import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
 * Manages a group within Azure Active Directory. Does not directly manage or expose members of the group.
 *
 * ## API Permissions
 *
 * The following API permissions are required in order to use this resource.
 *
 * When authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.
 *
 * Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.
 *
 * If using the `assignableToRole` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.
 *
 * If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`
 *
 * When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`
 *
 * When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles.
 *
 * The `externalSendersAllowed`, `autoSubscribeNewMembers`, `hideFromAddressLists` and `hideFromOutlookClients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.
 *
 * ## Example Usage
 *
 * *Basic example*
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azuread from "@pulumi/azuread";
 *
 * const current = azuread.getClientConfig({});
 * const example = new azuread.GroupWithoutMembers("example", {
 *     displayName: "example",
 *     owners: [current.then(current => current.objectId)],
 *     securityEnabled: true,
 * });
 * ```
 *
 * *Microsoft 365 group*
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azuread from "@pulumi/azuread";
 *
 * const current = azuread.getClientConfig({});
 * const groupOwner = new azuread.User("group_owner", {
 *     userPrincipalName: "example-group-owner@example.com",
 *     displayName: "Group Owner",
 *     mailNickname: "example-group-owner",
 *     password: "SecretP@sswd99!",
 * });
 * const example = new azuread.GroupWithoutMembers("example", {
 *     displayName: "example",
 *     mailEnabled: true,
 *     mailNickname: "ExampleGroup",
 *     securityEnabled: true,
 *     types: ["Unified"],
 *     owners: [
 *         current.then(current => current.objectId),
 *         groupOwner.objectId,
 *     ],
 * });
 * ```
 *
 * *Group with dynamic membership*
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azuread from "@pulumi/azuread";
 *
 * const current = azuread.getClientConfig({});
 * const example = new azuread.GroupWithoutMembers("example", {
 *     displayName: "MyGroup",
 *     owners: [current.then(current => current.objectId)],
 *     securityEnabled: true,
 *     types: ["DynamicMembership"],
 *     dynamicMembership: {
 *         enabled: true,
 *         rule: "user.department -eq \"Sales\"",
 *     },
 * });
 * ```
 *
 * ## Import
 *
 * Groups can be imported using their object ID, e.g.
 *
 * ```sh
 * $ pulumi import azuread:index/groupWithoutMembers:GroupWithoutMembers my_group /groups/00000000-0000-0000-0000-000000000000
 * ```
 */
export declare class GroupWithoutMembers extends pulumi.CustomResource {
    /**
     * Get an existing GroupWithoutMembers resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupWithoutMembersState, opts?: pulumi.CustomResourceOptions): GroupWithoutMembers;
    /**
     * Returns true if the given object is an instance of GroupWithoutMembers.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is GroupWithoutMembers;
    /**
     * The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.
     *
     * > **Caution** When using the azuread.AdministrativeUnitMember resource, or the `members` property of the azuread.AdministrativeUnit resource, to manage Administrative Unit membership for a group, you will need to use an `ignoreChanges = [administrativeUnitIds]` lifecycle meta argument for the `azuread.Group` resource, in order to avoid a persistent diff.
     */
    readonly administrativeUnitIds: pulumi.Output<string[] | undefined>;
    /**
     * Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to `false`. Can only be set to `true` for security-enabled groups. Changing this forces a new resource to be created.
     */
    readonly assignableToRole: pulumi.Output<boolean | undefined>;
    /**
     * Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    readonly autoSubscribeNewMembers: pulumi.Output<boolean>;
    /**
     * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
     */
    readonly behaviors: pulumi.Output<string[] | undefined>;
    /**
     * The description for the group.
     */
    readonly description: pulumi.Output<string | undefined>;
    /**
     * The display name for the group.
     */
    readonly displayName: pulumi.Output<string>;
    /**
     * A `dynamicMembership` block as documented below. Required when `types` contains `DynamicMembership`. Cannot be used with the `members` property.
