Im trying to deploy Azure Function App in Azure Devops but I received the following error:
failed to create an app in azure active directory - insufficient privileges
Look the following image:
Asked
Active
Viewed 1.2k times
5
-
2well, pretty much what the error says, you need application administrator permissions to create applications in Azure AD. – 4c74356b41 Sep 25 '19 at 18:09
-
Application Developer role works too :) – juunas Sep 26 '19 at 05:14
1 Answers
9
Very agree with what @4c74356b41 commented above, but not the only solution you can try with.
As what the error message said:
Insufficient privileges to complete the operation.Ensure that the user has permission to create an Azure Active Directory application.
This is an Insufficient privileges issue, and has two solutions to solve it. These two solution can apply depend on different actual situations.
(1) If you only have guest permission in AAD, then meet this error in Azure Devops.
Just go contact the admin to grant the minimum additional permissions to you. For how to grant this, please due to this doc. Let the admin to set Guest user permissions are limited to No. At this time, you will get the minimum additional permissions.
(2) If you are the member of AAD, and just not be authorized to add applications in the directory.
Go User settings, then change Users can register applications to Yes under App registrations section.
Please refer to this section: The user is not authorized to add applications in the directory.
At last, the other way is grant you the global admin role. But this depend on your company policy. If the policy allowed, please let the admin follow the doc.
Note: I do not recommend this way since this is a very important role in AAD.
Mengdi Liang
- 17,577
- 2
- 28
- 35
-
I'm not sure why you would recommend granting global admin role just to register apps? The official Microsoft guidelines say you should always minimise the amount of global admins. Application Developer role is enough. Granting permissions might then need admin approval of course. – juunas Sep 26 '19 at 05:16
-
@juunas. Thanks for your comment. In fact, I'm not recommend. For most company policy, this is a very important role in AAD. So, I firstly recommend grant the minimum additional permission if this user is a guest role in AAD, or ensure the permission **Users can register applications** is allow. – Mengdi Liang Sep 26 '19 at 05:22
-
Sure, but mentioning the "easy" solution is going to make a lot of people do that. It would be good to mention what the minimum role is. There is also the option of making this user a Member + enabling Users can register apps – juunas Sep 26 '19 at 05:23
-
1@juunas. Got it. Updating my answer to mention these details. Thus it would not be confused by others. – Mengdi Liang Sep 26 '19 at 05:27