Restrict Azure AD app registration to a set of users

%3CLINGO-SUB%20id%3D%22lingo-sub-118458%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118458%22%20slang%3D%22en-US%22%3E%3CP%3ENo%20such%20granularity%20is%20supported%2C%20afaik.%20Simply%20toggle%20it%20off%20and%20give%20administrative%20permissions%20to%20the%20people%20that%20need%20to%20manage%20apps.%20Or%20have%20them%20contact%20an%20admin.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-734617%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-734617%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78712%22%20target%3D%22_blank%22%3E%40Tom%20Glorieux%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20I%20am%20also%20facing%20the%20same%20problem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20guys%20have%20any%20update%20on%20this%20issue%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3ERupesh%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1533898%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1533898%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46639%22%20target%3D%22_blank%22%3E%40Rupesh%20Kumar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20realize%20this%20is%20an%20old%20thread%2C%20but%20significant%20new%20capabilities%20are%20available%20now%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fcustom-roles-for-app-registration-management-is-now-in-public%2Fba-p%2F789101%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fcustom-roles-for-app-registration-management-is-now-in-public%2Fba-p%2F789101%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20both%20built-in%20roles%20that%20might%20apply%20for%20your%20scenario%20(Application%20Developer%20and%20Application%20Administrator)%2C%20as%20well%20as%20the%20ability%20to%20create%20new%20custom%20roles.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-118112%22%20slang%3D%22en-US%22%3ERestrict%20Azure%20AD%20app%20registration%20to%20a%20set%20of%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-118112%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20Azure%20AD%20we%20can%20configure%20'users%20can%20register%20applications'%20to%20yes%20or%20no%20(which%20is%20set%20to%20yes%20by%20default)%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Snap%202017-10-19%20at%2009.29.39.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F22443i5F83740C03ED9480%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Snap%202017-10-19%20at%2009.29.39.png%22%20alt%3D%22Snap%202017-10-19%20at%2009.29.39.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20how%20can%20we%20limit%20the%20ability%20of%20app%20registration%20to%20a%20set%20of%20users%20(for%20example%2C%20using%20a%20security%20group).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-118112%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hello,

 

In Azure AD we can configure 'users can register applications' to yes or no (which is set to yes by default):

Snap 2017-10-19 at 09.29.39.png

 

But how can we limit the ability of app registration to a set of users (for example, using a security group).

 

thanks!

3 Replies

No such granularity is supported, afaik. Simply toggle it off and give administrative permissions to the people that need to manage apps. Or have them contact an admin.

@Tom Glorieux @Vasil Michev  I am also facing the same problem.

 

Do you guys have any update on this issue?

 

Regards

Rupesh

@Rupesh Kumar 

I realize this is an old thread, but significant new capabilities are available now:

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/custom-roles-for-app-registra...

 

There are both built-in roles that might apply for your scenario (Application Developer and Application Administrator), as well as the ability to create new custom roles.