Not able to make an Azure app as member of an Azure Group

Question

I would like to add an Azure app as member of the Azure Group. I am owner of the Group but when I click on Add-->Member , it only lists individual users and there is no option for adding an app:-

I am not trying to provide access to the SG so it can access the app (for that I will have to go to the specific app page) rather I am trying to make the app as the 'member' of an Azure group that I already own. But I just don't see an option for doing that.

Answer 1

If your group is an Office group, it does not support to add the service principal as a member(i.e. the MSI of your datafactory, which is essentially a service principal created by azure automatically in general, see this link).

If you want to add the service principal to the group, you need to use the Security group, see this link.

If your User type is member, but you are not able to create the Security group, the UsersPermissionToCreateGroupsEnabled setting should be set with false in your Azure AD tenant.

See To restrict the default permissions for member users:

For more details, refer to this link.

Answer 2

You need to run this command first from powershell to create the managed identity

Set-AzDataFactoryV2 -ResourceGroupName <resourceGroupName> -Name <dataFactoryName> -Location <region>

https://learn.microsoft.com/en-us/azure/data-factory/data-factory-service-identity