Azure Active Directory Group - controlling user access
I have a requirement to add users to an Azure Active Directory group with certain privileges.
For example, specific user added to adgroup1 gets edit access on application specific data, while the same user could be part of adgroup2 with read only access for different set of application data.
What would be the best practice to implement this? Appreciate the feedback.
I am afraid this could not be implemented, in Azure AD, a normal user (i.e. User type is member) has the default permissions to view all the AD Apps in the tenant, source here.
This could not be restricted, default permissions for member users can be restricted list here, even if you set Restrict access to Azure AD administration portal, the user can also get the information from other clients e.g. powershell.
For the edit permission, the user needs to be added as an Owner to the AD App, but the AAD group is not supported to be added as an Owner to the AD App.
- Windows Property Pages: Domain Path Not Shown on Security Tab
- Azure Entra ID tokens endpoint issues an expired token
- NativeObject try-catch does not catch a timed out error
- Getting "The server could not be contacted." when trying to access active directory
- Can't figure out how to delete a specific computer from AD using power shell. Can't find any solution anywhere
- Powershell - Create new user accounts from CSV & simultaneously populate these new accounts with template account info (Address & group membership)
- Unknown Error (0x80005000) with LDAPS Connection
- How to handle DC replication delay when enabling users and setting properties?
- Using application pool identity results in exceptions and event logs
- CORS issue using Angular application calling a .NET Core API using Sustainsys.Saml2 library and Azure Active Directory as Identity Provicer
- Is it possible to customize authentication flow in Azure?
- A few groups in my ad are not found by the following script
- System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred
- Cannot add user to Active Directory due to a "There is no such object on the server" error
- Connect to Active Directory using LdapConnection class on remote server
- Why is DirectorySearcher so slow when compared to PrincipalSearcher?
- How to search for users in Active Directory from ASP.NET Core
- How to supply the password as an argument in realm join to active directory command
- LDAP attribute to encode the language of human users mother tongue?
- How to remove multiple entries by a single ldap request in unboundid?
- Using PowerShell, set the AD home directory for a user, given the display name
- Powershell script to see currently logged in users (domain and machine) + status (active, idle, away)
- C#: 'A change set cannot include changes to more than '1' source resources' when adding a user To Group using Azure Graph API 2.0
- Working with DirectoryServices in ASP.NET Core
- Get Azure Active Directory password expiry date in PowerShell
- Using powershell, how can I extract the OU path for a computer currently in AD?
- Powershell Expression gives no results
- Get CN value from ADUser DistinguishedName
- .NET: How to look up a user in Active Directory?
- What's the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?