A hole in Azure Active Directory: Microsoft ought to list the roles a registered application has
by Patrick Lee on 25 Aug 2022 in categories tech with tags ActiveDirectory AzureA glaring hole in the Azure portal for Azure Active Directory
At present, the user interface is terrible to find role assignments in the Azure portal: there does not seem to be any way to find the roles assigned to a particular registered app.
Instead, you have to select a role and then you can find which apps have been assigned to that role. But there are dozens of roles, so you would have to try them all to see which roles a particular app has!
Microsoft should fix this by adding a Roles link when you select a particular registered app, showing the roles that have been assigned to that app.
Leave a trail (for yourself and the rest of the team)
So if you add a role to an app, to make this self-documenting, add a description to the app in the Internal notes section:
This registered app is used. It does not need any API permissions (no API permissions allow user passwords to be changed). Instead it just needs User Administrator role.