What built-in role is required for a Service principal to create new app registrations

Desmond Sindatry 71 Reputation points
2023-04-14T14:01:03.0233333+00:00

What built-in role is required for a service principal to create an "APP Registration" ? I looked at the built-in roles and did not find one. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Any ideas ?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,467 questions
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 43,016 Reputation points
    2023-04-17T03:00:29.8366667+00:00

    Hi @Desmond Sindatry
    Creating an application registration does not require a built-in role, you need to grant the Application.ReadWrite.All application permission to your service principal, then use the unattended client credentials flow to obtain an access token and call the create application API endpoint.

    User's image

    User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


1 additional answer

Sort by: Most helpful
  1. Rohit Kumar Sinha 1,336 Reputation points
    2023-04-14T14:04:33.77+00:00

    Hi Desmod , You can use Application admin role and it should work fine User's image

    If this is useful please click Accept Answer


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.