assign Graph API and Defender XDR permissions to specific system-assigned managed identities

Reinaldo Malo 25 Puntos de reputación
2025-01-30T22:55:05.4+00:00

Hello, Teams

I have 2 applications that are in Enterprise applications but the same are stored within a Logics Apps and I am requesting that I have to assign certain permissions for modules such as Windows Defender ATP, Microsoft Threat Protection, Microsoft Graph, Office 365 Management API, but to give them permissions Administrator, the option is disabled and will not let me continue, I would like that we could make a session to give more details of the failure.

**What I do not see is the option to register the application, [**To configure requested permissions for apps you own, use the app registration.]

Attached is an image of the failure that I am experiencing.

imagen.png

I need your help with this issue please.

Regards,

Reinaldo Malo

Azure
Azure
Plataforma e infraestructura de informática en la nube para crear, implementar y administrar aplicaciones y servicios a través de una red mundial de centros de datos administrados por Microsoft.
558 preguntas
0 comentarios No hay comentarios
{count} votos

1 respuesta

Ordenar por: Muy útil
  1. Gao Chen 6,855 Puntos de reputación Proveedor de Microsoft
    2025-01-31T19:57:43.65+00:00

    Hello Reinaldo Malo,

    Welcome to Microsoft Q&A!

    It sounds like you might not have the necessary administrative roles to grant admin consent. Here are a few steps to help you enable this option:

    1. Check Your Role:
      • Ensure you are signed in with a user account that has one of the following roles: Global Administrator, Privileged Role Administrator, Cloud Application Administrator, or Application Administrator.
    2. Enable Admin Consent Workflow:
      • If you don't have the required role, you can enable the admin consent workflow to allow users to request admin approval directly from the consent screen
      • Navigate to Microsoft Entra ID > Enterprise applications > Consent and permissions > Admin consent requests.
      • Configure the admin consent workflow to allow users to request approval
    3. Grant Tenant-Wide Admin Consent:
      • Sign in to the Microsoft Entra admin center as an administrator.
      • Go to Identity > Applications > Enterprise applications > All applications.
      • Select the application and go to Permissions under Security.
      • Review the permissions and select Grant admin consent

    If you're still unable to grant admin consent, you can try to use the Admin Consent URL:

    • Construct an admin consent URL and share it with an administrator who has the necessary permissions. The URL format is:
     https://login.microsoftonline.com/{tenant_id}/adminconsent?client_id={client_id}&redirect_uri={redirect_uri}&state={state}
    
    • Replace {tenant_id}, {client_id}, {redirect_uri}, and {state} with your specific values

    If the issue persists, it might be best to contact Microsoft Azure Support thru the Azure Portal for further assistance as they can help you out with support thru a session. I hope the information provided is useful!

    Regards,

    Gao


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".


Su respuesta

Las respuestas se pueden marcar como respuestas aceptadas por el autor de la pregunta, lo que ayuda a los usuarios a conocer la respuesta que resolvió el problema del autor.