Restrict Azure AD app registration to a set of users

%3CLINGO-SUB%20id%3D%22lingo-sub-118458%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118458%22%20slang%3D%22en-US%22%3E%3CP%3ENo%20such%20granularity%20is%20supported%2C%20afaik.%20Simply%20toggle%20it%20off%20and%20give%20administrative%20permissions%20to%20the%20people%20that%20need%20to%20manage%20apps.%20Or%20have%20them%20contact%20an%20admin.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-734617%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-734617%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78712%22%20target%3D%22_blank%22%3E%40Tom%20Glorieux%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20I%20am%20also%20facing%20the%20same%20problem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20guys%20have%20any%20update%20on%20this%20issue%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3ERupesh%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1533898%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1533898%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46639%22%20target%3D%22_blank%22%3E%40Rupesh%20Kumar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20realize%20this%20is%20an%20old%20thread%2C%20but%20significant%20new%20capabilities%20are%20available%20now%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fcustom-roles-for-app-registration-management-is-now-in-public%2Fba-p%2F789101%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fcustom-roles-for-app-registration-management-is-now-in-public%2Fba-p%2F789101%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20both%20built-in%20roles%20that%20might%20apply%20for%20your%20scenario%20(Application%20Developer%20and%20Application%20Administrator)%2C%20as%20well%20as%20the%20ability%20to%20create%20new%20custom%20roles.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118112%22%20slang%3D%22en-US%22%3ERestrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118112%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20Azure%20AD%20we%20can%20configure%20'users%20can%20register%20applications'%20to%20yes%20or%20no%20(which%20is%20set%20to%20yes%20by%20default)%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Snap%202017-10-19%20at%2009.29.39.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22443i5F83740C03ED9480%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Snap%202017-10-19%20at%2009.29.39.png%22%20alt%3D%22Snap%202017-10-19%20at%2009.29.39.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20how%20can%20we%20limit%20the%20ability%20of%20app%20registration%20to%20a%20set%20of%20users%20(for%20example%2C%20using%20a%20security%20group).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-118112%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

Hello,

 

In Azure AD we can configure 'users can register applications' to yes or no (which is set to yes by default):

Snap 2017-10-19 at 09.29.39.png

 

But how can we limit the ability of app registration to a set of users (for example, using a security group).

 

thanks!

3 Replies
Highlighted

No such granularity is supported, afaik. Simply toggle it off and give administrative permissions to the people that need to manage apps. Or have them contact an admin.

Highlighted

@Tom Glorieux @Vasil Michev  I am also facing the same problem.

 

Do you guys have any update on this issue?

 

Regards

Rupesh

Highlighted

@Rupesh Kumar 

I realize this is an old thread, but significant new capabilities are available now:

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/custom-roles-for-app-registra...

 

There are both built-in roles that might apply for your scenario (Application Developer and Application Administrator), as well as the ability to create new custom roles.