Application roles in Azure Active Directory (Azure AD) allow administrators to club permissions of an application into a single collective and assign it to resources. This allows them to decide who has control over certain data and functions of the application. Application roles can be assigned to Azure AD groups for granting permissions over an application to multiple members conveniently. The cmdlet New-AzureADGroupAppRoleAssignment allows us to assign existing application roles to an Azure AD group.
The following is an example script for retrieving a list of the application roles assigned to an Azure AD group.
where <GroupID> denotes the ObjectID of the Azure AD group for which the application roles should be assigned to, <AppRoleId> denotes the objectID of the application role to be assigned to the Azure AD group, <principalID> refers to the objectID of the Azure AD group for which the application roles should be assigned to ,and <resourceId> refers to the ObjectID of the enterprise application object for which the role is created for.
ManageEngine ADManager Plus is a unified Active Directory (AD), Microsoft 365, Exchange, and Google Workspace management and reporting solution. With ADManager Plus, you can use the following features to improve your organizational workflow:
For AD User Management
For AD User Reporting
For GPO Management
For Password Management
For AD Group Management
For File Access Management
For AD Computer Management
For Office 365 Management
For Exchange Management