![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 14.000000000000002%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
427 questions
Hi ,
Thanks for reaching out to Microsoft Q&A.
To automate the creation of a Partner Topic for receiving Microsoft Entra ID events using IaC, you need to work around the limitations of the REST API. Here’s an approach that you can follow:
1. Understanding the Key Requirements
To create a Partner Topic, the key requirements are:
- A source (which represents the Entra ID event publisher)
- A resource path (where the events should be routed)
- Enabling lifecycle events (if needed)
Since Microsoft Entra ID is the event source, the challenge is that the REST API requires a source parameter, but at this stage, you don’t have direct access to it.
2. Possible Solutions
Here are a few approaches to automate the setup:
Option 1: Use Azure CLI / PowerShell for End-to-End Deployment
While the REST API requires a source, you can instead use Azure CLI or PowerShell to set up the Partner Topic.
Using Azure CLI
az eventgrid partner topic create
--name "<PARTNER_TOPIC_NAME>"
--resource-group "<RESOURCE_GROUP>"
--source "/providers/Microsoft.EntraID/domains/<DOMAIN_NAME>"
--location "<LOCATION>"
- The key issue here is determining
<DOMAIN_NAME>, as it requires Entra ID permissions.
Using PowerShell:
If the source is unknown, this will fail.
New-AzEventGridPartnerTopic -ResourceGroupName "<RESOURCE_GROUP>"
-Name "<PARTNER_TOPIC_NAME>"-Source "/providers/Microsoft.EntraID/domains/<DOMAIN_NAME>" ` -Location "<LOCATION>"
Option 2: Deploy Using Bicep or ARM Template
resource partnerTopic 'Microsoft.EventGrid/partnerTopics@2022-06-15' = { name: 'my-partner-topic' location: 'eastus' properties: { partnerRegistrationImmutableId: '<PARTNER_REGISTRATION_ID>' source: '/providers/Microsoft.EntraID/domains/<DOMAIN_NAME>' partnerTopicFriendlyDescription: 'Partner topic for Entra ID events' } }
Limitations:
- You need to pre-register the partner registration and get its immutable ID.
- You need the source, which is linked to the Entra ID domain.
Option 3: Register the Partner Namespace & Allow Tenants to Subscribe
Instead of creating the Partner Topic directly, you register a Partner Namespace and allow multiple tenants to subscribe.
Register as an Event Partner
- This is done in Microsoft Partner Center or via API.
- You receive a partnerRegistrationImmutableId.
- You create a partner namespace in Azure Event Grid.
Each Tenant Subscribes to the Partner Topic
- Once the partner namespace exists, each tenant subscribes via Event Grid Partner Topic Subscription.
This allows you to onboard multiple tenants dynamically without requiring manual configuration.
Best Approach
- If you own the source (a Microsoft Entra ID event publisher), you can directly create the Partner Topic via Azure CLI or Bicep.
- If you don’t have the source, use Partner Registration and let tenants subscribe dynamically.
- The IaC approach works better when combined with Partner Namespace Registration to avoid manual intervention.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 22%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)