![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 73%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,455 questions
Hi @AD Dev • Thank you for reaching out.
You can certainly do that if you have required set of permissions in all the target tenants where you want to programmatically create application registration.
In order to create App Registration via API such as Graph API, you need to have below permissions in all the tenants where you want to register the applications:
- If you are using user context (by using the bearer token acquired with user credentials), Application.ReadWrite.All and Directory.AccessAsUser.All permissions are required.
- If you are using application/servicePrincipal context (by using the bearer token acquired with application credentials using client_credentials flow), Application.ReadWrite.OwnedBy and Application.ReadWrite.All permissions are required.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.