I suggest you ...

← (General Feedback)

Allow granular management access of AAD groups by service principals

We have a scenario where we would like to use automation to manage membership of an AAD group.

We assign group owner permissions to the service principal. However, operations against that group (using Powershell cmdlets like Add-AzureAdGroupMember) fail with a 403 Forbidden.

We cannot grant Directory.ReadWrite permissions to the AAD application, because that would allow write permissions on the entire AAD directory, not just the group that the AAD application owns.

According to Azure support, the scenario where I would like my service principal to manage groups that it owns is not currently possible. Can we make it possible?

50 votes

Vote

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Alan Chen shared this idea · Jun 1, 2018 · Flag idea as inappropriate… · Admin →

1 comment

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Esccort in Oman commented · August 20, 2020 9:21 PM · Flag as inappropriate

+96893560417 | The pretty sovereigns from Muscat are the awesome call youngsters in Muscat Oman. goes with Service Muscat bring the unique intrigue and luxury Escorts Service Muscat we Have Top Escort youngsters from all over Oman. +96893560417

Vist Site: https://bit.ly/32f71Dl

Submitting...

(General Feedback): azure.microsoft.com

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 5,401 ideas
- ACE Tools 49 ideas
- Additional Services 323 ideas
- Analytics Platform System 16 ideas
- API Apps 0 ideas
- API Management 583 ideas
- Automation 500 ideas
- Azure Active Directory 4,511 ideas
- Azure Active Directory Application Requests 267 ideas
- Azure Advisor 32 ideas
- Azure Analysis Services 175 ideas
- Azure API for FHIR 12 ideas
- Azure App Configuration 36 ideas
- Azure Arc 22 ideas
- Azure Backup 472 ideas
- Azure Blockchain Service 9 ideas
- Azure Bot Service 29 ideas
- Azure Certified Device 14 ideas
- Azure Cloud Shell 342 ideas
- Azure Confidential Compute 1 idea
- Azure Container Instances 146 ideas
- Azure Container Registry 88 ideas
- Azure Cosmos DB 236 ideas
- Azure CycleCloud 3 ideas
- Azure Data Explorer 166 ideas
- Azure Data Share 9 ideas
- Azure Database for MariaDB 16 ideas
- Azure Database for MySQL 62 ideas
- Azure Database for PostgreSQL 126 ideas
- Azure Database Migration Service 71 ideas
- Azure Databricks 203 ideas
- Azure Dev Spaces 9 ideas
- Azure Digital Twins 15 ideas
- Azure Event Grid 61 ideas
- Azure FarmBeats 11 ideas
- Azure Functions 214 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 192 ideas
- Azure HPC Cache 0 ideas
- Azure IoT (Hub, DPS, SDKs) 307 ideas
- Azure IoT Central 143 ideas
- Azure IoT Edge 80 ideas
- Azure IoT Security 1 idea
- Azure IoT Solution Accelerators 44 ideas
- Azure Key Vault 166 ideas
- Azure Kinect DK 59 ideas
- Azure Kubernetes Service (AKS) 262 ideas
- Azure Lighthouse 27 ideas
- Azure Management Groups 21 ideas
- Azure Maps 57 ideas
- Azure Marketplace 429 ideas
- Azure Media Services 234 ideas
- Azure Migrate 56 ideas
- Azure mobile app 278 ideas
- Azure Monitor 210 ideas
- Azure Monitor- Alert Management 147 ideas
- Azure Monitor-Application Insights 733 ideas
- Azure Monitor-Log Analytics 961 ideas
- Azure NetApp Files (ANF) 23 ideas
- Azure Pack 283 ideas
- Azure portal 2,121 ideas
- Azure Red Hat OpenShift 12 ideas
- Azure Remote Rendering 7 ideas
- Azure Reservations 191 ideas
- Azure Resource Manager 529 ideas
- Azure Search 271 ideas
- Azure Security Center 276 ideas
- Azure Sentinel 111 ideas
- Azure Service Health 35 ideas
- Azure SignalR Service 15 ideas
- Azure Spatial Anchors 27 ideas
- Azure Sphere 77 ideas
- Azure Spring Cloud 2 ideas
- Azure Stack HCI 0 ideas
- Azure Stack Hub 193 ideas
- Azure Synapse Analytics 373 ideas
- Azure TCO Calculator 30 ideas
- Azure Time Series Insights 25 ideas
- Batch 36 ideas
- Batch AI 10 ideas
- Biztalk Services 14 ideas
- Blockchain 53 ideas
- Cache 34 ideas
- Change Tracking 12 ideas
- Cloud Services (Web and Worker Role) 270 ideas
- Cost Management 290 ideas
- Cross region move for Azure resources 11 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 167 ideas
- Data Factory 1,033 ideas
- Data Lake 353 ideas
- Data Science VM 24 ideas
- Diagnostics and Monitoring 198 ideas
- Event Hubs 38 ideas
- Global Infrastructure 44 ideas
- HDInsight 130 ideas
- Lab Services 334 ideas
- Logic Apps 1,675 ideas
- Machine Learning 201 ideas
- Mobile Engagement 19 ideas
- Networking 1,326 ideas
- Notification Hubs 35 ideas
- Project Bonsai 28 ideas
- Scheduler 42 ideas
- Scripting and Command Line Tools 102 ideas
- SDK and Tools 142 ideas
- Security and Compliance 96 ideas
- Service Bus 193 ideas
- Service Fabric 301 ideas
- Signup and Billing 1,705 ideas
- Site Recovery 285 ideas
- SQL Data Sync 68 ideas
- SQL Database 814 ideas
- SQL Managed Instance 145 ideas
- SQL Server 10,436 ideas
- SQL Server - Big Data Clusters 44 ideas
- Storage 990 ideas
- StorSimple 26 ideas
- Stream Analytics 262 ideas
- Support Feedback 267 ideas
- System Center Data Protection Manager 147 ideas
- Update Management 172 ideas
- Virtual Machines 1,646 ideas
- Web Apps 572 ideas
Microsoft Azure