @property
+    @_builtins.property
     @pulumi.getter(name="oauth2PermissionScopes")
     def oauth2_permission_scopes(self) -> pulumi.Output[Sequence['outputs.ServicePrincipalOauth2PermissionScope']]:
         """
@@ -1352,47 +1291,47 @@ class ServicePrincipal(pulumi.CustomResource):
         """
         return pulumi.get(self, "oauth2_permission_scopes")
-    @property
+    @_builtins.property
     @pulumi.getter(name="objectId")
-    def object_id(self) -> pulumi.Output[str]:
+    def object_id(self) -> pulumi.Output[_builtins.str]:
         """
         The object ID of the service principal.
         """
         return pulumi.get(self, "object_id")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def owners(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def owners(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         A list of object IDs of principals that will be granted ownership of the service principal
         """
         return pulumi.get(self, "owners")
-    @property
+    @_builtins.property
     @pulumi.getter(name="preferredSingleSignOnMode")
-    def preferred_single_sign_on_mode(self) -> pulumi.Output[Optional[str]]:
+    def preferred_single_sign_on_mode(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. Supported values are `oidc`, `password`, `saml` or `notSupported`. Omit this property or specify a blank string to unset.
         """
         return pulumi.get(self, "preferred_single_sign_on_mode")
-    @property
+    @_builtins.property
     @pulumi.getter(name="redirectUris")
-    def redirect_uris(self) -> pulumi.Output[Sequence[str]]:
+    def redirect_uris(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application.
         """
         return pulumi.get(self, "redirect_uris")
-    @property
+    @_builtins.property
     @pulumi.getter(name="samlMetadataUrl")
-    def saml_metadata_url(self) -> pulumi.Output[str]:
+    def saml_metadata_url(self) -> pulumi.Output[_builtins.str]:
         """
         The URL where the service exposes SAML metadata for federation.
         """
         return pulumi.get(self, "saml_metadata_url")
-    @property
+    @_builtins.property
     @pulumi.getter(name="samlSingleSignOn")
     def saml_single_sign_on(self) -> pulumi.Output[Optional['outputs.ServicePrincipalSamlSingleSignOn']]:
         """
@@ -1400,25 +1339,25 @@ class ServicePrincipal(pulumi.CustomResource):
         """
         return pulumi.get(self, "saml_single_sign_on")
-    @property
+    @_builtins.property
     @pulumi.getter(name="servicePrincipalNames")
-    def service_principal_names(self) -> pulumi.Output[Sequence[str]]:
+    def service_principal_names(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         A list of identifier URI(s), copied over from the associated application.
         """
         return pulumi.get(self, "service_principal_names")
-    @property
+    @_builtins.property
     @pulumi.getter(name="signInAudience")
-    def sign_in_audience(self) -> pulumi.Output[str]:
+    def sign_in_audience(self) -> pulumi.Output[_builtins.str]:
         """
         The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`.
         """
         return pulumi.get(self, "sign_in_audience")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def tags(self) -> pulumi.Output[Sequence[str]]:
+    def tags(self) -> pulumi.Output[Sequence[_builtins.str]]:
         """
         A set of tags to apply to the service principal for configuring specific behaviours of the service principal. Note that these are not provided for use by practitioners. Cannot be used together with the `feature_tags` block.
@@ -1426,17 +1365,17 @@ class ServicePrincipal(pulumi.CustomResource):
         """
         return pulumi.get(self, "tags")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> pulumi.Output[str]:
+    def type(self) -> pulumi.Output[_builtins.str]:
         """
         Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`.
         """
         return pulumi.get(self, "type")
-    @property
+    @_builtins.property
     @pulumi.getter(name="useExisting")
-    def use_existing(self) -> pulumi.Output[Optional[bool]]:
+    def use_existing(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         When true, the resource will return an existing service principal instead of failing with an error
         """

pulumi-azuread 5.48.0a1706744699__py3-none-any.whl → 6.8.0a1766208344__py3-none-any.whl

Potentially problematic release.

pulumi-azuread 5.48.0a1706744699py3-none-any.whl → 6.8.0a1766208344py3-none-any.whl