You have an Azure subscription that contains a user named User1.
The App registration settings for the Azure AD tenant are configured as shown in the following exhibit.
User1 builds an ASP.NET web app named App1.
You need to ensure that User1 can register App1. The solution must use the principle of least privilege.
Which role should you assign to User1?
To allow User1 to register an application when the setting 'Users can register applications' is set to No, the correct role to assign is Application Developer. This role allows users to register and manage their own applications in Azure Active Directory and provides the necessary permissions without exceeding the least privilege principle.
"Assign the Application Developer role to grant the ability to create application registrations when the Users can register applications setting is set to No. This role also grants permission to consent on one's own behalf when the Users can consent to apps accessing company data on their behalf setting is set to No." https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-app-roles#grant-individual-permissions-to-create-and-consent-to-applications-when-the-default-ability-is-disabled
A. Application Developer. The Application Developer role is an Azure AD role that allows users to register and manage applications in their own name. It also allows users to consent to permissions requested by applications they register. This role follows the principle of least privilege, as it only grants the minimum permissions needed to register and manage applications.
Answer A: Application Developer The only 3 roles that can register an app are below. In order from least to highest permissions holdder. Application Administrator Cloud Application Administrator Application Administrator
Wrong list, sorry. Least to highest Application Developer Cloud Application Administrator Application Administrator