deploymenttheory
diff --git a/‎.github/workflows/bi-weekly-tests.yml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/bi-weekly-tests.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/resources/graph_beta_agents_agent_identity_blueprint.md‎
Lines changed: 127 additions & 0 deletions b/‎docs/resources/graph_beta_agents_agent_identity_blueprint.md‎
Lines changed: 127 additions & 0 deletions
diff --git a/‎docs/resources/graph_beta_agents_agent_identity_blueprint_certificate_credential.md‎
Lines changed: 47 additions & 0 deletions b/‎docs/resources/graph_beta_agents_agent_identity_blueprint_certificate_credential.md‎
Lines changed: 47 additions & 0 deletions
@@ -101,6 +101,8 @@ jobs:
       fail-fast: false # https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idstrategyfail-fast
       matrix:
         include:
+          - service: agents
+            runner: ubuntu-24.04-arm
           - service: applications
             runner: ubuntu-24.04-arm
           - service: backup_storage
@@ -216,6 +218,8 @@ jobs:
       fail-fast: false
       matrix:
         include: # testing both ubuntu-24.04-arm and ubuntu-24.04-arm
+          - service: agents
+            runner: ubuntu-24.04-arm
           - service: applications
             runner: ubuntu-24.04-arm
           - service: device_and_app_management
@@ -266,6 +270,8 @@ jobs:
 
       - name: Set service credentials
         env:
+          M365_CLIENT_ID_AGENTS: ${{ secrets.M365_CLIENT_ID_AGENTS }}
+          M365_CLIENT_SECRET_AGENTS: ${{ secrets.M365_CLIENT_SECRET_AGENTS }}
           M365_CLIENT_ID_APPLICATIONS: ${{ secrets.M365_CLIENT_ID_APPLICATIONS }}
           M365_CLIENT_SECRET_APPLICATIONS: ${{ secrets.M365_CLIENT_SECRET_APPLICATIONS }}
           M365_CLIENT_ID_DEVICE_AND_APP_MGMT: ${{ secrets.M365_CLIENT_ID_DEVICE_AND_APP_MGMT }}
 
@@ -0,0 +1,127 @@
+---
+page_title: "microsoft365_graph_beta_agents_agent_identity_blueprint Resource - terraform-provider-microsoft365"
+subcategory: "Agents"
+
+description: |-
+  Manages an Agent Identity Blueprint in Microsoft Entra ID using the /applications/microsoft.graph.agentIdentityBlueprint endpoint. An agent identity blueprint serves as a template for creating agent identities within the Microsoft Entra ID ecosystem. This resource inherits from the application resource type.
+---
+
+# microsoft365_graph_beta_agents_agent_identity_blueprint (Resource)
+
+Manages an Agent Identity Blueprint in Microsoft Entra ID using the `/applications/microsoft.graph.agentIdentityBlueprint` endpoint. An agent identity blueprint serves as a template for creating agent identities within the Microsoft Entra ID ecosystem. This resource inherits from the application resource type.
+
+## Microsoft Documentation
+
+- [agentIdentityBlueprint resource type](https://learn.microsoft.com/en-us/graph/api/resources/agentidentityblueprint?view=graph-rest-beta)
+- [Create agentIdentityBlueprint](https://learn.microsoft.com/en-us/graph/api/agentidentityblueprint-post?view=graph-rest-beta&tabs=http)
+- [Update agentIdentityBlueprint](https://learn.microsoft.com/en-us/graph/api/agentidentityblueprint-update?view=graph-rest-beta&tabs=http)
+- [Delete agentIdentityBlueprint](https://learn.microsoft.com/en-us/graph/api/agentidentityblueprint-delete?view=graph-rest-beta&tabs=http)
+
+## API Permissions
+
+The following API permissions are required in order to use this resource.
+
+### Microsoft Graph
+
+- **Application**: `AgentIdentityBlueprint.Read.All`, `AgentIdentityBlueprint.ReadWrite.All`, `AgentIdentityBlueprint.Create`, `AgentIdentityBlueprint.AddRemoveCreds.All`, `AgentIdentityBlueprint.UpdateBranding.All`, `Directory.Read.All`, `Directory.ReadWrite.All`
+
+Find out more about the permissions required for managing agent identities at microsoft learn [here](https://learn.microsoft.com/en-us/graph/api/resources/agentid-platform-overview?view=graph-rest-beta#permissions-for-managing-agent-identities).
