Azure App Registration "Roles and administrators"

Question

can anyone tell what "Roles and administrators" under App Registration (as well as Enterprise Application) is there for?

Seems that it always has "Cloud Application Administrator", but this role is NOT assigned to the service principal. I didn't find any documentation about it, maybe I'm missing something here.

Thank you!

score 1 · Answer 1 · answered Jan 27 '23 at 14:15

Well, after searching/debugging for hours it seems that I just solved it a few minutes later when searching for a slightly different thing:

Role assignments at the organization-wide scope are added to and can be seen in the list of single application role assignments.
Role assignments at the single application scope aren't added to and can't be seen in the list of organization-wide scoped assignments.

So the Cloud Application Administrator is scoped to this app registration only. This also explains why I wasn't able to create SP's with this service principal (since it would need the organisation-wide assignment)

https://learn.microsoft.com/en-us/azure/active-directory/roles/view-assignments

Azure App Registration "Roles and administrators"

1 Answers1