     */
    readonly dynamicMembership: pulumi.Output<outputs.GroupWithoutMembersDynamicMembership | undefined>;
    /**
     * Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `externalSendersAllowed` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    readonly externalSendersAllowed: pulumi.Output<boolean>;
    /**
     * Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `hideFromAddressLists` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    readonly hideFromAddressLists: pulumi.Output<boolean>;
    /**
     * Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `hideFromOutlookClients` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    readonly hideFromOutlookClients: pulumi.Output<boolean>;
    /**
     * The SMTP address for the group.
     */
    readonly mail: pulumi.Output<string>;
    /**
     * Whether the group is a mail enabled, with a shared group mailbox. At least one of `mailEnabled` or `securityEnabled` must be specified. Only Microsoft 365 groups can be mail enabled (see the `types` property).
     */
    readonly mailEnabled: pulumi.Output<boolean | undefined>;
    /**
     * The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.
     */
    readonly mailNickname: pulumi.Output<string>;
    /**
     * The object ID of the group.
     */
    readonly objectId: pulumi.Output<string>;
    /**
     * The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
     */
    readonly onpremisesDomainName: pulumi.Output<string>;
    /**
     * The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.
     */
    readonly onpremisesGroupType: pulumi.Output<string>;
    /**
     * The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.
     */
    readonly onpremisesNetbiosName: pulumi.Output<string>;
    /**
     * The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.
     */
    readonly onpremisesSamAccountName: pulumi.Output<string>;
    /**
     * The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
     */
    readonly onpremisesSecurityIdentifier: pulumi.Output<string>;
    /**
     * Whether this group is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
     */
    readonly onpremisesSyncEnabled: pulumi.Output<boolean>;
    /**
     * A set of owners who own this group. Supported object types are Users or Service Principals
     */
    readonly owners: pulumi.Output<string[]>;
    /**
     * The preferred language for a Microsoft 365 group, in ISO 639-1 notation.
     */
    readonly preferredLanguage: pulumi.Output<string>;
    /**
     * If `true`, will return an error if an existing group is found with the same name. Defaults to `false`.
     */
    readonly preventDuplicateNames: pulumi.Output<boolean | undefined>;
    /**
     * A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.
     */
    readonly provisioningOptions: pulumi.Output<string[] | undefined>;
    /**
     * List of email addresses for the group that direct to the same group mailbox.
     */
    readonly proxyAddresses: pulumi.Output<string[]>;
    /**
     * Whether the group is a security group for controlling access to in-app resources. At least one of `securityEnabled` or `mailEnabled` must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the `types` property).
     */
    readonly securityEnabled: pulumi.Output<boolean | undefined>;
    /**
     * The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.
     */
    readonly theme: pulumi.Output<string | undefined>;
    /**
     * A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when `mailEnabled` is true. Changing this forces a new resource to be created.
     *
     * > **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.
     */
    readonly types: pulumi.Output<string[] | undefined>;
    /**
     * The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.
     *
     * > **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the `preventDuplicateNames` argument to check for existing groups if you want to avoid name collisions.
     */
    readonly visibility: pulumi.Output<string>;
    /**
     * Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.
     */
    readonly writebackEnabled: pulumi.Output<boolean | undefined>;
    /**
     * Create a GroupWithoutMembers resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: GroupWithoutMembersArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering GroupWithoutMembers resources.
 */
export interface GroupWithoutMembersState {
    /**
     * The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.
     *
     * > **Caution** When using the azuread.AdministrativeUnitMember resource, or the `members` property of the azuread.AdministrativeUnit resource, to manage Administrative Unit membership for a group, you will need to use an `ignoreChanges = [administrativeUnitIds]` lifecycle meta argument for the `azuread.Group` resource, in order to avoid a persistent diff.
     */
    administrativeUnitIds?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to `false`. Can only be set to `true` for security-enabled groups. Changing this forces a new resource to be created.
     */
    assignableToRole?: pulumi.Input<boolean>;
    /**
     * Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    autoSubscribeNewMembers?: pulumi.Input<boolean>;
    /**
     * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
     */
    behaviors?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * The description for the group.
     */
    description?: pulumi.Input<string>;
    /**
     * The display name for the group.
