diff --git a/azuread/data_user.go b/azuread/data_user.go
index e85cb9d859..49f3ece4b5 100644
--- a/azuread/data_user.go
+++ b/azuread/data_user.go
@@ -105,6 +105,7 @@ func dataSourceUserRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("mail", user.Mail)
 	d.Set("mail_nickname", user.MailNickname)
 	d.Set("usage_location", user.UsageLocation)
+	d.Set("immutable_id", user.ImmutableID)
 
 	return nil
 }
diff --git a/azuread/resource_user.go b/azuread/resource_user.go
index 6d712eb02f..6f5889b7b3 100644
--- a/azuread/resource_user.go
+++ b/azuread/resource_user.go
@@ -70,6 +70,11 @@ func resourceUser() *schema.Resource {
 				Computed: true,
 			},
 
+			"immutable_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
 			"object_id": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -97,6 +102,11 @@ func resourceUserCreate(d *schema.ResourceData, meta interface{}) error {
 	accountEnabled := d.Get("account_enabled").(bool)
 	password := d.Get("password").(string)
 	forcePasswordChange := d.Get("force_password_change").(bool)
+	immutableID := d.Get("immutable_id").(string)
+	var pImmutableID *string
+	if immutableID != "" {
+		pImmutableID = &immutableID
+	}
 
 	//default mail nickname to the first part of the UPN (matches the portal)
 	if mailNickName == "" {
@@ -112,6 +122,7 @@ func resourceUserCreate(d *schema.ResourceData, meta interface{}) error {
 			Password:                     &password,
 		},
 		UserPrincipalName: &upn,
+		ImmutableID:       pImmutableID,
 	}
 
 	if v, ok := d.GetOk("usage_location"); ok {
@@ -160,6 +171,7 @@ func resourceUserRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("account_enabled", user.AccountEnabled)
 	d.Set("object_id", user.ObjectID)
 	d.Set("usage_location", user.UsageLocation)
+	d.Set("immutable_id", user.ImmutableID)
 	return nil
 }
 
@@ -201,6 +213,11 @@ func resourceUserUpdate(d *schema.ResourceData, meta interface{}) error {
 		userUpdateParameters.UsageLocation = p.String(usageLocation)
 	}
 
+	if d.HasChange("immutable_id") {
+		immutableID := d.Get("immutable_id").(string)
+		userUpdateParameters.ImmutableID = p.String(immutableID)
+	}
+
 	if _, err := client.Update(ctx, d.Id(), userUpdateParameters); err != nil {
 		return fmt.Errorf("Error updating User with ID %q: %+v", d.Id(), err)
 	}
diff --git a/azuread/resource_user_test.go b/azuread/resource_user_test.go
index 1509e1938e..e3e27e58af 100644
--- a/azuread/resource_user_test.go
+++ b/azuread/resource_user_test.go
@@ -204,6 +204,7 @@ resource "azuread_user" "test" {
   password              = "%[2]s"
   force_password_change = true
   usage_location        = "NO"
+  immutable_id          = "%[1]d"
 }
 `, id, password)
 }