Restrict Access to Azure Administration Portal Except to App Registration Owners

Anon4343 471 Reputation points
2022-05-11T19:55:36.747+00:00

We enabled Restrict Access to Azure Administration Portal, but not our developers cannot view their own Enterprise applications and app registrations because they do not have an Active Directory administrator role. How can I grant the developers read access to Active Directory so that they can get to their owned applications while still blocking access to the general user base?

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,419 questions
0 comments No comments
{count} votes

Accepted answer
  1. 2022-05-12T01:00:00.273+00:00

    Hello @Anon4343 , once the option has been selected (non-admin) users won't be able to access selected portions of the portal unless they're assigned roles with microsoft.directory/servicePrincipals/* and microsoft.directory/applications/* permissions such as Directory Readers which will allow them to read all applications and manage the ones they own (Thanks to [@](/users/na/?userId=8df21f96-00b3-4468-9ab0-920de03d09fc) for mentioning this one).

    Also, they can manage their applications through Powershell or directly through the MS Graph API or you can disable the setting and block them for accessing additional resources.

    Please let us know if you need additional assistance.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.