     */
    displayName?: pulumi.Input<string>;
    /**
     * A `dynamicMembership` block as documented below. Required when `types` contains `DynamicMembership`. Cannot be used with the `members` property.
     */
    dynamicMembership?: pulumi.Input<inputs.GroupWithoutMembersDynamicMembership>;
    /**
     * Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `externalSendersAllowed` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    externalSendersAllowed?: pulumi.Input<boolean>;
    /**
     * Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `hideFromAddressLists` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    hideFromAddressLists?: pulumi.Input<boolean>;
    /**
     * Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `hideFromOutlookClients` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    hideFromOutlookClients?: pulumi.Input<boolean>;
    /**
     * The SMTP address for the group.
     */
    mail?: pulumi.Input<string>;
    /**
     * Whether the group is a mail enabled, with a shared group mailbox. At least one of `mailEnabled` or `securityEnabled` must be specified. Only Microsoft 365 groups can be mail enabled (see the `types` property).
     */
    mailEnabled?: pulumi.Input<boolean>;
    /**
     * The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.
     */
    mailNickname?: pulumi.Input<string>;
    /**
     * The object ID of the group.
     */
    objectId?: pulumi.Input<string>;
    /**
     * The on-premises FQDN, also called dnsDomainName, synchronised from the on-premises directory when Azure AD Connect is used.
     */
    onpremisesDomainName?: pulumi.Input<string>;
    /**
     * The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.
     */
    onpremisesGroupType?: pulumi.Input<string>;
    /**
     * The on-premises NetBIOS name, synchronised from the on-premises directory when Azure AD Connect is used.
     */
    onpremisesNetbiosName?: pulumi.Input<string>;
    /**
     * The on-premises SAM account name, synchronised from the on-premises directory when Azure AD Connect is used.
     */
    onpremisesSamAccountName?: pulumi.Input<string>;
    /**
     * The on-premises security identifier (SID), synchronised from the on-premises directory when Azure AD Connect is used.
     */
    onpremisesSecurityIdentifier?: pulumi.Input<string>;
    /**
     * Whether this group is synchronised from an on-premises directory (`true`), no longer synchronised (`false`), or has never been synchronised (`null`).
     */
    onpremisesSyncEnabled?: pulumi.Input<boolean>;
    /**
     * A set of owners who own this group. Supported object types are Users or Service Principals
     */
    owners?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * The preferred language for a Microsoft 365 group, in ISO 639-1 notation.
     */
    preferredLanguage?: pulumi.Input<string>;
    /**
     * If `true`, will return an error if an existing group is found with the same name. Defaults to `false`.
     */
    preventDuplicateNames?: pulumi.Input<boolean>;
    /**
     * A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.
     */
    provisioningOptions?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * List of email addresses for the group that direct to the same group mailbox.
     */
    proxyAddresses?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Whether the group is a security group for controlling access to in-app resources. At least one of `securityEnabled` or `mailEnabled` must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the `types` property).
     */
    securityEnabled?: pulumi.Input<boolean>;
    /**
     * The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.
     */
    theme?: pulumi.Input<string>;
    /**
     * A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when `mailEnabled` is true. Changing this forces a new resource to be created.
     *
     * > **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.
     */
    types?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.
     *
     * > **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the `preventDuplicateNames` argument to check for existing groups if you want to avoid name collisions.
     */
    visibility?: pulumi.Input<string>;
    /**
     * Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.
     */
    writebackEnabled?: pulumi.Input<boolean>;
}
/**
 * The set of arguments for constructing a GroupWithoutMembers resource.
 */
export interface GroupWithoutMembersArgs {
    /**
     * The object IDs of administrative units in which the group is a member. If specified, new groups will be created in the scope of the first administrative unit and added to the others. If empty, new groups will be created at the tenant level.
     *
     * > **Caution** When using the azuread.AdministrativeUnitMember resource, or the `members` property of the azuread.AdministrativeUnit resource, to manage Administrative Unit membership for a group, you will need to use an `ignoreChanges = [administrativeUnitIds]` lifecycle meta argument for the `azuread.Group` resource, in order to avoid a persistent diff.
