Skip to content

Update overview-assign-app-owners.md #1842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
secherka wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update overview-assign-app-owners.md #1842

secherka wants to merge 1 commit into from

Conversation

@secherka
Copy link
Contributor

@secherka secherka commented Dec 5, 2025

@secherka
Update overview-assign-app-owners.md
1b38a4a 
Updating per internal Epic 1436967
@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Dec 5, 2025

Learn Build status updates of commit 1b38a4a:

✅ Validation status: passed

File Status Preview URL Details
docs/identity/enterprise-apps/overview-assign-app-owners.md ✅Succeeded

For more details, please refer to the build report.

Copilot AI reviewed Dec 5, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new NOTE block to the enterprise application ownership documentation to clarify limitations for application owners added through non-UI methods (Graph API, PowerShell). This addresses internal Epic 1436967 by documenting that such owners have restricted management capabilities compared to those added through the Entra admin center.

Key Changes

  • Added a NOTE block explaining that application owners added via Graph API or PowerShell have limited access to certain enterprise application settings

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

docs/identity/enterprise-apps/overview-assign-app-owners.md
> The application may have more permissions than the owner, and thus would be an elevation of privilege over what the owner has access to as a user. An application owner can create or update users or other objects while impersonating the application. The elevation of privilege to owners can raise a security concern in some cases depending on the application's permissions.
> [!NOTE]
> Currently due to background applications and service principals objects settings dependencies, the application owners added by other than Entra admin center means (Graph API, PowerShell), will not be able to manage some enterprise applications settings like attributes and claims, modify configured SAML certificates properties or token encryption settings, etc.
Copy link

Copilot AI Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sentence is overly long and complex, making it difficult to read. Consider breaking it into two sentences or restructuring for better clarity. For example: "Currently, due to background applications and service principals object settings dependencies, application owners added by means other than the Entra admin center (such as Graph API or PowerShell) have limited management capabilities. They will not be able to manage certain enterprise application settings, such as attributes and claims, SAML certificate properties, or token encryption settings."

Suggested change
> Currently due to background applications and service principals objects settings dependencies, the application owners added by other than Entra admin center means (Graph API, PowerShell), will not be able to manage some enterprise applications settings like attributes and claims, modify configured SAML certificates properties or token encryption settings, etc.
> Currently, due to dependencies related to background applications and service principal object settings, application owners who are added by means other than the Entra admin center (such as Graph API or PowerShell) have limited management capabilities. They will not be able to manage certain enterprise application settings, such as attributes and claims, SAML certificate properties, or token encryption settings.

Copilot uses AI. Check for mistakes.
@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Dec 5, 2025

@secherka : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@ShannonLeavitt
Copy link
Contributor

ShannonLeavitt commented Dec 5, 2025

@secherka - This PR was opened in the public repo. FTEs should work in the private repo if possible. I see that you submitted a PR to the private repo last year. If feasible, add a #please-close comment to this PR and make your commit in the private repo instead.

Otherwise, @omondiatieno - Could you please review and sign off if you approve?

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@ShannonLeavitt ShannonLeavitt mentioned this pull request Dec 5, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@omondiatieno omondiatieno Awaiting requested review from omondiatieno

Assignees

@omondiatieno omondiatieno

Labels

aq-pr-triaged Change sent to author do-not-merge enterprise-apps/subsvc entra-id/svc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@secherka @ShannonLeavitt @omondiatieno