Is it possible to use Pulumi to Grant Admin Consent to the Required Resource Accesses specified for an Azure Application created using new Pulumi.AzureAD.Application?

AFAIK, the answer is no.

Thanks @tall-librarian-49374, I have found that I can do this using the Microsoft Graph API. It seems to work best if I first use Pulumi to add the rights and then the API to grant consent for them. In theory the API can do both steps i.e. add the permissions and provide consent but when I do that they seem to appear in the "Other Permissions" section rather than the "Configured Permissions" section. If I assign the permission with Pulumi and then use the API to grant consent they appear in the preferred "Configured Permissions" section. My issue is that I can't call the API until Pulumi has created the App Registration, its associated Service Principal and assigned the required permissions. I then need to use the Object ID of the Service Principal when calling the API. Is there a way I can call normal .Net code (i.e to call the API) once the required object has been created (so I know I have a valid object ID to pass to it)?

Ah, nice!

@tall-librarian-49374 yeah looks promising. Is there a way to integrate the API call in to my code as described above (i.e. once the objectId exists)?

Are you using .NET?

Yes

.NET doesn’t have dynamic provides yet, which would be the first-class solution for this kind of problems in Node.js or Python. In .NET you could add your API calls to

Apply

, something similar to the pattern in https://blog.headforcloud.com/2020/02/09/pulumi-azure-static-sites/

brilliant, thanks. I'll give it a shot