1

In 'Azure Portal - App Registration' page permissions can be assigned in 'Configured permissions' or 'Other permissions granted for AD', i would like to understand,

  1. Difference between them
  2. In which scenario should either of them be preferred

My understanding is,

  1. 'Configured permissions' relates to the Application object permissions, and the 'Other permission granted for xxAD' relates to permissions granted for the ServicePrinciple associated with the App.
  2. I am assuming this largely depends on whether the app is single-tenant or multi-tenant, but do not have definitive thoughts on this.

enter image description here

user527614
  • 465
  • 5
  • 19
  • Configured permissions are the API permissions you add to the application. When you remove the permissions from the Configured permissions they reflect in the other permissions section (API permissions for which you have granted Admin consent). – Rukmini Nov 02 '22 at 11:09
  • @Rukmini: I would like to understand if there is difference between these two sections? In my tests i haven't noticed difference in behavior between 'Configured Perm.' and 'Other Perm.', if so, why have these different sections? – user527614 Nov 02 '22 at 14:31
  • @Rukmini you described how UI logic works. I'm also curios what is the difference. When I add permissions via API they appear in "Other permissions" – norekhov Feb 02 '23 at 14:37
  • @Rukmini: Creating an App registration in Azure portal (UI) would also create 'Service principal' (SP) in the background, and configured permissions are added to the SPs - further, 'Grant admin consent..' is actually grant for the SP. However, when the App registration is created through API, the SP needs to be created explicitly, assigning of permission also need to be done explicitly. The 'Other permissions' seen above is because the permission is assigned only to app registration and not to SP. The moment the permission is assigned to SP it will no longer show under 'Other permission'. – user527614 Feb 06 '23 at 11:50

0 Answers0