Unable to update to SharePoint Tenant Settings

[webstean]

I'm following this documentation:

And I've produced the following code, which I believe matches the documentation:

resource "msgraph_update_resource" "sharepoint_settings" {
  url         = "/admin/sharepoint/settings"
  api_version = "v1.0"

  body = {
    "@odata.type"                                = "#microsoft.graph.sharepointSettings"
    allowedDomainGuidsForSyncApp                 = ""   ## Collection of trusted domain GUIDs for the OneDrive sync app.
    deletedUserPersonalSiteRetentionPeriodInDays = "30" ## The number of days for preserving a deleted user's OneDrive.
    excludedFileExtensionsForSyncApp             = ""   ## Collection of file extensions not uploaded by the OneDrive sync app.
    idleSessionSignOut = {                              ## Specifies the idle session sign-out policies for the tenant. / Represents the idle session sign-out policy settings for SharePoint. / https://learn.microsoft.com/en-us/graph/api/resources/idlesessionsignout?view=graph-rest-beta.
      isEnabled             = true                      ## Indicates whether the idle session sign-out policy is enabled. 
      signOutAfterInSeconds = 0                         ## Number of seconds of inactivity after which a user is signed out.
      warnAfterInSeconds    = 0                         ## Number of seconds of inactivity after which a user is notified that they'll be signed out.
    }
    imageTaggingOption                              = "enhanced" ## Specifies the image tagging option for the tenant. / Possible values are: `disabled`, `basic`, `enhanced`, `unknownFutureValue`.
    isCommentingOnSitePagesEnabled                  = true       ## Indicates whether comments are allowed on modern site pages in SharePoint.
    isFileActivityNotificationEnabled               = true       ## Indicates whether push notifications are enabled for OneDrive events.
    isLegacyAuthProtocolsEnabled                    = false      ## Indicates whether legacy authentication protocols are enabled for the tenant.
    isLoopEnabled                                   = true       ## Indicates whetherif Fluid Framework is allowed on SharePoint sites.
    isMacSyncAppEnabled                             = true       ## Indicates whether files can be synced using the OneDrive sync app for Mac.
    isRequireAcceptingUserToMatchInvitedUserEnabled = true       ## Indicates whether guests must sign in using the same account to which sharing invitations are sent.
    isResharingByExternalUsersEnabled               = false      ## Indicates whether guests are allowed to reshare files, folders, and sites they don't own.
    isSharepointMobileNotificationEnabled           = true       ## Indicates whether mobile push notifications are enabled for SharePoint.
    isSharepointNewsfeedEnabled                     = true       ## Indicates whether the newsfeed is allowed on the modern site pages in SharePoint.
    isSiteCreationEnabled                           = false      ## Indicates whether users are allowed to create sites.
    isSiteCreationUiEnabled                         = false      ## Indicates whether the UI commands for creating sites are shown.
    isSitePagesCreationEnabled                      = false      ## Indicates whether creating new modern pages is allowed on SharePoint sites.
    isSitesStorageLimitAutomatic                    = true       ## Indicates whether site storage space is automatically managed or if specific storage limits are set per site.
    isSyncButtonHiddenOnPersonalSite                = true       ## Indicates whether the sync button in OneDrive is hidden.
    isUnmanagedSyncAppForTenantRestricted           = true       ## Indicates whether users are allowed to sync files only on PCs joined to specific domains.
    personalSiteDefaultStorageLimitInMb             = 1048576    ## The default OneDrive storage limit for all new and existing users who are assigned a qualifying license. Measured in megabytes (MB).
    sharingAllowedDomainList                        = []                                        ## Collection of email domains that are allowed for sharing outside the organization.
    sharingBlockedDomainList                        = []                                        ## Collection of email domains that are blocked for sharing outside the organization.
    sharingCapability                   = "externalUserAndGuestSharing"             ## Sharing capability for the tenant. / Possible values are: `disabled`, `externalUserSharingOnly`, `externalUserAndGuestSharing`, `existingExternalUserSharingOnly`, `unknownFutureValue`.
    sharingDomainRestrictionMode        = "none"                                    ## Specifies the external sharing mode for domains. / Possible values are: `none`, `allowList`, `blockList`, `unknownFutureValue`.
    siteCreationDefaultManagedPath      = "/sites/"                                 ## The value of the team site managed path. This is the path under which new team sites will be created.
    siteCreationDefaultStorageLimitInMb = 26214400                                  ## The default storage quota for a new site upon creation. Measured in megabytes (MB).
    tenantDefaultTimezone               = "(GMT+10:00) Canberra, Melbourne, Sydney" ## "The default timezone of a tenant for newly created sites. For a list of possible values, see [SPRegionalSettings.TimeZones property](/sharepoint/dev/schema/regional-settings-schema).
  }
}

