I'm trying to figure out how to let a staff member, who doesn't have admin access, consent on behalf of our organization for adding apps to Entra. I really want to avoid giving them the Privileged Role Administrator role, but this user needs the ability to consent to applications that use Graph, both for delegated and application roles. I know Cloud Application Administrator and Application Administrator roles won't fit the bill here. It seems like using a custom directory role might be the way forward. I came across a few articles, but they seem pretty complicated, and I'm hoping someone here has practical experience with this. Has anyone successfully set this up? Thanks!
3 Answers
Absolutely not! Even if they're high-ranking, proper protocols need to be followed. If they're VIPs, consider providing a dedicated contact so they can get responses quickly. But letting them approve apps without review? That's a no-go!
You might want to look into automating the consent process with something like Jira for tracking requests. There are tools to streamline that and keep it secure.
I totally get where you're coming from. It's a tough position to be in, especially with someone at a high level pushing for approvals without due diligence. Just make sure you give them all the info about permissions involved. Maybe suggest using Privileged Identity Management (PIM) to keep things more secure.
Related Questions
Fix Not Being Able To Add New Categories With Intuitive Category Checklist For Wordpress
Get Real User IP Without Installing Cloudflare Apache Module
How to Get Total Line Count In Visual Studio 2013 Without Addons
Install and Configure PhpMyAdmin on Centos 7
How To Setup PostfixAdmin With Dovecot and Postfix Virtual Mailbox
Dovecot Error Unknown database driver mysql