Blog Post

Microsoft Entra Blog

3 MIN READ

Hallelujah! Azure AD delegated application management roles are in public preview!

Microsoft

Sep 07, 2018

First published on CloudBlogs on Jun, 13 2018 Howdy folks, Today is a big day. I'm bouncing up and down at my PC as I type this because I'm just so happy to announce the public...

Updated Jul 24, 2020

Version 6.0

Product Announcements

Alex_Simons

Microsoft

Joined May 01, 2017

View Profile

Microsoft Entra Blog

Stay informed on how to secure access for any identity to any resource, anywhere, with comprehensive identity and network access solutions powered by AI.

Visit the homepage

astaykov

Copper Contributor

Nov 28, 2018

What is the purpose of Application Administrator Role, as it is affected by "Users can consent apps accessing company data on their behalf" option? If this option is set to "No", then Application Administrator cannot consent to any app any permission. With that respect, the Application Administrator is less powerful than Application Developer, and is equal to a regular user.

If I have to set "Users can consent apps accessing company data on their behalf" to "Yes", then why would I need Application Administrator role at all?

The statement in the description: "This role also grants the ability to consent to delegated permissions, and application permissions excluding Microsoft Graph and Azure AD Graph." is totally wrong and misleading, because every single user in my directory has that power when "Users can consent apps accessing company data on their behalf" is set to "Yes".