Terraform AzureRM: Your device is required to be managed to access this resource

Question

In the past I had no issues with connecting to Azure with the AzureRM Terraform provider.

But since around the 10th of August I get, when running terraform plan:

❯ terraform plan
╷
│ Error: building account: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: AADSTS530003: Your device is required to be managed to access this resource.
│ Trace ID: XXXXXX-XXXXXX-XXXXXX
│ Correlation ID: XXXXXX-XXXXXX-XXXXXX-XXXXXX
│ Timestamp: 2022-08-30 07:55:24Z
│ To re-authenticate, please run:
│ az login --scope https://graph.microsoft.com//.default
│ 
│   with provider["registry.terraform.io/hashicorp/azurerm"],
│   on provider.tf line 1, in provider "azurerm":
│    1: provider "azurerm" {
│ 
╵

Running the suggested az login --scope https://graph.microsoft.com//.default redirects to my default browser (Firefox):

Your sign-in was successful, but you can’t open this resource from this web browser. You might be able to access it from the Safari browser (ask your IT department for a list of approved mobile and desktop applications).

and actually IT doesnt support it on any browser or device :/.

This is the configuration of the provider:

provider "azurerm" {
  features {}

  subscription_id            = "XXXXXX-XXXXXX-XXXXXX-XXXXXX"
  skip_provider_registration = true
}

The azure-cli works just fine so far, no issues on commands such as:

• az login
• az account show

Terraform v1.0.8, AzureRM v2.93.1

Answer 1

Rolling back the Azure CLI to version 2.31.0 resolved the issue for now.

Apparently this is due to a breaking change in CLI version 2.37.0:

due to the deprecation of Azure Active Directory (Azure AD) Graph, the underlying Active Directory Graph API will be replaced by Microsoft Graph API in Azure CLI 2.37.0.