Hi everyone,
I’m working on provisioning Windows VMs in Azure using Terraform (azurerm_windows_virtual_machine). I want to enable dataAccessAuthMode = "AzureActiveDirectory" for the OS disk to enforce AAD-based access for security compliance.
However, when I add this attribute in the os_disk block of the azurerm_windows_virtual_machine resource, Terraform throws the error:
csharp
CopyEdit
An argument named "data_access_auth_mode" is not expected here.
I understand that data_access_auth_mode is available for azurerm_managed_disk, but it seems to apply only to data disks — not OS disks.
My questions:
- Is there any Terraform-supported way to enable AAD access mode for OS disks?
- If not, what is the best practice to handle this?
- Should I use a
null_resourcewithlocal-execand call the Azure CLI? - How can I ensure this doesn’t create configuration drift?
Here’s a snippet of my current resource block:
hcl
CopyEdit
resource "azurerm_windows_virtual_machine" "host" {
...
os_disk {
name = "myvm-OSDISK"
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
# data_access_auth_mode = "AzureActiveDirectory" # <- Not accepted
}
}
Any guidance or workarounds are much appreciated. Thanks!