locked
Delegated permisions for managing Azure AD Applications RRS feed

  • Question

  • Hi all,

    I have a requirement from a customer and I do not know if this is even possible. I hope somebody can shed some light on this topic.

    My customer wants to have delegated administration over the Azure AD Applications. This means that they want to have an Azure AD Applications administrator with permissions for performing tasks related to the Azure AD Applications administration, like:

    • adding or removing SaaS applications
    • being able to publish internal applications through the Azure AD App Proxy
    • Assign or remove users/groups from applications

    I have checked on Azure Role-Based Access Control feature (https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in-roles/), as it enables fine-grained control over who can manage what on all Azure services. However, there does not seem to be specific permissions for Azure AD (I guess because it is not migrated to the new resource group model yet).

    I have also checked the Privileged Identity Management feature, but it does not provide what we are looking for.

    Does anybody know if this is possible? If not, is this in the EMS roadmap?

    Regards,

    Simon

    Monday, July 25, 2016 1:16 PM

Answers