AzEntraIdRolesAdvertizer

last sync: 2025-Apr-29 17:09:03 Etc/UTC

Application Administrator - 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3
Entra Id Role definition

Display name Application Administrator
Id 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3
Description Can create and manage all aspects of app registrations and enterprise apps.
Detailed description Users in this role can add, manage, and configure enterprise applications, app registrations and manage on-premises like app proxy.
Categories identity
isPrivileged True Privileged
EntraOps Tier Level ControlPlane
#Resource Actions unique 125
#Resource Actions Operations unique 131
#Resource Actions privileged 4
#Resource Actions direct 72
Resource Actions inherited True
#Resource Actions inherited 54
Resource Actions inherited from Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b)
#Resource Actions overlap direct&inherited 1
Resource Actions overlap direct&inherited microsoft.directory/applicationPolicies/standard/read
#Resource Actions inherited to 0 other Entra Id Roles
Resource Actions inherited to n/a
#Resource Actions conditioned 0
#Resource Actions unconditioned 125
#NameSpaces 6
NameSpaces microsoft.azure.serviceHealth: 1
microsoft.azure.supportTickets: 1
microsoft.directory: 120
microsoft.office365.serviceHealth: 1
microsoft.office365.supportTickets: 1
microsoft.office365.webPortal: 1
Actions allTasks: 7
create: 5
delete: 5
disable: 1
enable: 1
manage: 6
managePermissionGrantsForAll: 1
other: 3
read: 66
restore: 1
update: 29
Operations actionVerbs DELETE: 10
GET: 66
n/a: 8
PATCH: 26
POST: 21
Resource Actions where Consent Policy applies 1
Resource Actions / Consent Policy Resource Action: microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-application-admin
Consent Policy: microsoft-application-admin
displayName: Application Admin Policy
description:Permissions consentable by Application Administrators.
includes: 2
excludes: 2
JSON enriched
JSON raw (v1.0 endpoint)
GET /roleManagement/directory/roleDefinitions/{id}
JSON raw (beta endpoint)
GET /roleManagement/directory/roleDefinitions/{id}