We use Azure AD for all of our company's login, email, windows authentication etc.
We also have a developer team who make web applications which utilise Azure authentication.
Right now they have to ask IT each time they want to add new App Registrations or extend existing ones (e.g. add/edit Redirect URIs)
We want to be able to allow access to the developer team to do this themselves through the Azure portal, but we don't want to give them access to other parts of AD (for example to be able to modify user accounts/groups)
Is it possible to restrict access to only the App Registration section of the Azure AD administration section for a certain group of people?
Thank you!
Yes, there is actually a predefined Azure AD directory role to delegate exactly that function in question. It's called "Cloud Application Administrator".