Hi @useR •
Thank you for sharing your issue on Microsoft Q&A.
I Understand that in your Entra tenant, if all your Enterprise Applications have roles and administrators assigned with the Cloud Application Administrator role, which is labeled as a Privileged Role.
In addition to the information provided by @akinbade abiola •
- You can create custom roles and assign them to users, granting the specific privileged permissions required for managing the credentials and permissions of enterprise applications.
- microsoft.directory/applications/credentials/update: This permission allows authorized users to create, update, or delete credentials, such as passwords, certificates, and client secrets, for both single-tenant and multi-tenant applications.
- microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks: This permission enables users to manage all aspects of OAuth2 permission grants for applications, including configuring and modifying the access permissions granted to the app.
- microsoft.directory/servicePrincipals/credentials/update: This permission allows users to update the credentials of service principals, which are identities that represent applications within Microsoft Entra (Azure AD).
- Assigning the Cloud Application Administrator role to an application is a high-risk action, as it grants the user the ability to manage all aspects of the application, including its credentials and permissions. Therefore, it is recommended to assign this role only to trusted users who require this level of access.
If you have specific needs for managing the credentials and permissions of your enterprise applications, you can create custom roles with the appropriate permissions and assign them to the relevant users. This helps restrict access to only what's necessary, reducing the risk of unauthorized access or accidental changes.
For additional information Refer this links: Custom role permissions for app registration - Microsoft Entra ID | Microsoft Learn
Microsoft Entra Roles & Application Access - Application Administrator Role & Cloud Application Administrator Role
Hope this helps. Do let us know if you have any further queries.
Best Regards.
Harshitha Eligeti.