0

Currently we have a built Azure AD roles which can use to grant the admin consent in API permission in App Registrations (Global Administrator/Privileged Role Administrator).

Both roles have the Highest privileges so need to create the custom role which can do only below function.

Grant the admin consent for tenant in API permission in App Registrations.

mkrieger1
  • 19,194
  • 5
  • 54
  • 65
Suri007
  • 71
  • 1
  • 7

1 Answers1

0

Here's the tutorial for create custom roles which guiding users to going to Azure portal -> Azure AD -> Roles and administrators to create the role, but it requires Azure AD Premium P1 or P2 license.

enter image description here

And your requirement is consenting for tenant in API permission, I'm afraid you can check this section to comparing the permissions with the Global Admin to make sure how many permissions you want to assign exactly, and for grant api permission, I'm afraid it's microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin.

enter image description here enter image description here

Tiny Wang
  • 10,423
  • 1
  • 11
  • 29
  • Hi , Thank you for the Answer, But when i am trying to create the Custom Role, I am not able to see the below permission to select. I can see this permission in Global administrator. microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin – Suri007 Mar 23 '23 at 12:36
  • can you search and find the `managePermissionGrantsForAll.microsoft-company-admin` like the screenshot I shared? I added a new screenshot – Tiny Wang Mar 23 '23 at 12:57
  • I added "managePermissionGrantsForAll.microsoft-company-admin" permission via CLI to azure and made a custom role. Assigned this role to the user but still he is not able to grant the admin consent. – Suri007 Apr 25 '23 at 10:43