A short explanation about situation: A company has an Azure tenant with Active directory integration. The AD is maintained by system administrators. An Azure dev/test subscription is created to deploy workloads by development engineers. The engineers have owner role on the subscription.
When creating certain workloads or Azure Devops service connections, service principals can be automatically created to allow to do certain tasks. For example pull an image from a Azure registry by workload X. This can be initiated using the interface of the portal or Azure devops.
The problem occurres when for for example a service connection in Azure Devops is being created by an owner of the subscription, but is not system administrator. The error reported that the user doesnt have the permission to setup the service principal.
In the case of this company, another department is involved which means days delay. Is it possible to setup a Azure subscription with AD integration where subscription owners, which are not system administrators, can create service principals?