Azure AD Custom Role for Application Admin Role Assignment

Question

My requirement is I need to add users/applications to Application Administrator Role.

As per the ms design, only Global Admin has permission to add assignments to this role. But I don't want to give the Global Admin to many members rather, I'm trying to create a custom role that grants them to add users/applications into the Application Admin Role.

When I tried to research more on the exact permissions. I found the below permission
in Global Admin which I believe is needed for my requirement(custom role)

microsoft.directory/roleAssignments/allProperties/allTasks => Create and delete roleAssignments, and read and update all properties in Azure Active Directory.

However, the above permission is not able to use for any custom role

Is there any way to add the above permission to my custom role ?

Answer 1

So reached out to Microsoft support and they confirms right now the custom role is supported for the permissions including app reg and enterprise application. For role assignments, those permission aren't supported by custom roles.

---

My Workaround:

I created a group (security group) with role assignable and add that group to Application Administration Role. With this now I can manage the members (add/remove) from the group which inherited all the permissions from Application Administrator role