App Roles Manifest Limit

Fraczek, Rafal SW/WRO-DCDZA 121 Reputation points


do you know how the default application role "Default Access" that is assigned by default to each group we add to Ent. Application is counted? A user can be assigned to multiple groups and can have multiple assignments to the same application role (Default Access). Is each assignment to the same application role from different groups counted as 1 or as multiple occurrences that need to be taken into account with a limit of 1500 App Role assignments for a given user.

Thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,094 questions
{count} votes

Accepted answer
  1. Shweta Mathur 28,771 Reputation points Microsoft Employee

    Hi @Fraczek, Rafal SW/WRO-DCDZA

    Thanks for reaching out.

    As @Andy David - MVP has mentioned default access doesn't count as a role assignment. This is the default value assigned to users when the application doesn't have any role defined. 

    Once you define application Roles and assigned to users in the group, you cannot assign the "Default Access" to the application anymore. These roles are not counted and cannot be considered with a limit of 1500 App Role assignments for a given user.

    Hope this will help.



    Please remember to "Accept Answer" if answer helped you.

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 143.6K Reputation points MVP

    I don't think default access counts as a role assignment, only the ones explicitly assigned to the user