@Yop Thanks for posting in our Q&A.
For this issue, I have done the test in my lab. In my test, I add the Application Manager role to my test user. When I login and try to deploy an app, it succeeded. The following are my steps can be a reference.
1.Create a user group and a device group.
2.Create an assignment to Application Manager role in Tenant administration > Roles
Members: All users in the listed Azure security groups have permission to manage the users/devices that are listed in Scope (Groups).
Scope (Groups): All users/devices in these Azure security groups can be managed by the users in Members.
In my test, I add the user group to Members and add device group to Scope (Groups).
3.Login MEM with the user account included in the user group and try to deploy an app to the device group. It shows success.
Hope it will help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.