Custom Azure AD Role to grant the admin consent for the tenant in API permission in App Registration

surindersingh dhaliwal 86 Reputation points
2023-03-22T11:14:18.5633333+00:00

Hello ,

Currently we have a built Azure AD roles which can use to grant the admin consent in API permission in App Registrations(Global Administrator/Privileged Role Administrator).

Both roles has the Highest privileges so need to create the custom role which can do only below function

Grant the admin consent for tenant in API permission in App Registrations

Any help would be appreciated

Thanks in advanced

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,461 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 104.3K Reputation points MVP
    2023-03-22T11:18:19.1+00:00

    This depends on the type of permissions you need to consent to, generally speaking only Delegate permissions can be handled by less privileged roles. Refer to the table below from the official documentation: https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#enterprise-applications

    Task Least privileged role Additional roles
    Consent to any delegated permissions Cloud Application Administrator Application Administrator
    Consent to application permissions not including Microsoft Graph Cloud Application Administrator Application Administrator
    Consent to application permissions to Microsoft Graph Privileged Role Administrator
    Consent to applications accessing own data Default user role
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.