But I get the error message:

│ Error: Failed to create resource
│ 
│   with msgraph_update_resource.sharepoint_settings,
│   on temp-sharepoint-settings.tf line 37, in resource "msgraph_update_resource" "sharepoint_settings":
│   37: resource "msgraph_update_resource" "sharepoint_settings" {
│ 
│ PATCH https://graph.microsoft.com/v1.0/admin/sharepoint/settings
│ --------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: invalidRequest
│ --------------------------------------------------------------------------------
│ {
│   "error": {
│     "code": "invalidRequest",
│     "message": "[setting] The specified type named microsoft.graph.sharepointSettings is not recognized.",
│     "innerError": {
│       "date": "2025-12-24T00:55:19",
│       "request-id": "eed2064c-9537-42bf-82b6-0282960c34e8",
│       "client-request-id": "eed2064c-9537-42bf-82b6-0282960c34e8"
│     }
│   }
│ }
│ --------------------------------------------------------------------------------
│ 

[ms-henglu]

Hi @webstean ,

Thank you for taking time to report this issue.

It seem the API doesn't allow "@odata.type" = "#microsoft.graph.sharepointSettings"" in the PATCH request, based on the docs: https://learn.microsoft.com/en-us/graph/api/sharepointsettings-update?view=graph-rest-1.0&tabs=http#request

Would you please try removing the @odata.type from body?

[webstean]

Hi @ms-henglu ,

Removed it and received a different error. Also, now using the new Christmas Day release of provider.

The exact message is now:

╷
│ Error: Failed to create resource
│ 
│   with msgraph_update_resource.global_settings_sharepoint,
│   on global-settings-sharepoint.tf line 3, in resource "msgraph_update_resource" "global_settings_sharepoint":
│    3: resource "msgraph_update_resource" "global_settings_sharepoint" {
│ 
│ PATCH https://graph.microsoft.com/v1.0/admin/sharepoint/settings
│ --------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: invalidRequest
│ --------------------------------------------------------------------------------
│ {
│   "error": {
│     "code": "invalidRequest",
│     "message": "[setting] An unexpected 'PrimitiveValue' node was found when reading from the JSON reader. A 'StartArray' node was expected.",
│     "innerError": {
│       "date": "2026-01-07T23:32:26",
│       "request-id": "0950c8f7-e123-4a3b-880a-6f863cd55c88",
│       "client-request-id": "0950c8f7-e123-4a3b-880a-6f863cd55c88"
│     }
│   }
│ }
│ --------------------------------------------------------------------------------
│ 
╵

[webstean]

resource "msgraph_update_resource" "global_settings_sharepoint" {
  url         = "/admin/sharepoint/settings"
  api_version = "v1.0"

