What is Azure Directory Application owner?

TW 21 Reputation points
2020-11-12T18:34:52.067+00:00

I am trying to renew an expired certificate for Run as accounts in Automation Account. I got the following message.

"... to renew certificate need a Azure Directory Application owner or Azure directory Global Administrator/Company Administrator. "

I am a co-administrator in the subscription and have full access to all resources in the subscription. After I got this message, then I assigned myself as an owner of this resource. But, it did not work. Yes, I am not a global administrator. I'd like to understand what is the "Azure Directory Application owner". Looking forward to hearing your thoughts.

Thank you!

TW

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,608 questions
Accepted answer
  1. Roderick Bant 2,046 Reputation points
    2020-11-12T20:01:17.297+00:00

    There are diffences between Azure RBAC roles,.such as co-administrator on your subscription, and Azure AD roles like Global Administrator. Azure RBAC roles manages Azure resources like virtual machines, app service etc. Azure AD roles manage access to Objects in Azure AD like user accounts and app registrations; all identity relatated stuff.

    Azure automation uses an App registration (which is an identity in Azure AD) with the certificate that need to be updated. So in this case you actually need the Application Administrator Azure AD role to manage app registrations in Azure AD. Find instructions on assigning Azure AD roles here.

    You can find the details on the different kinds of roles here

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest