You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D. E.BC
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consentTo grant admin consent for an application, a user must be assigned a role that has the necessary permissions to perform this action. The role must have the Application.ReadWrite.All permission, which allows the user to consent to permissions on behalf of the organization.
Out of the provided options, the roles that can grant User1 admin consent for the published apps are:
A. Security Administrator: This role allows the user to manage security-related aspects of Azure resources, including Azure AD, and assign access permissions to users for various applications. It provides the necessary permission to grant admin consent for published apps.
B. Cloud Application Administrator: This role allows the user to manage cloud applications in Azure AD, including creating, editing, and deleting applications, and managing application permissions. It provides the necessary permission to grant admin consent for published apps.
The other roles provided in the options are not suitable for granting admin consent for published apps. The User administrator role can only manage user accounts and settings, while the Application Administrator role can only manage enterprise applications' lifecycle. The Application Developer role can create and manage apps, but does not have permission to grant admin consent.
Therefore, to ensure that User1 can grant admin consent for the published apps, either the Security Administrator or Cloud Application Administrator role can be assigned to them.