     */
    administrativeUnitIds?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Indicates whether this group can be assigned to an Azure Active Directory role. Defaults to `false`. Can only be set to `true` for security-enabled groups. Changing this forces a new resource to be created.
     */
    assignableToRole?: pulumi.Input<boolean>;
    /**
     * Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    autoSubscribeNewMembers?: pulumi.Input<boolean>;
    /**
     * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
     */
    behaviors?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * The description for the group.
     */
    description?: pulumi.Input<string>;
    /**
     * The display name for the group.
     */
    displayName: pulumi.Input<string>;
    /**
     * A `dynamicMembership` block as documented below. Required when `types` contains `DynamicMembership`. Cannot be used with the `members` property.
     */
    dynamicMembership?: pulumi.Input<inputs.GroupWithoutMembersDynamicMembership>;
    /**
     * Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `externalSendersAllowed` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    externalSendersAllowed?: pulumi.Input<boolean>;
    /**
     * Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `hideFromAddressLists` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    hideFromAddressLists?: pulumi.Input<boolean>;
    /**
     * Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups.
     *
     * > **Known Permissions Issue** The `hideFromOutlookClients` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation.
     */
    hideFromOutlookClients?: pulumi.Input<boolean>;
    /**
     * Whether the group is a mail enabled, with a shared group mailbox. At least one of `mailEnabled` or `securityEnabled` must be specified. Only Microsoft 365 groups can be mail enabled (see the `types` property).
     */
    mailEnabled?: pulumi.Input<boolean>;
    /**
     * The mail alias for the group, unique in the organisation. Required for mail-enabled groups. Changing this forces a new resource to be created.
     */
    mailNickname?: pulumi.Input<string>;
    /**
     * The on-premises group type that the AAD group will be written as, when writeback is enabled. Possible values are `UniversalDistributionGroup`, `UniversalMailEnabledSecurityGroup`, or `UniversalSecurityGroup`.
     */
    onpremisesGroupType?: pulumi.Input<string>;
    /**
     * A set of owners who own this group. Supported object types are Users or Service Principals
     */
    owners?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * If `true`, will return an error if an existing group is found with the same name. Defaults to `false`.
     */
    preventDuplicateNames?: pulumi.Input<boolean>;
    /**
     * A set of provisioning options for a Microsoft 365 group. The only supported value is `Team`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for details. Changing this forces a new resource to be created.
     */
    provisioningOptions?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Whether the group is a security group for controlling access to in-app resources. At least one of `securityEnabled` or `mailEnabled` must be specified. A Microsoft 365 group can be security enabled _and_ mail enabled (see the `types` property).
     */
    securityEnabled?: pulumi.Input<boolean>;
    /**
     * The colour theme for a Microsoft 365 group. Possible values are `Blue`, `Green`, `Orange`, `Pink`, `Purple`, `Red` or `Teal`. By default, no theme is set.
     */
    theme?: pulumi.Input<string>;
    /**
     * A set of group types to configure for the group. Supported values are `DynamicMembership`, which denotes a group with dynamic membership, and `Unified`, which specifies a Microsoft 365 group. Required when `mailEnabled` is true. Changing this forces a new resource to be created.
     *
     * > **Supported Group Types** At present, only security groups and Microsoft 365 groups can be created or managed with this resource. Distribution groups and mail-enabled security groups are not supported. Microsoft 365 groups can be security-enabled.
     */
    types?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * The group join policy and group content visibility. Possible values are `Private`, `Public`, or `Hiddenmembership`. Only Microsoft 365 groups can have `Hiddenmembership` visibility and this value must be set when the group is created. By default, security groups will receive `Private` visibility and Microsoft 365 groups will receive `Public` visibility.
     *
     * > **Group Name Uniqueness** Group names are not unique within Azure Active Directory. Use the `preventDuplicateNames` argument to check for existing groups if you want to avoid name collisions.
     */
    visibility?: pulumi.Input<string>;
    /**
     * Whether the group will be written back to the configured on-premises Active Directory when Azure AD Connect is used.
     */
    writebackEnabled?: pulumi.Input<boolean>;
}
