u/antivocal

Managing a handful of entra external ID tenants for different clients and keeping them consistent is kind of a mess, every tenant has drifted from the "standard" config in some small way and there's no clean way to see what's different or push a change across all of them.

Currently got some graph API scripts and a folder of exported JSON i manually diff

is there anything better out there? not looking for full IaC, just something that can tell me "here's what's different between these two tenants right now

we use entra external ID for customer auth and every time something needs changing like branding, a user flow, sign-in page layout, it's just portal work. make the change in dev, try to remember to do it again in prod, maybe write it down somewhere.

last month someone changed the login page layout in prod and we didn't catch it for a week. activity logs tell you something happened but not what it looked like before so good luck figuring out what changed.

looked at terraform/bicep for this but the resource coverage is pretty thin for anything past basic setup/creation. Are people writing their own graph api scripts?

trying to figure out if there's a workflow i'm missing before i go build something myself.