![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 7.000000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
The Application Developer Role will provide the ability to create App Registrations, but is only necessary in a Azure AD tenant where users are restricted from creating app registrations:
If you want a user to be able to manage Enterprise Applications, that is, registering/creating applications that are external to the organization (such as Salesforce, ServiceNow, etc), you would want to provide the user Application Administrator or Cloud Application Administrator
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#application-administrator
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#cloud-application-administrator
I would note that this level of access is considered privileged and should only be granted to users who align to this role within your organization. If you simply want the user to be able to manage certain Enterprise Applications, a privileged user can create the Enterprise Application and then delegate control.
Application consent for delegated permissions and application permissions for Microsoft Graph can only be performed by Global Admins.