+
+## Version History
+
+| Version | Status | Notes |
+|---------|--------|-------|
+| v0.38.0 | Experimental | Initial release |
+
+## Example Usage
+
+### Minimal Example
+
+```terraform
+# Minimal Agent Identity Blueprint configuration
+# Creates an agent identity blueprint with required fields only
+resource "microsoft365_graph_beta_agents_agent_identity_blueprint" "minimal" {
+  display_name = "My Agent Blueprint"
+
+  sponsor_user_ids = ["00000000-0000-0000-0000-000000000000"]
+  owner_user_ids   = ["00000000-0000-0000-0000-000000000000"]
+}
+```
+
+### Maximal Example
+
+```terraform
+# Maximal Agent Identity Blueprint configuration
+# Creates an agent identity blueprint with all available fields configured
+resource "microsoft365_graph_beta_agents_agent_identity_blueprint" "maximal" {
+  display_name = "Production AI Agent Blueprint"
+  description  = "Blueprint for AI agents used in production workloads with full governance controls"
+
+  sponsor_user_ids = [
+    "00000000-0000-0000-0000-000000000001",
+    "00000000-0000-0000-0000-000000000002",
+  ]
+
+  owner_user_ids = [
+    "00000000-0000-0000-0000-000000000001",
+    "00000000-0000-0000-0000-000000000002",
+  ]
+
+  tags = [
+    "production",
+    "ai-agent",
+    "managed-by-terraform"
+  ]
+
+  timeouts = {
+    create = "10m"
+    read   = "5m"
+    update = "10m"
+    delete = "5m"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `display_name` (String) The display name for the agent identity blueprint. Maximum length is 256 characters. Required.
+- `owner_user_ids` (Set of String) The user IDs of the owners for the agent identity blueprint. At least one owner is required when creating an agent identity blueprint. Owners are users who have full control over the blueprint.
+- `sponsor_user_ids` (Set of String) The user IDs of the sponsors for the agent identity blueprint. At least one sponsor is required when creating an agent identity blueprint. Sponsors are users who can approve or oversee the blueprint.
+
+### Optional
+
+- `description` (String) Free text field to provide a description of the agent identity blueprint to end users. Maximum length is 1,024 characters.
+- `sign_in_audience` (String) Specifies the Microsoft accounts that are supported for the current application. Supported values are: `AzureADMyOrg` (Single tenant),  the following values from testing don't work: `AzureADMultipleOrgs` (Multi-tenant), `AzureADandPersonalMicrosoftAccount` (Multi-tenant and personal accounts), `PersonalMicrosoftAccount` (Personal accounts only).
+- `tags` (Set of String) Custom strings that can be used to categorize and identify the agent identity blueprint.
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
+
+### Read-Only
+
+- `app_id` (String) The unique identifier for the application that is assigned to the agent identity blueprint by Microsoft Entra ID. Also known as Application (client) ID. Read-only.
+- `id` (String) The unique identifier for the agent identity blueprint. This property is referred to as Object ID in the Microsoft Entra admin center. Read-only.
+
+<a id="nestedatt--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+#!/bin/bash
+
+# Import an existing Agent Identity Blueprint using the Object ID (id)
+# The ID can be found in the Microsoft Entra admin center under:
+# Applications > App registrations > [Your Blueprint] > Overview > Object ID
+terraform import microsoft365_graph_beta_agents_agent_identity_blueprint.example 00000000-0000-0000-0000-000000000000
+```
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "microsoft365_graph_beta_agents_agent_identity_blueprint_certificate_credential Resource - Microsoft 365"
+subcategory: ""
+description: |-
+  Manages a certificate credential for an Agent Identity Blueprint application using the Microsoft Graph Beta API. This resource uses PATCH on the application's keyCredentials property with OData type cast to microsoft.graph.agentIdentityBlueprint.
+---
+
+# microsoft365_graph_beta_agents_agent_identity_blueprint_certificate_credential (Resource)
+
+Manages a certificate credential for an Agent Identity Blueprint application using the Microsoft Graph Beta API. This resource uses PATCH on the application's keyCredentials property with OData type cast to microsoft.graph.agentIdentityBlueprint.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `blueprint_id` (String) The unique identifier of the agent identity blueprint application.
+- `key` (String, Sensitive) The certificate's raw data in PEM format. Use `file("path/to/cert.pem")` to read the certificate file.
+
+### Optional
+
+- `display_name` (String) Friendly name for the certificate. Optional.
+- `end_date_time` (String) The date and time at which the credential expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2025 is 2025-01-01T00:00:00Z. Required.
+- `replace_existing_certificates` (Boolean) When `true`, replaces all existing certificates on the application. When `false` (default), preserves existing certificates and adds the new one.
+- `start_date_time` (String) The date and time at which the credential becomes valid. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z. If not specified, defaults to the current time.
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
+- `type` (String) The type of key credential. Must be `AsymmetricX509Cert`.
+- `usage` (String) A string that describes the purpose for which the key can be used. Must be `Verify`.
+
+### Read-Only
+
+- `custom_key_identifier` (String) A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate.
+- `key_id` (String) The unique identifier (GUID) for the key credential.
+- `thumbprint` (String) The thumbprint (SHA-1 hash) of the certificate.
+
+<a id="nestedatt--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).