Skip to content

Unable to use Microsoft.Management/serviceGroups as a resource scope #18097

New issue
New issue
Open
Bug
Open
Unable to use Microsoft.Management/serviceGroups as a resource scope#18097
Bug
Assignees
subha-sa
Milestone
v0.42
@kalbert312

Description

@kalbert312
kalbert312
opened on Sep 23, 2025

Bicep version
All

Describe the bug

var sgName = 'mySG'

resource sg 'Microsoft.Management/serviceGroups@2024-02-01-preview' existing = {
  name: sgName
  scope: tenant()
}

resource site 'Microsoft.Edge/sites@2025-03-01-preview' = {
  scope: sg
  name: 'MySite'
  properties: {}
}

should produce the following scope on the site resource

 "scope": "[format('/providers/Microsoft.Management/serviceGroups/{0}', variables('sgName'))]",

but it produces

 "scope": "[format('Microsoft.Management/serviceGroups/{0}', variables('sgName'))]",

Because it's not absolute, it inherits the scope of the deployment. In the reported case, this was an RG deployment and user is unable to issue a tenant level deployment due to lack of permissions.

Suggested workaround was to compile the Bicep into an ARM template and make the manual edit, but this looks like a gap in support for service groups.

Additional context
This is a repair item created from an internal incident.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Bug

Projects

Bicep

Status

In Review

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions