AzureRM - Authenticate Without SubscriptionID

I have a use case where I want to access information about my management group and apply policies to it, even when it does not have any subscriptions currently associated with it. We are using Azure service principals to authenticate. I am providing the client_id, client_secret and tenant_id by environment variables. Since I don’t have any subscriptions, I don’t have any subscription_id to provide.

According to this -,
subscription ID is optional, but it seems that when using client_secret, it’s required. I get the following error when running Terraform:
Error: Error building AzureRM Client: 1 error occurred:
* A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.

Is there a way I can access my management group without having a subscription, using the azurerm provider?

Simplified version of my use case:

provider “azurerm” {
version = “~> 2.2”
features {}

data azurerm_management_group “current” {
name = “foo”

output mg1 {
value =

1 Like

@ r-zaveri - I am facing a similar challenge. Did you ever solve?

@jeffrey.west Unfortunately I did not. We moved away from Azure actually, so never got around to solving it.