  body = {
    ## "@odata.type"                                = "#microsoft.graph.sharepointSettings"
    allowedDomainGuidsForSyncApp                 = ""   ## Collection of trusted domain GUIDs for the OneDrive sync app.
    deletedUserPersonalSiteRetentionPeriodInDays = "30" ## The number of days for preserving a deleted user's OneDrive.
    excludedFileExtensionsForSyncApp             = ""   ## Collection of file extensions not uploaded by the OneDrive sync app.
    idleSessionSignOut = {                              ## Specifies the idle session sign-out policies for the tenant. / Represents the idle session sign-out policy settings for SharePoint. / https://learn.microsoft.com/en-us/graph/api/resources/idlesessionsignout?view=graph-rest-beta.
      isEnabled             = true                      ## Indicates whether the idle session sign-out policy is enabled. 
      signOutAfterInSeconds = 0                         ## Number of seconds of inactivity after which a user is signed out.
      warnAfterInSeconds    = 0                         ## Number of seconds of inactivity after which a user is notified that they'll be signed out.
    }
    imageTaggingOption                              = "enhanced" ## Specifies the image tagging option for the tenant. / Possible values are: `disabled`, `basic`, `enhanced`, `unknownFutureValue`.
    isCommentingOnSitePagesEnabled                  = true       ## Indicates whether comments are allowed on modern site pages in SharePoint.
    isFileActivityNotificationEnabled               = true       ## Indicates whether push notifications are enabled for OneDrive events.
    isLegacyAuthProtocolsEnabled                    = false      ## Indicates whether legacy authentication protocols are enabled for the tenant.
    isLoopEnabled                                   = true       ## Indicates whetherif Fluid Framework is allowed on SharePoint sites.
    isMacSyncAppEnabled                             = true       ## Indicates whether files can be synced using the OneDrive sync app for Mac.
    isRequireAcceptingUserToMatchInvitedUserEnabled = true       ## Indicates whether guests must sign in using the same account to which sharing invitations are sent.
    isResharingByExternalUsersEnabled               = false      ## Indicates whether guests are allowed to reshare files, folders, and sites they don't own.
    isSharepointMobileNotificationEnabled           = true       ## Indicates whether mobile push notifications are enabled for SharePoint.
    isSharepointNewsfeedEnabled                     = false      ## Indicates whether the newsfeed is allowed on the modern site pages in SharePoint.
    isSiteCreationEnabled                           = false      ## Indicates whether users are allowed to create sites.
    isSiteCreationUiEnabled                         = false      ## Indicates whether the UI commands for creating sites are shown.
    isSitePagesCreationEnabled                      = false      ## Indicates whether creating new modern pages is allowed on SharePoint sites.
    isSitesStorageLimitAutomatic                    = true       ## Indicates whether site storage space is automatically managed or if specific storage limits are set per site.
    isSyncButtonHiddenOnPersonalSite                = true       ## Indicates whether the sync button in OneDrive is hidden.
    isUnmanagedSyncAppForTenantRestricted           = true       ## Indicates whether users are allowed to sync files only on PCs joined to specific domains.
    personalSiteDefaultStorageLimitInMb             = 1048576    ## The default OneDrive storage limit for all new and existing users who are assigned a qualifying license. Measured in megabytes (MB).
    sharingAllowedDomainList                        = []                                        ## Collection of email domains that are allowed for sharing outside the organization.
    sharingBlockedDomainList                        = []                                        ## Collection of email domains that are blocked for sharing outside the organization.
    sharingCapability                   = "externalUserAndGuestSharing"             ## Sharing capability for the tenant. / Possible values are: `disabled`, `externalUserSharingOnly`, `externalUserAndGuestSharing`, `existingExternalUserSharingOnly`, `unknownFutureValue`.
    sharingDomainRestrictionMode        = "none"                                    ## Specifies the external sharing mode for domains. / Possible values are: `none`, `allowList`, `blockList`, `unknownFutureValue`.
    siteCreationDefaultManagedPath      = "/sites/"                                 ## The value of the team site managed path. This is the path under which new team sites will be created.
    siteCreationDefaultStorageLimitInMb = 26214400                                  ## The default storage quota for a new site upon creation. Measured in megabytes (MB).
    tenantDefaultTimezone               = "(GMT+10:00) Canberra, Melbourne, Sydney" ## "The default timezone of a tenant for newly created sites. For a list of possible values, see [SPRegionalSettings.TimeZones property](/sharepoint/dev/schema/regional-settings-schema).
  }
}