How can I set an AAD group as an owner on an AAD application?

Question

I'm provisioning a bunch of Azure Active Directory (AAD) apps, and would like the same set of users to be owners on all apps. I created an AAD group to put those users in, but when I tried to assign the group as the owner, I get an error:

> Add-AzureADApplicationOwner -ObjectId $app.ObjectId -RefObjectId $ownershipGroup.ObjectId
Add-AzureADApplicationOwner : Error occurred while executing AddApplicationOwner 
Code: Request_BadRequest
Message: The reference target 'Group_<mygroupid>' of type 'Group' is invalid for the 'owners' reference.

Is my scenario not a supported one, or am I simply trying to do it in the wrong way? I'm not sure whether the error message is meant to be read as "reference target - which happens to be a group - is invalid" or "reference target is invalid because it's a group".

Thanks!

Answer 1

Based on the official definition, the owners are a set of non-admin users who are allowed to modify this object.

If a request for a property that is not valid for a specific entity is sent, a 400 Bad Request response is returned.

Therefore, I think the owners currently only support for Users.

More information about properties for application entity, please see the article below.

Entity and complex type reference | Graph API reference

The feature requirement for supporting Azure AD group in application owner, has already been submitted in user voice website below.

https://feedback.azure.com/forums/34192--general-feedback/suggestions/6688284-ad-groups-in-application-owners

Answer 2

As this point in time, only Users can be assigned as application owners.

I'd recommend you add an entry in the Azure AD UserVoice forum to request this feature.