Restrict Access to Azure Administration Portal Except to App Registration Owners

Anon4343 431 Reputation points
2022-05-11T19:55:36.747+00:00

We enabled Restrict Access to Azure Administration Portal, but not our developers cannot view their own Enterprise applications and app registrations because they do not have an Active Directory administrator role. How can I grant the developers read access to Active Directory so that they can get to their owned applications while still blocking access to the general user base?

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
0 comments
Accepted answer
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,326 Reputation points
    2022-05-12T01:00:00.273+00:00

    Hello @Anon4343 , once the option has been selected (non-admin) users won't be able to access selected portions of the portal unless they're assigned roles with microsoft.directory/servicePrincipals/* and microsoft.directory/applications/* permissions such as Directory Readers which will allow them to read all applications and manage the ones they own (Thanks to [@](/users/na/?userId=8df21f96-00b3-4468-9ab0-920de03d09fc) for mentioning this one).

    Also, they can manage their applications through Powershell or directly through the MS Graph API or you can disable the setting and block them for accessing additional resources.

    Please let us know if you need additional assistance.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest